./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec4_product18.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec4_product18.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash bf462270e0c7c70d13b1dd17e19a66c26542ea365ec57459489c94e9a63941a0 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 17:59:06,666 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 17:59:06,669 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 17:59:06,695 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 17:59:06,695 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 17:59:06,698 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 17:59:06,700 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 17:59:06,705 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 17:59:06,706 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 17:59:06,710 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 17:59:06,711 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 17:59:06,712 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 17:59:06,712 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 17:59:06,714 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 17:59:06,715 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 17:59:06,716 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 17:59:06,717 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 17:59:06,718 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 17:59:06,721 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 17:59:06,722 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 17:59:06,725 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 17:59:06,727 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 17:59:06,727 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 17:59:06,728 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 17:59:06,731 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 17:59:06,731 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 17:59:06,732 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 17:59:06,733 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 17:59:06,733 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 17:59:06,734 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 17:59:06,734 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 17:59:06,735 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 17:59:06,736 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 17:59:06,737 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 17:59:06,737 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 17:59:06,738 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 17:59:06,738 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 17:59:06,738 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 17:59:06,738 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 17:59:06,739 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 17:59:06,739 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 17:59:06,740 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 17:59:06,762 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 17:59:06,762 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 17:59:06,762 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 17:59:06,763 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 17:59:06,763 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 17:59:06,763 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 17:59:06,764 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 17:59:06,764 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 17:59:06,764 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 17:59:06,764 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 17:59:06,765 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 17:59:06,765 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 17:59:06,765 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 17:59:06,765 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 17:59:06,765 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 17:59:06,765 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 17:59:06,766 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 17:59:06,766 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 17:59:06,766 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 17:59:06,766 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 17:59:06,766 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 17:59:06,766 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 17:59:06,766 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 17:59:06,767 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 17:59:06,767 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 17:59:06,767 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 17:59:06,767 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 17:59:06,767 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 17:59:06,767 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 17:59:06,768 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 17:59:06,768 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 17:59:06,768 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 17:59:06,768 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 17:59:06,768 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> bf462270e0c7c70d13b1dd17e19a66c26542ea365ec57459489c94e9a63941a0 [2022-02-20 17:59:06,967 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 17:59:07,002 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 17:59:07,004 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 17:59:07,004 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 17:59:07,005 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 17:59:07,006 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec4_product18.cil.c [2022-02-20 17:59:07,071 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/bf5241dfa/72e24db99633401a8f5fc30a1190389c/FLAG7160d2def [2022-02-20 17:59:07,503 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 17:59:07,504 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec4_product18.cil.c [2022-02-20 17:59:07,518 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/bf5241dfa/72e24db99633401a8f5fc30a1190389c/FLAG7160d2def [2022-02-20 17:59:07,527 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/bf5241dfa/72e24db99633401a8f5fc30a1190389c [2022-02-20 17:59:07,529 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 17:59:07,530 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 17:59:07,531 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 17:59:07,531 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 17:59:07,539 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 17:59:07,540 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:59:07" (1/1) ... [2022-02-20 17:59:07,541 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@72fad119 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:07, skipping insertion in model container [2022-02-20 17:59:07,541 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:59:07" (1/1) ... [2022-02-20 17:59:07,545 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 17:59:07,603 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 17:59:08,057 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec4_product18.cil.c[61907,61920] [2022-02-20 17:59:08,067 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 17:59:08,081 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 17:59:08,171 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec4_product18.cil.c[61907,61920] [2022-02-20 17:59:08,173 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 17:59:08,195 INFO L208 MainTranslator]: Completed translation [2022-02-20 17:59:08,196 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:08 WrapperNode [2022-02-20 17:59:08,196 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 17:59:08,197 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 17:59:08,197 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 17:59:08,197 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 17:59:08,202 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:08" (1/1) ... [2022-02-20 17:59:08,254 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:08" (1/1) ... [2022-02-20 17:59:08,306 INFO L137 Inliner]: procedures = 127, calls = 199, calls flagged for inlining = 58, calls inlined = 49, statements flattened = 892 [2022-02-20 17:59:08,307 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 17:59:08,307 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 17:59:08,307 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 17:59:08,308 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 17:59:08,313 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:08" (1/1) ... [2022-02-20 17:59:08,314 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:08" (1/1) ... [2022-02-20 17:59:08,327 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:08" (1/1) ... [2022-02-20 17:59:08,328 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:08" (1/1) ... [2022-02-20 17:59:08,338 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:08" (1/1) ... [2022-02-20 17:59:08,356 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:08" (1/1) ... [2022-02-20 17:59:08,358 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:08" (1/1) ... [2022-02-20 17:59:08,363 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 17:59:08,364 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 17:59:08,364 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 17:59:08,364 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 17:59:08,365 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:08" (1/1) ... [2022-02-20 17:59:08,377 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 17:59:08,386 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:59:08,396 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 17:59:08,398 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 17:59:08,419 INFO L130 BoogieDeclarations]: Found specification of procedure getClientPrivateKey [2022-02-20 17:59:08,419 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientPrivateKey [2022-02-20 17:59:08,419 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2022-02-20 17:59:08,420 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2022-02-20 17:59:08,420 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2022-02-20 17:59:08,420 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2022-02-20 17:59:08,420 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable [2022-02-20 17:59:08,420 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable [2022-02-20 17:59:08,420 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2022-02-20 17:59:08,420 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2022-02-20 17:59:08,420 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailSignKey [2022-02-20 17:59:08,420 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailSignKey [2022-02-20 17:59:08,421 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2022-02-20 17:59:08,421 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2022-02-20 17:59:08,421 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2022-02-20 17:59:08,421 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailFrom [2022-02-20 17:59:08,421 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailFrom [2022-02-20 17:59:08,421 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2022-02-20 17:59:08,421 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2022-02-20 17:59:08,421 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 17:59:08,422 INFO L130 BoogieDeclarations]: Found specification of procedure isSigned [2022-02-20 17:59:08,422 INFO L138 BoogieDeclarations]: Found implementation of procedure isSigned [2022-02-20 17:59:08,422 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2022-02-20 17:59:08,422 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2022-02-20 17:59:08,422 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2022-02-20 17:59:08,422 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2022-02-20 17:59:08,422 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2022-02-20 17:59:08,422 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2022-02-20 17:59:08,422 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2022-02-20 17:59:08,423 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2022-02-20 17:59:08,423 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2022-02-20 17:59:08,423 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2022-02-20 17:59:08,423 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2022-02-20 17:59:08,423 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2022-02-20 17:59:08,423 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 17:59:08,423 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2022-02-20 17:59:08,423 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2022-02-20 17:59:08,424 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 17:59:08,424 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 17:59:08,550 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 17:59:08,551 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 17:59:09,133 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 17:59:09,147 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 17:59:09,147 INFO L299 CfgBuilder]: Removed 1 assume(true) statements. [2022-02-20 17:59:09,148 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:59:09 BoogieIcfgContainer [2022-02-20 17:59:09,148 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 17:59:09,151 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 17:59:09,151 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 17:59:09,153 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 17:59:09,153 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 05:59:07" (1/3) ... [2022-02-20 17:59:09,153 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@23251b2f and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:59:09, skipping insertion in model container [2022-02-20 17:59:09,154 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:08" (2/3) ... [2022-02-20 17:59:09,154 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@23251b2f and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:59:09, skipping insertion in model container [2022-02-20 17:59:09,154 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:59:09" (3/3) ... [2022-02-20 17:59:09,155 INFO L111 eAbstractionObserver]: Analyzing ICFG email_spec4_product18.cil.c [2022-02-20 17:59:09,158 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 17:59:09,159 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 17:59:09,187 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 17:59:09,191 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 17:59:09,191 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 17:59:09,210 INFO L276 IsEmpty]: Start isEmpty. Operand has 291 states, 232 states have (on average 1.543103448275862) internal successors, (358), 234 states have internal predecessors, (358), 40 states have call successors, (40), 17 states have call predecessors, (40), 17 states have return successors, (40), 40 states have call predecessors, (40), 40 states have call successors, (40) [2022-02-20 17:59:09,220 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 93 [2022-02-20 17:59:09,220 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:09,221 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:09,221 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:09,225 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:09,225 INFO L85 PathProgramCache]: Analyzing trace with hash 1024121513, now seen corresponding path program 1 times [2022-02-20 17:59:09,231 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:09,231 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [716853705] [2022-02-20 17:59:09,231 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:09,232 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:09,421 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:09,535 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:59:09,543 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:09,552 INFO L290 TraceCheckUtils]: 0: Hoare triple {345#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {294#true} is VALID [2022-02-20 17:59:09,552 INFO L290 TraceCheckUtils]: 1: Hoare triple {294#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {294#true} is VALID [2022-02-20 17:59:09,553 INFO L290 TraceCheckUtils]: 2: Hoare triple {294#true} assume true; {294#true} is VALID [2022-02-20 17:59:09,553 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {294#true} {294#true} #901#return; {294#true} is VALID [2022-02-20 17:59:09,559 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:59:09,563 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:09,568 INFO L290 TraceCheckUtils]: 0: Hoare triple {346#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {294#true} is VALID [2022-02-20 17:59:09,568 INFO L290 TraceCheckUtils]: 1: Hoare triple {294#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {294#true} is VALID [2022-02-20 17:59:09,568 INFO L290 TraceCheckUtils]: 2: Hoare triple {294#true} assume true; {294#true} is VALID [2022-02-20 17:59:09,568 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {294#true} {294#true} #903#return; {294#true} is VALID [2022-02-20 17:59:09,569 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:09,581 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:09,599 INFO L290 TraceCheckUtils]: 0: Hoare triple {345#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {347#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:09,600 INFO L290 TraceCheckUtils]: 1: Hoare triple {347#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {348#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:09,600 INFO L290 TraceCheckUtils]: 2: Hoare triple {348#(= |setClientId_#in~handle| 1)} assume true; {348#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:09,601 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {348#(= |setClientId_#in~handle| 1)} {304#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #905#return; {295#false} is VALID [2022-02-20 17:59:09,602 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:59:09,604 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:09,608 INFO L290 TraceCheckUtils]: 0: Hoare triple {346#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {294#true} is VALID [2022-02-20 17:59:09,608 INFO L290 TraceCheckUtils]: 1: Hoare triple {294#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {294#true} is VALID [2022-02-20 17:59:09,608 INFO L290 TraceCheckUtils]: 2: Hoare triple {294#true} assume true; {294#true} is VALID [2022-02-20 17:59:09,609 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {294#true} {295#false} #907#return; {295#false} is VALID [2022-02-20 17:59:09,609 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:59:09,614 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:09,616 INFO L290 TraceCheckUtils]: 0: Hoare triple {345#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {294#true} is VALID [2022-02-20 17:59:09,617 INFO L290 TraceCheckUtils]: 1: Hoare triple {294#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {294#true} is VALID [2022-02-20 17:59:09,617 INFO L290 TraceCheckUtils]: 2: Hoare triple {294#true} assume true; {294#true} is VALID [2022-02-20 17:59:09,617 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {294#true} {295#false} #909#return; {295#false} is VALID [2022-02-20 17:59:09,617 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:59:09,620 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:09,626 INFO L290 TraceCheckUtils]: 0: Hoare triple {346#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {294#true} is VALID [2022-02-20 17:59:09,626 INFO L290 TraceCheckUtils]: 1: Hoare triple {294#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {294#true} is VALID [2022-02-20 17:59:09,626 INFO L290 TraceCheckUtils]: 2: Hoare triple {294#true} assume true; {294#true} is VALID [2022-02-20 17:59:09,627 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {294#true} {295#false} #911#return; {295#false} is VALID [2022-02-20 17:59:09,645 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2022-02-20 17:59:09,647 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:09,649 INFO L290 TraceCheckUtils]: 0: Hoare triple {349#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {294#true} is VALID [2022-02-20 17:59:09,649 INFO L290 TraceCheckUtils]: 1: Hoare triple {294#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {294#true} is VALID [2022-02-20 17:59:09,650 INFO L290 TraceCheckUtils]: 2: Hoare triple {294#true} assume true; {294#true} is VALID [2022-02-20 17:59:09,650 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {294#true} {295#false} #895#return; {295#false} is VALID [2022-02-20 17:59:09,657 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 52 [2022-02-20 17:59:09,658 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:09,663 INFO L290 TraceCheckUtils]: 0: Hoare triple {350#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {294#true} is VALID [2022-02-20 17:59:09,663 INFO L290 TraceCheckUtils]: 1: Hoare triple {294#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {294#true} is VALID [2022-02-20 17:59:09,663 INFO L290 TraceCheckUtils]: 2: Hoare triple {294#true} assume true; {294#true} is VALID [2022-02-20 17:59:09,664 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {294#true} {295#false} #897#return; {295#false} is VALID [2022-02-20 17:59:09,664 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 17:59:09,665 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:09,668 INFO L290 TraceCheckUtils]: 0: Hoare triple {294#true} ~handle := #in~handle;havoc ~retValue_acc~9; {294#true} is VALID [2022-02-20 17:59:09,669 INFO L290 TraceCheckUtils]: 1: Hoare triple {294#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {294#true} is VALID [2022-02-20 17:59:09,669 INFO L290 TraceCheckUtils]: 2: Hoare triple {294#true} assume true; {294#true} is VALID [2022-02-20 17:59:09,669 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {294#true} {295#false} #865#return; {295#false} is VALID [2022-02-20 17:59:09,670 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 71 [2022-02-20 17:59:09,671 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:09,673 INFO L290 TraceCheckUtils]: 0: Hoare triple {349#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {294#true} is VALID [2022-02-20 17:59:09,673 INFO L290 TraceCheckUtils]: 1: Hoare triple {294#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {294#true} is VALID [2022-02-20 17:59:09,674 INFO L290 TraceCheckUtils]: 2: Hoare triple {294#true} assume true; {294#true} is VALID [2022-02-20 17:59:09,674 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {294#true} {295#false} #867#return; {295#false} is VALID [2022-02-20 17:59:09,674 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 17:59:09,677 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:09,680 INFO L290 TraceCheckUtils]: 0: Hoare triple {294#true} ~handle := #in~handle;havoc ~retValue_acc~25; {294#true} is VALID [2022-02-20 17:59:09,681 INFO L290 TraceCheckUtils]: 1: Hoare triple {294#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~25; {294#true} is VALID [2022-02-20 17:59:09,681 INFO L290 TraceCheckUtils]: 2: Hoare triple {294#true} assume true; {294#true} is VALID [2022-02-20 17:59:09,681 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {294#true} {295#false} #869#return; {295#false} is VALID [2022-02-20 17:59:09,681 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 17:59:09,682 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:09,684 INFO L290 TraceCheckUtils]: 0: Hoare triple {294#true} ~handle := #in~handle;havoc ~retValue_acc~9; {294#true} is VALID [2022-02-20 17:59:09,684 INFO L290 TraceCheckUtils]: 1: Hoare triple {294#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {294#true} is VALID [2022-02-20 17:59:09,685 INFO L290 TraceCheckUtils]: 2: Hoare triple {294#true} assume true; {294#true} is VALID [2022-02-20 17:59:09,685 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {294#true} {295#false} #871#return; {295#false} is VALID [2022-02-20 17:59:09,691 INFO L290 TraceCheckUtils]: 0: Hoare triple {294#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(13, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(20, 34);call #Ultimate.allocInit(22, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(115, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {294#true} is VALID [2022-02-20 17:59:09,692 INFO L290 TraceCheckUtils]: 1: Hoare triple {294#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret14#1, main_~retValue_acc~28#1, main_~tmp~3#1;havoc main_~retValue_acc~28#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {294#true} is VALID [2022-02-20 17:59:09,692 INFO L290 TraceCheckUtils]: 2: Hoare triple {294#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {294#true} is VALID [2022-02-20 17:59:09,692 INFO L290 TraceCheckUtils]: 3: Hoare triple {294#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~36#1;havoc valid_product_~retValue_acc~36#1;valid_product_~retValue_acc~36#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~36#1; {294#true} is VALID [2022-02-20 17:59:09,692 INFO L290 TraceCheckUtils]: 4: Hoare triple {294#true} main_#t~ret14#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret14#1 && main_#t~ret14#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret14#1;havoc main_#t~ret14#1; {294#true} is VALID [2022-02-20 17:59:09,693 INFO L290 TraceCheckUtils]: 5: Hoare triple {294#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet11#1, setup_#t~nondet12#1, setup_#t~nondet13#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {294#true} is VALID [2022-02-20 17:59:09,694 INFO L272 TraceCheckUtils]: 6: Hoare triple {294#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {345#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:09,695 INFO L290 TraceCheckUtils]: 7: Hoare triple {345#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {294#true} is VALID [2022-02-20 17:59:09,696 INFO L290 TraceCheckUtils]: 8: Hoare triple {294#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {294#true} is VALID [2022-02-20 17:59:09,696 INFO L290 TraceCheckUtils]: 9: Hoare triple {294#true} assume true; {294#true} is VALID [2022-02-20 17:59:09,696 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {294#true} {294#true} #901#return; {294#true} is VALID [2022-02-20 17:59:09,696 INFO L290 TraceCheckUtils]: 11: Hoare triple {294#true} assume { :end_inline_setup_bob__wrappee__Base } true; {294#true} is VALID [2022-02-20 17:59:09,697 INFO L272 TraceCheckUtils]: 12: Hoare triple {294#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {346#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:09,698 INFO L290 TraceCheckUtils]: 13: Hoare triple {346#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {294#true} is VALID [2022-02-20 17:59:09,698 INFO L290 TraceCheckUtils]: 14: Hoare triple {294#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {294#true} is VALID [2022-02-20 17:59:09,698 INFO L290 TraceCheckUtils]: 15: Hoare triple {294#true} assume true; {294#true} is VALID [2022-02-20 17:59:09,698 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {294#true} {294#true} #903#return; {294#true} is VALID [2022-02-20 17:59:09,699 INFO L290 TraceCheckUtils]: 17: Hoare triple {294#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet11#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {304#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:59:09,700 INFO L272 TraceCheckUtils]: 18: Hoare triple {304#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {345#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:09,700 INFO L290 TraceCheckUtils]: 19: Hoare triple {345#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {347#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:09,702 INFO L290 TraceCheckUtils]: 20: Hoare triple {347#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {348#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:09,702 INFO L290 TraceCheckUtils]: 21: Hoare triple {348#(= |setClientId_#in~handle| 1)} assume true; {348#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:09,703 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {348#(= |setClientId_#in~handle| 1)} {304#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #905#return; {295#false} is VALID [2022-02-20 17:59:09,703 INFO L290 TraceCheckUtils]: 23: Hoare triple {295#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {295#false} is VALID [2022-02-20 17:59:09,703 INFO L272 TraceCheckUtils]: 24: Hoare triple {295#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {346#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:09,704 INFO L290 TraceCheckUtils]: 25: Hoare triple {346#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {294#true} is VALID [2022-02-20 17:59:09,704 INFO L290 TraceCheckUtils]: 26: Hoare triple {294#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {294#true} is VALID [2022-02-20 17:59:09,704 INFO L290 TraceCheckUtils]: 27: Hoare triple {294#true} assume true; {294#true} is VALID [2022-02-20 17:59:09,704 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {294#true} {295#false} #907#return; {295#false} is VALID [2022-02-20 17:59:09,705 INFO L290 TraceCheckUtils]: 29: Hoare triple {295#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet12#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {295#false} is VALID [2022-02-20 17:59:09,705 INFO L272 TraceCheckUtils]: 30: Hoare triple {295#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {345#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:09,705 INFO L290 TraceCheckUtils]: 31: Hoare triple {345#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {294#true} is VALID [2022-02-20 17:59:09,705 INFO L290 TraceCheckUtils]: 32: Hoare triple {294#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {294#true} is VALID [2022-02-20 17:59:09,706 INFO L290 TraceCheckUtils]: 33: Hoare triple {294#true} assume true; {294#true} is VALID [2022-02-20 17:59:09,706 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {294#true} {295#false} #909#return; {295#false} is VALID [2022-02-20 17:59:09,706 INFO L290 TraceCheckUtils]: 35: Hoare triple {295#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {295#false} is VALID [2022-02-20 17:59:09,707 INFO L272 TraceCheckUtils]: 36: Hoare triple {295#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {346#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:09,707 INFO L290 TraceCheckUtils]: 37: Hoare triple {346#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {294#true} is VALID [2022-02-20 17:59:09,707 INFO L290 TraceCheckUtils]: 38: Hoare triple {294#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {294#true} is VALID [2022-02-20 17:59:09,707 INFO L290 TraceCheckUtils]: 39: Hoare triple {294#true} assume true; {294#true} is VALID [2022-02-20 17:59:09,707 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {294#true} {295#false} #911#return; {295#false} is VALID [2022-02-20 17:59:09,708 INFO L290 TraceCheckUtils]: 41: Hoare triple {295#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 8, 0;havoc setup_#t~nondet13#1; {295#false} is VALID [2022-02-20 17:59:09,709 INFO L290 TraceCheckUtils]: 42: Hoare triple {295#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {295#false} is VALID [2022-02-20 17:59:09,709 INFO L290 TraceCheckUtils]: 43: Hoare triple {295#false} assume false; {295#false} is VALID [2022-02-20 17:59:09,710 INFO L290 TraceCheckUtils]: 44: Hoare triple {295#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret6#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret6#1 && bobToRjh_#t~ret6#1 <= 2147483647;havoc bobToRjh_#t~ret6#1; {295#false} is VALID [2022-02-20 17:59:09,710 INFO L272 TraceCheckUtils]: 45: Hoare triple {295#false} call sendEmail(~bob~0, ~rjh~0); {295#false} is VALID [2022-02-20 17:59:09,710 INFO L290 TraceCheckUtils]: 46: Hoare triple {295#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~31#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~31#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {295#false} is VALID [2022-02-20 17:59:09,710 INFO L272 TraceCheckUtils]: 47: Hoare triple {295#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {349#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:09,710 INFO L290 TraceCheckUtils]: 48: Hoare triple {349#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {294#true} is VALID [2022-02-20 17:59:09,710 INFO L290 TraceCheckUtils]: 49: Hoare triple {294#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {294#true} is VALID [2022-02-20 17:59:09,711 INFO L290 TraceCheckUtils]: 50: Hoare triple {294#true} assume true; {294#true} is VALID [2022-02-20 17:59:09,711 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {294#true} {295#false} #895#return; {295#false} is VALID [2022-02-20 17:59:09,713 INFO L272 TraceCheckUtils]: 52: Hoare triple {295#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {350#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:09,713 INFO L290 TraceCheckUtils]: 53: Hoare triple {350#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {294#true} is VALID [2022-02-20 17:59:09,714 INFO L290 TraceCheckUtils]: 54: Hoare triple {294#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {294#true} is VALID [2022-02-20 17:59:09,714 INFO L290 TraceCheckUtils]: 55: Hoare triple {294#true} assume true; {294#true} is VALID [2022-02-20 17:59:09,714 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {294#true} {295#false} #897#return; {295#false} is VALID [2022-02-20 17:59:09,714 INFO L290 TraceCheckUtils]: 57: Hoare triple {295#false} createEmail_~retValue_acc~31#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~31#1; {295#false} is VALID [2022-02-20 17:59:09,714 INFO L290 TraceCheckUtils]: 58: Hoare triple {295#false} #t~ret84#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret84#1 && #t~ret84#1 <= 2147483647;~tmp~17#1 := #t~ret84#1;havoc #t~ret84#1;~email~0#1 := ~tmp~17#1; {295#false} is VALID [2022-02-20 17:59:09,714 INFO L272 TraceCheckUtils]: 59: Hoare triple {295#false} call outgoing(~sender#1, ~email~0#1); {295#false} is VALID [2022-02-20 17:59:09,715 INFO L290 TraceCheckUtils]: 60: Hoare triple {295#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret88#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~19#1; {295#false} is VALID [2022-02-20 17:59:09,715 INFO L272 TraceCheckUtils]: 61: Hoare triple {295#false} call sign_#t~ret88#1 := getClientPrivateKey(sign_~client#1); {294#true} is VALID [2022-02-20 17:59:09,715 INFO L290 TraceCheckUtils]: 62: Hoare triple {294#true} ~handle := #in~handle;havoc ~retValue_acc~9; {294#true} is VALID [2022-02-20 17:59:09,715 INFO L290 TraceCheckUtils]: 63: Hoare triple {294#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {294#true} is VALID [2022-02-20 17:59:09,715 INFO L290 TraceCheckUtils]: 64: Hoare triple {294#true} assume true; {294#true} is VALID [2022-02-20 17:59:09,716 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {294#true} {295#false} #865#return; {295#false} is VALID [2022-02-20 17:59:09,717 INFO L290 TraceCheckUtils]: 66: Hoare triple {295#false} assume -2147483648 <= sign_#t~ret88#1 && sign_#t~ret88#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret88#1;havoc sign_#t~ret88#1;sign_~privkey~0#1 := sign_~tmp~19#1; {295#false} is VALID [2022-02-20 17:59:09,717 INFO L290 TraceCheckUtils]: 67: Hoare triple {295#false} assume 0 == sign_~privkey~0#1; {295#false} is VALID [2022-02-20 17:59:09,717 INFO L290 TraceCheckUtils]: 68: Hoare triple {295#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret80#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__AutoResponder_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {295#false} is VALID [2022-02-20 17:59:09,719 INFO L290 TraceCheckUtils]: 69: Hoare triple {295#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {295#false} is VALID [2022-02-20 17:59:09,719 INFO L290 TraceCheckUtils]: 70: Hoare triple {295#false} outgoing__wrappee__AutoResponder_#t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret80#1 && outgoing__wrappee__AutoResponder_#t~ret80#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret80#1;havoc outgoing__wrappee__AutoResponder_#t~ret80#1; {295#false} is VALID [2022-02-20 17:59:09,730 INFO L272 TraceCheckUtils]: 71: Hoare triple {295#false} call setEmailFrom(outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1); {349#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:09,730 INFO L290 TraceCheckUtils]: 72: Hoare triple {349#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {294#true} is VALID [2022-02-20 17:59:09,730 INFO L290 TraceCheckUtils]: 73: Hoare triple {294#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {294#true} is VALID [2022-02-20 17:59:09,730 INFO L290 TraceCheckUtils]: 74: Hoare triple {294#true} assume true; {294#true} is VALID [2022-02-20 17:59:09,731 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {294#true} {295#false} #867#return; {295#false} is VALID [2022-02-20 17:59:09,731 INFO L290 TraceCheckUtils]: 76: Hoare triple {295#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret75#1, __utac_acc__SignForward_spec__1_#t~ret76#1, __utac_acc__SignForward_spec__1_#t~ret77#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~12#1, __utac_acc__SignForward_spec__1_~tmp___0~5#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~12#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~5#1;call __utac_acc__SignForward_spec__1_#t~ret75#1 := puts(31, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret75#1 && __utac_acc__SignForward_spec__1_#t~ret75#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret75#1; {295#false} is VALID [2022-02-20 17:59:09,731 INFO L272 TraceCheckUtils]: 77: Hoare triple {295#false} call __utac_acc__SignForward_spec__1_#t~ret76#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {294#true} is VALID [2022-02-20 17:59:09,731 INFO L290 TraceCheckUtils]: 78: Hoare triple {294#true} ~handle := #in~handle;havoc ~retValue_acc~25; {294#true} is VALID [2022-02-20 17:59:09,731 INFO L290 TraceCheckUtils]: 79: Hoare triple {294#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~25; {294#true} is VALID [2022-02-20 17:59:09,731 INFO L290 TraceCheckUtils]: 80: Hoare triple {294#true} assume true; {294#true} is VALID [2022-02-20 17:59:09,732 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {294#true} {295#false} #869#return; {295#false} is VALID [2022-02-20 17:59:09,732 INFO L290 TraceCheckUtils]: 82: Hoare triple {295#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret76#1 && __utac_acc__SignForward_spec__1_#t~ret76#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~5#1 := __utac_acc__SignForward_spec__1_#t~ret76#1;havoc __utac_acc__SignForward_spec__1_#t~ret76#1; {295#false} is VALID [2022-02-20 17:59:09,732 INFO L290 TraceCheckUtils]: 83: Hoare triple {295#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~5#1; {295#false} is VALID [2022-02-20 17:59:09,732 INFO L272 TraceCheckUtils]: 84: Hoare triple {295#false} call __utac_acc__SignForward_spec__1_#t~ret77#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {294#true} is VALID [2022-02-20 17:59:09,732 INFO L290 TraceCheckUtils]: 85: Hoare triple {294#true} ~handle := #in~handle;havoc ~retValue_acc~9; {294#true} is VALID [2022-02-20 17:59:09,732 INFO L290 TraceCheckUtils]: 86: Hoare triple {294#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {294#true} is VALID [2022-02-20 17:59:09,733 INFO L290 TraceCheckUtils]: 87: Hoare triple {294#true} assume true; {294#true} is VALID [2022-02-20 17:59:09,733 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {294#true} {295#false} #871#return; {295#false} is VALID [2022-02-20 17:59:09,733 INFO L290 TraceCheckUtils]: 89: Hoare triple {295#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret77#1 && __utac_acc__SignForward_spec__1_#t~ret77#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~12#1 := __utac_acc__SignForward_spec__1_#t~ret77#1;havoc __utac_acc__SignForward_spec__1_#t~ret77#1; {295#false} is VALID [2022-02-20 17:59:09,733 INFO L290 TraceCheckUtils]: 90: Hoare triple {295#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~12#1;assume { :begin_inline___automaton_fail } true; {295#false} is VALID [2022-02-20 17:59:09,733 INFO L290 TraceCheckUtils]: 91: Hoare triple {295#false} assume !false; {295#false} is VALID [2022-02-20 17:59:09,734 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 26 trivial. 0 not checked. [2022-02-20 17:59:09,734 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:09,735 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [716853705] [2022-02-20 17:59:09,735 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [716853705] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:59:09,735 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [398696095] [2022-02-20 17:59:09,735 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:09,736 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:09,736 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:59:09,760 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:59:09,763 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 17:59:09,991 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:09,996 INFO L263 TraceCheckSpWp]: Trace formula consists of 963 conjuncts, 1 conjunts are in the unsatisfiable core [2022-02-20 17:59:10,044 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:10,049 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:59:10,228 INFO L290 TraceCheckUtils]: 0: Hoare triple {294#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(13, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(20, 34);call #Ultimate.allocInit(22, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(115, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {294#true} is VALID [2022-02-20 17:59:10,232 INFO L290 TraceCheckUtils]: 1: Hoare triple {294#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret14#1, main_~retValue_acc~28#1, main_~tmp~3#1;havoc main_~retValue_acc~28#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {294#true} is VALID [2022-02-20 17:59:10,232 INFO L290 TraceCheckUtils]: 2: Hoare triple {294#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {294#true} is VALID [2022-02-20 17:59:10,232 INFO L290 TraceCheckUtils]: 3: Hoare triple {294#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~36#1;havoc valid_product_~retValue_acc~36#1;valid_product_~retValue_acc~36#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~36#1; {294#true} is VALID [2022-02-20 17:59:10,232 INFO L290 TraceCheckUtils]: 4: Hoare triple {294#true} main_#t~ret14#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret14#1 && main_#t~ret14#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret14#1;havoc main_#t~ret14#1; {294#true} is VALID [2022-02-20 17:59:10,233 INFO L290 TraceCheckUtils]: 5: Hoare triple {294#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet11#1, setup_#t~nondet12#1, setup_#t~nondet13#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {294#true} is VALID [2022-02-20 17:59:10,233 INFO L272 TraceCheckUtils]: 6: Hoare triple {294#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {294#true} is VALID [2022-02-20 17:59:10,233 INFO L290 TraceCheckUtils]: 7: Hoare triple {294#true} ~handle := #in~handle;~value := #in~value; {294#true} is VALID [2022-02-20 17:59:10,233 INFO L290 TraceCheckUtils]: 8: Hoare triple {294#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {294#true} is VALID [2022-02-20 17:59:10,233 INFO L290 TraceCheckUtils]: 9: Hoare triple {294#true} assume true; {294#true} is VALID [2022-02-20 17:59:10,233 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {294#true} {294#true} #901#return; {294#true} is VALID [2022-02-20 17:59:10,233 INFO L290 TraceCheckUtils]: 11: Hoare triple {294#true} assume { :end_inline_setup_bob__wrappee__Base } true; {294#true} is VALID [2022-02-20 17:59:10,234 INFO L272 TraceCheckUtils]: 12: Hoare triple {294#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {294#true} is VALID [2022-02-20 17:59:10,234 INFO L290 TraceCheckUtils]: 13: Hoare triple {294#true} ~handle := #in~handle;~value := #in~value; {294#true} is VALID [2022-02-20 17:59:10,234 INFO L290 TraceCheckUtils]: 14: Hoare triple {294#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {294#true} is VALID [2022-02-20 17:59:10,234 INFO L290 TraceCheckUtils]: 15: Hoare triple {294#true} assume true; {294#true} is VALID [2022-02-20 17:59:10,234 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {294#true} {294#true} #903#return; {294#true} is VALID [2022-02-20 17:59:10,234 INFO L290 TraceCheckUtils]: 17: Hoare triple {294#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet11#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {294#true} is VALID [2022-02-20 17:59:10,234 INFO L272 TraceCheckUtils]: 18: Hoare triple {294#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {294#true} is VALID [2022-02-20 17:59:10,235 INFO L290 TraceCheckUtils]: 19: Hoare triple {294#true} ~handle := #in~handle;~value := #in~value; {294#true} is VALID [2022-02-20 17:59:10,235 INFO L290 TraceCheckUtils]: 20: Hoare triple {294#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {294#true} is VALID [2022-02-20 17:59:10,235 INFO L290 TraceCheckUtils]: 21: Hoare triple {294#true} assume true; {294#true} is VALID [2022-02-20 17:59:10,235 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {294#true} {294#true} #905#return; {294#true} is VALID [2022-02-20 17:59:10,235 INFO L290 TraceCheckUtils]: 23: Hoare triple {294#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {294#true} is VALID [2022-02-20 17:59:10,235 INFO L272 TraceCheckUtils]: 24: Hoare triple {294#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {294#true} is VALID [2022-02-20 17:59:10,235 INFO L290 TraceCheckUtils]: 25: Hoare triple {294#true} ~handle := #in~handle;~value := #in~value; {294#true} is VALID [2022-02-20 17:59:10,236 INFO L290 TraceCheckUtils]: 26: Hoare triple {294#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {294#true} is VALID [2022-02-20 17:59:10,236 INFO L290 TraceCheckUtils]: 27: Hoare triple {294#true} assume true; {294#true} is VALID [2022-02-20 17:59:10,236 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {294#true} {294#true} #907#return; {294#true} is VALID [2022-02-20 17:59:10,236 INFO L290 TraceCheckUtils]: 29: Hoare triple {294#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet12#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {294#true} is VALID [2022-02-20 17:59:10,236 INFO L272 TraceCheckUtils]: 30: Hoare triple {294#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {294#true} is VALID [2022-02-20 17:59:10,236 INFO L290 TraceCheckUtils]: 31: Hoare triple {294#true} ~handle := #in~handle;~value := #in~value; {294#true} is VALID [2022-02-20 17:59:10,237 INFO L290 TraceCheckUtils]: 32: Hoare triple {294#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {294#true} is VALID [2022-02-20 17:59:10,237 INFO L290 TraceCheckUtils]: 33: Hoare triple {294#true} assume true; {294#true} is VALID [2022-02-20 17:59:10,237 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {294#true} {294#true} #909#return; {294#true} is VALID [2022-02-20 17:59:10,237 INFO L290 TraceCheckUtils]: 35: Hoare triple {294#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {294#true} is VALID [2022-02-20 17:59:10,237 INFO L272 TraceCheckUtils]: 36: Hoare triple {294#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {294#true} is VALID [2022-02-20 17:59:10,237 INFO L290 TraceCheckUtils]: 37: Hoare triple {294#true} ~handle := #in~handle;~value := #in~value; {294#true} is VALID [2022-02-20 17:59:10,237 INFO L290 TraceCheckUtils]: 38: Hoare triple {294#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {294#true} is VALID [2022-02-20 17:59:10,238 INFO L290 TraceCheckUtils]: 39: Hoare triple {294#true} assume true; {294#true} is VALID [2022-02-20 17:59:10,238 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {294#true} {294#true} #911#return; {294#true} is VALID [2022-02-20 17:59:10,255 INFO L290 TraceCheckUtils]: 41: Hoare triple {294#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 8, 0;havoc setup_#t~nondet13#1; {294#true} is VALID [2022-02-20 17:59:10,255 INFO L290 TraceCheckUtils]: 42: Hoare triple {294#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {294#true} is VALID [2022-02-20 17:59:10,256 INFO L290 TraceCheckUtils]: 43: Hoare triple {294#true} assume false; {295#false} is VALID [2022-02-20 17:59:10,256 INFO L290 TraceCheckUtils]: 44: Hoare triple {295#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret6#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret6#1 && bobToRjh_#t~ret6#1 <= 2147483647;havoc bobToRjh_#t~ret6#1; {295#false} is VALID [2022-02-20 17:59:10,256 INFO L272 TraceCheckUtils]: 45: Hoare triple {295#false} call sendEmail(~bob~0, ~rjh~0); {295#false} is VALID [2022-02-20 17:59:10,256 INFO L290 TraceCheckUtils]: 46: Hoare triple {295#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~31#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~31#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {295#false} is VALID [2022-02-20 17:59:10,256 INFO L272 TraceCheckUtils]: 47: Hoare triple {295#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {295#false} is VALID [2022-02-20 17:59:10,256 INFO L290 TraceCheckUtils]: 48: Hoare triple {295#false} ~handle := #in~handle;~value := #in~value; {295#false} is VALID [2022-02-20 17:59:10,256 INFO L290 TraceCheckUtils]: 49: Hoare triple {295#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {295#false} is VALID [2022-02-20 17:59:10,256 INFO L290 TraceCheckUtils]: 50: Hoare triple {295#false} assume true; {295#false} is VALID [2022-02-20 17:59:10,257 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {295#false} {295#false} #895#return; {295#false} is VALID [2022-02-20 17:59:10,257 INFO L272 TraceCheckUtils]: 52: Hoare triple {295#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {295#false} is VALID [2022-02-20 17:59:10,257 INFO L290 TraceCheckUtils]: 53: Hoare triple {295#false} ~handle := #in~handle;~value := #in~value; {295#false} is VALID [2022-02-20 17:59:10,257 INFO L290 TraceCheckUtils]: 54: Hoare triple {295#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {295#false} is VALID [2022-02-20 17:59:10,257 INFO L290 TraceCheckUtils]: 55: Hoare triple {295#false} assume true; {295#false} is VALID [2022-02-20 17:59:10,257 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {295#false} {295#false} #897#return; {295#false} is VALID [2022-02-20 17:59:10,257 INFO L290 TraceCheckUtils]: 57: Hoare triple {295#false} createEmail_~retValue_acc~31#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~31#1; {295#false} is VALID [2022-02-20 17:59:10,257 INFO L290 TraceCheckUtils]: 58: Hoare triple {295#false} #t~ret84#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret84#1 && #t~ret84#1 <= 2147483647;~tmp~17#1 := #t~ret84#1;havoc #t~ret84#1;~email~0#1 := ~tmp~17#1; {295#false} is VALID [2022-02-20 17:59:10,257 INFO L272 TraceCheckUtils]: 59: Hoare triple {295#false} call outgoing(~sender#1, ~email~0#1); {295#false} is VALID [2022-02-20 17:59:10,257 INFO L290 TraceCheckUtils]: 60: Hoare triple {295#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret88#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~19#1; {295#false} is VALID [2022-02-20 17:59:10,257 INFO L272 TraceCheckUtils]: 61: Hoare triple {295#false} call sign_#t~ret88#1 := getClientPrivateKey(sign_~client#1); {295#false} is VALID [2022-02-20 17:59:10,258 INFO L290 TraceCheckUtils]: 62: Hoare triple {295#false} ~handle := #in~handle;havoc ~retValue_acc~9; {295#false} is VALID [2022-02-20 17:59:10,258 INFO L290 TraceCheckUtils]: 63: Hoare triple {295#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {295#false} is VALID [2022-02-20 17:59:10,258 INFO L290 TraceCheckUtils]: 64: Hoare triple {295#false} assume true; {295#false} is VALID [2022-02-20 17:59:10,258 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {295#false} {295#false} #865#return; {295#false} is VALID [2022-02-20 17:59:10,258 INFO L290 TraceCheckUtils]: 66: Hoare triple {295#false} assume -2147483648 <= sign_#t~ret88#1 && sign_#t~ret88#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret88#1;havoc sign_#t~ret88#1;sign_~privkey~0#1 := sign_~tmp~19#1; {295#false} is VALID [2022-02-20 17:59:10,258 INFO L290 TraceCheckUtils]: 67: Hoare triple {295#false} assume 0 == sign_~privkey~0#1; {295#false} is VALID [2022-02-20 17:59:10,258 INFO L290 TraceCheckUtils]: 68: Hoare triple {295#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret80#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__AutoResponder_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {295#false} is VALID [2022-02-20 17:59:10,258 INFO L290 TraceCheckUtils]: 69: Hoare triple {295#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {295#false} is VALID [2022-02-20 17:59:10,258 INFO L290 TraceCheckUtils]: 70: Hoare triple {295#false} outgoing__wrappee__AutoResponder_#t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret80#1 && outgoing__wrappee__AutoResponder_#t~ret80#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret80#1;havoc outgoing__wrappee__AutoResponder_#t~ret80#1; {295#false} is VALID [2022-02-20 17:59:10,259 INFO L272 TraceCheckUtils]: 71: Hoare triple {295#false} call setEmailFrom(outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1); {295#false} is VALID [2022-02-20 17:59:10,259 INFO L290 TraceCheckUtils]: 72: Hoare triple {295#false} ~handle := #in~handle;~value := #in~value; {295#false} is VALID [2022-02-20 17:59:10,259 INFO L290 TraceCheckUtils]: 73: Hoare triple {295#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {295#false} is VALID [2022-02-20 17:59:10,259 INFO L290 TraceCheckUtils]: 74: Hoare triple {295#false} assume true; {295#false} is VALID [2022-02-20 17:59:10,259 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {295#false} {295#false} #867#return; {295#false} is VALID [2022-02-20 17:59:10,259 INFO L290 TraceCheckUtils]: 76: Hoare triple {295#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret75#1, __utac_acc__SignForward_spec__1_#t~ret76#1, __utac_acc__SignForward_spec__1_#t~ret77#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~12#1, __utac_acc__SignForward_spec__1_~tmp___0~5#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~12#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~5#1;call __utac_acc__SignForward_spec__1_#t~ret75#1 := puts(31, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret75#1 && __utac_acc__SignForward_spec__1_#t~ret75#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret75#1; {295#false} is VALID [2022-02-20 17:59:10,259 INFO L272 TraceCheckUtils]: 77: Hoare triple {295#false} call __utac_acc__SignForward_spec__1_#t~ret76#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {295#false} is VALID [2022-02-20 17:59:10,259 INFO L290 TraceCheckUtils]: 78: Hoare triple {295#false} ~handle := #in~handle;havoc ~retValue_acc~25; {295#false} is VALID [2022-02-20 17:59:10,259 INFO L290 TraceCheckUtils]: 79: Hoare triple {295#false} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~25; {295#false} is VALID [2022-02-20 17:59:10,260 INFO L290 TraceCheckUtils]: 80: Hoare triple {295#false} assume true; {295#false} is VALID [2022-02-20 17:59:10,260 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {295#false} {295#false} #869#return; {295#false} is VALID [2022-02-20 17:59:10,260 INFO L290 TraceCheckUtils]: 82: Hoare triple {295#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret76#1 && __utac_acc__SignForward_spec__1_#t~ret76#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~5#1 := __utac_acc__SignForward_spec__1_#t~ret76#1;havoc __utac_acc__SignForward_spec__1_#t~ret76#1; {295#false} is VALID [2022-02-20 17:59:10,260 INFO L290 TraceCheckUtils]: 83: Hoare triple {295#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~5#1; {295#false} is VALID [2022-02-20 17:59:10,260 INFO L272 TraceCheckUtils]: 84: Hoare triple {295#false} call __utac_acc__SignForward_spec__1_#t~ret77#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {295#false} is VALID [2022-02-20 17:59:10,260 INFO L290 TraceCheckUtils]: 85: Hoare triple {295#false} ~handle := #in~handle;havoc ~retValue_acc~9; {295#false} is VALID [2022-02-20 17:59:10,260 INFO L290 TraceCheckUtils]: 86: Hoare triple {295#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {295#false} is VALID [2022-02-20 17:59:10,260 INFO L290 TraceCheckUtils]: 87: Hoare triple {295#false} assume true; {295#false} is VALID [2022-02-20 17:59:10,260 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {295#false} {295#false} #871#return; {295#false} is VALID [2022-02-20 17:59:10,260 INFO L290 TraceCheckUtils]: 89: Hoare triple {295#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret77#1 && __utac_acc__SignForward_spec__1_#t~ret77#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~12#1 := __utac_acc__SignForward_spec__1_#t~ret77#1;havoc __utac_acc__SignForward_spec__1_#t~ret77#1; {295#false} is VALID [2022-02-20 17:59:10,261 INFO L290 TraceCheckUtils]: 90: Hoare triple {295#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~12#1;assume { :begin_inline___automaton_fail } true; {295#false} is VALID [2022-02-20 17:59:10,261 INFO L290 TraceCheckUtils]: 91: Hoare triple {295#false} assume !false; {295#false} is VALID [2022-02-20 17:59:10,261 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 32 trivial. 0 not checked. [2022-02-20 17:59:10,261 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:59:10,261 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [398696095] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:10,261 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:59:10,262 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [9] total 9 [2022-02-20 17:59:10,263 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [9767608] [2022-02-20 17:59:10,263 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:10,267 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 24.0) internal successors, (48), 2 states have internal predecessors, (48), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 92 [2022-02-20 17:59:10,268 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:10,270 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 24.0) internal successors, (48), 2 states have internal predecessors, (48), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:59:10,344 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 74 edges. 74 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:10,345 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 17:59:10,345 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:10,358 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 17:59:10,359 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:59:10,362 INFO L87 Difference]: Start difference. First operand has 291 states, 232 states have (on average 1.543103448275862) internal successors, (358), 234 states have internal predecessors, (358), 40 states have call successors, (40), 17 states have call predecessors, (40), 17 states have return successors, (40), 40 states have call predecessors, (40), 40 states have call successors, (40) Second operand has 2 states, 2 states have (on average 24.0) internal successors, (48), 2 states have internal predecessors, (48), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:59:10,624 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:10,625 INFO L93 Difference]: Finished difference Result 428 states and 630 transitions. [2022-02-20 17:59:10,625 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 17:59:10,625 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 24.0) internal successors, (48), 2 states have internal predecessors, (48), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 92 [2022-02-20 17:59:10,626 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:10,627 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 24.0) internal successors, (48), 2 states have internal predecessors, (48), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:59:10,654 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 630 transitions. [2022-02-20 17:59:10,654 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 24.0) internal successors, (48), 2 states have internal predecessors, (48), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:59:10,665 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 630 transitions. [2022-02-20 17:59:10,666 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 630 transitions. [2022-02-20 17:59:11,052 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 630 edges. 630 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:11,075 INFO L225 Difference]: With dead ends: 428 [2022-02-20 17:59:11,075 INFO L226 Difference]: Without dead ends: 284 [2022-02-20 17:59:11,082 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 119 GetRequests, 112 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:59:11,086 INFO L933 BasicCegarLoop]: 434 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 434 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:11,087 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 434 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:59:11,100 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 284 states. [2022-02-20 17:59:11,138 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 284 to 284. [2022-02-20 17:59:11,138 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:11,142 INFO L82 GeneralOperation]: Start isEquivalent. First operand 284 states. Second operand has 284 states, 226 states have (on average 1.5353982300884956) internal successors, (347), 227 states have internal predecessors, (347), 40 states have call successors, (40), 17 states have call predecessors, (40), 17 states have return successors, (39), 39 states have call predecessors, (39), 39 states have call successors, (39) [2022-02-20 17:59:11,143 INFO L74 IsIncluded]: Start isIncluded. First operand 284 states. Second operand has 284 states, 226 states have (on average 1.5353982300884956) internal successors, (347), 227 states have internal predecessors, (347), 40 states have call successors, (40), 17 states have call predecessors, (40), 17 states have return successors, (39), 39 states have call predecessors, (39), 39 states have call successors, (39) [2022-02-20 17:59:11,146 INFO L87 Difference]: Start difference. First operand 284 states. Second operand has 284 states, 226 states have (on average 1.5353982300884956) internal successors, (347), 227 states have internal predecessors, (347), 40 states have call successors, (40), 17 states have call predecessors, (40), 17 states have return successors, (39), 39 states have call predecessors, (39), 39 states have call successors, (39) [2022-02-20 17:59:11,163 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:11,164 INFO L93 Difference]: Finished difference Result 284 states and 426 transitions. [2022-02-20 17:59:11,168 INFO L276 IsEmpty]: Start isEmpty. Operand 284 states and 426 transitions. [2022-02-20 17:59:11,173 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:11,175 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:11,176 INFO L74 IsIncluded]: Start isIncluded. First operand has 284 states, 226 states have (on average 1.5353982300884956) internal successors, (347), 227 states have internal predecessors, (347), 40 states have call successors, (40), 17 states have call predecessors, (40), 17 states have return successors, (39), 39 states have call predecessors, (39), 39 states have call successors, (39) Second operand 284 states. [2022-02-20 17:59:11,178 INFO L87 Difference]: Start difference. First operand has 284 states, 226 states have (on average 1.5353982300884956) internal successors, (347), 227 states have internal predecessors, (347), 40 states have call successors, (40), 17 states have call predecessors, (40), 17 states have return successors, (39), 39 states have call predecessors, (39), 39 states have call successors, (39) Second operand 284 states. [2022-02-20 17:59:11,187 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:11,188 INFO L93 Difference]: Finished difference Result 284 states and 426 transitions. [2022-02-20 17:59:11,188 INFO L276 IsEmpty]: Start isEmpty. Operand 284 states and 426 transitions. [2022-02-20 17:59:11,189 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:11,189 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:11,189 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:11,190 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:11,192 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 284 states, 226 states have (on average 1.5353982300884956) internal successors, (347), 227 states have internal predecessors, (347), 40 states have call successors, (40), 17 states have call predecessors, (40), 17 states have return successors, (39), 39 states have call predecessors, (39), 39 states have call successors, (39) [2022-02-20 17:59:11,206 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 284 states to 284 states and 426 transitions. [2022-02-20 17:59:11,207 INFO L78 Accepts]: Start accepts. Automaton has 284 states and 426 transitions. Word has length 92 [2022-02-20 17:59:11,208 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:11,208 INFO L470 AbstractCegarLoop]: Abstraction has 284 states and 426 transitions. [2022-02-20 17:59:11,209 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 24.0) internal successors, (48), 2 states have internal predecessors, (48), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:59:11,209 INFO L276 IsEmpty]: Start isEmpty. Operand 284 states and 426 transitions. [2022-02-20 17:59:11,213 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 94 [2022-02-20 17:59:11,213 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:11,214 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:11,232 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Ended with exit code 0 [2022-02-20 17:59:11,432 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable0 [2022-02-20 17:59:11,433 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:11,433 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:11,433 INFO L85 PathProgramCache]: Analyzing trace with hash -2075349837, now seen corresponding path program 1 times [2022-02-20 17:59:11,433 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:11,434 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2059687244] [2022-02-20 17:59:11,434 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:11,434 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:11,463 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:11,505 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:59:11,506 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:11,512 INFO L290 TraceCheckUtils]: 0: Hoare triple {2237#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2186#true} is VALID [2022-02-20 17:59:11,512 INFO L290 TraceCheckUtils]: 1: Hoare triple {2186#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2186#true} is VALID [2022-02-20 17:59:11,512 INFO L290 TraceCheckUtils]: 2: Hoare triple {2186#true} assume true; {2186#true} is VALID [2022-02-20 17:59:11,512 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2186#true} {2186#true} #901#return; {2186#true} is VALID [2022-02-20 17:59:11,518 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:59:11,519 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:11,522 INFO L290 TraceCheckUtils]: 0: Hoare triple {2238#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2186#true} is VALID [2022-02-20 17:59:11,522 INFO L290 TraceCheckUtils]: 1: Hoare triple {2186#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2186#true} is VALID [2022-02-20 17:59:11,522 INFO L290 TraceCheckUtils]: 2: Hoare triple {2186#true} assume true; {2186#true} is VALID [2022-02-20 17:59:11,523 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2186#true} {2186#true} #903#return; {2186#true} is VALID [2022-02-20 17:59:11,523 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:11,525 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:11,538 INFO L290 TraceCheckUtils]: 0: Hoare triple {2237#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2239#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:11,538 INFO L290 TraceCheckUtils]: 1: Hoare triple {2239#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2240#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:11,542 INFO L290 TraceCheckUtils]: 2: Hoare triple {2240#(= |setClientId_#in~handle| 1)} assume true; {2240#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:11,543 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2240#(= |setClientId_#in~handle| 1)} {2196#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #905#return; {2187#false} is VALID [2022-02-20 17:59:11,544 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:59:11,545 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:11,549 INFO L290 TraceCheckUtils]: 0: Hoare triple {2238#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2186#true} is VALID [2022-02-20 17:59:11,549 INFO L290 TraceCheckUtils]: 1: Hoare triple {2186#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2186#true} is VALID [2022-02-20 17:59:11,549 INFO L290 TraceCheckUtils]: 2: Hoare triple {2186#true} assume true; {2186#true} is VALID [2022-02-20 17:59:11,549 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2186#true} {2187#false} #907#return; {2187#false} is VALID [2022-02-20 17:59:11,549 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:59:11,551 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:11,553 INFO L290 TraceCheckUtils]: 0: Hoare triple {2237#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2186#true} is VALID [2022-02-20 17:59:11,554 INFO L290 TraceCheckUtils]: 1: Hoare triple {2186#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2186#true} is VALID [2022-02-20 17:59:11,554 INFO L290 TraceCheckUtils]: 2: Hoare triple {2186#true} assume true; {2186#true} is VALID [2022-02-20 17:59:11,554 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2186#true} {2187#false} #909#return; {2187#false} is VALID [2022-02-20 17:59:11,555 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:59:11,557 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:11,560 INFO L290 TraceCheckUtils]: 0: Hoare triple {2238#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2186#true} is VALID [2022-02-20 17:59:11,560 INFO L290 TraceCheckUtils]: 1: Hoare triple {2186#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2186#true} is VALID [2022-02-20 17:59:11,563 INFO L290 TraceCheckUtils]: 2: Hoare triple {2186#true} assume true; {2186#true} is VALID [2022-02-20 17:59:11,565 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2186#true} {2187#false} #911#return; {2187#false} is VALID [2022-02-20 17:59:11,571 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-02-20 17:59:11,572 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:11,574 INFO L290 TraceCheckUtils]: 0: Hoare triple {2241#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2186#true} is VALID [2022-02-20 17:59:11,574 INFO L290 TraceCheckUtils]: 1: Hoare triple {2186#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2186#true} is VALID [2022-02-20 17:59:11,575 INFO L290 TraceCheckUtils]: 2: Hoare triple {2186#true} assume true; {2186#true} is VALID [2022-02-20 17:59:11,575 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2186#true} {2187#false} #895#return; {2187#false} is VALID [2022-02-20 17:59:11,582 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 53 [2022-02-20 17:59:11,585 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:11,587 INFO L290 TraceCheckUtils]: 0: Hoare triple {2242#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2186#true} is VALID [2022-02-20 17:59:11,588 INFO L290 TraceCheckUtils]: 1: Hoare triple {2186#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2186#true} is VALID [2022-02-20 17:59:11,588 INFO L290 TraceCheckUtils]: 2: Hoare triple {2186#true} assume true; {2186#true} is VALID [2022-02-20 17:59:11,588 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2186#true} {2187#false} #897#return; {2187#false} is VALID [2022-02-20 17:59:11,589 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 17:59:11,590 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:11,594 INFO L290 TraceCheckUtils]: 0: Hoare triple {2186#true} ~handle := #in~handle;havoc ~retValue_acc~9; {2186#true} is VALID [2022-02-20 17:59:11,595 INFO L290 TraceCheckUtils]: 1: Hoare triple {2186#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {2186#true} is VALID [2022-02-20 17:59:11,595 INFO L290 TraceCheckUtils]: 2: Hoare triple {2186#true} assume true; {2186#true} is VALID [2022-02-20 17:59:11,595 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2186#true} {2187#false} #865#return; {2187#false} is VALID [2022-02-20 17:59:11,595 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 17:59:11,597 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:11,600 INFO L290 TraceCheckUtils]: 0: Hoare triple {2241#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2186#true} is VALID [2022-02-20 17:59:11,600 INFO L290 TraceCheckUtils]: 1: Hoare triple {2186#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2186#true} is VALID [2022-02-20 17:59:11,600 INFO L290 TraceCheckUtils]: 2: Hoare triple {2186#true} assume true; {2186#true} is VALID [2022-02-20 17:59:11,600 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2186#true} {2187#false} #867#return; {2187#false} is VALID [2022-02-20 17:59:11,600 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 17:59:11,601 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:11,604 INFO L290 TraceCheckUtils]: 0: Hoare triple {2186#true} ~handle := #in~handle;havoc ~retValue_acc~25; {2186#true} is VALID [2022-02-20 17:59:11,604 INFO L290 TraceCheckUtils]: 1: Hoare triple {2186#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~25; {2186#true} is VALID [2022-02-20 17:59:11,604 INFO L290 TraceCheckUtils]: 2: Hoare triple {2186#true} assume true; {2186#true} is VALID [2022-02-20 17:59:11,604 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2186#true} {2187#false} #869#return; {2187#false} is VALID [2022-02-20 17:59:11,604 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 17:59:11,605 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:11,607 INFO L290 TraceCheckUtils]: 0: Hoare triple {2186#true} ~handle := #in~handle;havoc ~retValue_acc~9; {2186#true} is VALID [2022-02-20 17:59:11,607 INFO L290 TraceCheckUtils]: 1: Hoare triple {2186#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {2186#true} is VALID [2022-02-20 17:59:11,607 INFO L290 TraceCheckUtils]: 2: Hoare triple {2186#true} assume true; {2186#true} is VALID [2022-02-20 17:59:11,607 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2186#true} {2187#false} #871#return; {2187#false} is VALID [2022-02-20 17:59:11,608 INFO L290 TraceCheckUtils]: 0: Hoare triple {2186#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(13, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(20, 34);call #Ultimate.allocInit(22, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(115, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {2186#true} is VALID [2022-02-20 17:59:11,608 INFO L290 TraceCheckUtils]: 1: Hoare triple {2186#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret14#1, main_~retValue_acc~28#1, main_~tmp~3#1;havoc main_~retValue_acc~28#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {2186#true} is VALID [2022-02-20 17:59:11,608 INFO L290 TraceCheckUtils]: 2: Hoare triple {2186#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2186#true} is VALID [2022-02-20 17:59:11,608 INFO L290 TraceCheckUtils]: 3: Hoare triple {2186#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~36#1;havoc valid_product_~retValue_acc~36#1;valid_product_~retValue_acc~36#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~36#1; {2186#true} is VALID [2022-02-20 17:59:11,608 INFO L290 TraceCheckUtils]: 4: Hoare triple {2186#true} main_#t~ret14#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret14#1 && main_#t~ret14#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret14#1;havoc main_#t~ret14#1; {2186#true} is VALID [2022-02-20 17:59:11,608 INFO L290 TraceCheckUtils]: 5: Hoare triple {2186#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet11#1, setup_#t~nondet12#1, setup_#t~nondet13#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2186#true} is VALID [2022-02-20 17:59:11,609 INFO L272 TraceCheckUtils]: 6: Hoare triple {2186#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2237#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:11,609 INFO L290 TraceCheckUtils]: 7: Hoare triple {2237#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2186#true} is VALID [2022-02-20 17:59:11,609 INFO L290 TraceCheckUtils]: 8: Hoare triple {2186#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2186#true} is VALID [2022-02-20 17:59:11,609 INFO L290 TraceCheckUtils]: 9: Hoare triple {2186#true} assume true; {2186#true} is VALID [2022-02-20 17:59:11,609 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2186#true} {2186#true} #901#return; {2186#true} is VALID [2022-02-20 17:59:11,610 INFO L290 TraceCheckUtils]: 11: Hoare triple {2186#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2186#true} is VALID [2022-02-20 17:59:11,610 INFO L272 TraceCheckUtils]: 12: Hoare triple {2186#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2238#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:11,610 INFO L290 TraceCheckUtils]: 13: Hoare triple {2238#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2186#true} is VALID [2022-02-20 17:59:11,612 INFO L290 TraceCheckUtils]: 14: Hoare triple {2186#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2186#true} is VALID [2022-02-20 17:59:11,612 INFO L290 TraceCheckUtils]: 15: Hoare triple {2186#true} assume true; {2186#true} is VALID [2022-02-20 17:59:11,612 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2186#true} {2186#true} #903#return; {2186#true} is VALID [2022-02-20 17:59:11,613 INFO L290 TraceCheckUtils]: 17: Hoare triple {2186#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet11#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2196#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:59:11,613 INFO L272 TraceCheckUtils]: 18: Hoare triple {2196#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2237#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:11,614 INFO L290 TraceCheckUtils]: 19: Hoare triple {2237#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2239#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:11,614 INFO L290 TraceCheckUtils]: 20: Hoare triple {2239#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2240#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:11,614 INFO L290 TraceCheckUtils]: 21: Hoare triple {2240#(= |setClientId_#in~handle| 1)} assume true; {2240#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:11,615 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {2240#(= |setClientId_#in~handle| 1)} {2196#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #905#return; {2187#false} is VALID [2022-02-20 17:59:11,618 INFO L290 TraceCheckUtils]: 23: Hoare triple {2187#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {2187#false} is VALID [2022-02-20 17:59:11,618 INFO L272 TraceCheckUtils]: 24: Hoare triple {2187#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2238#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:11,618 INFO L290 TraceCheckUtils]: 25: Hoare triple {2238#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2186#true} is VALID [2022-02-20 17:59:11,618 INFO L290 TraceCheckUtils]: 26: Hoare triple {2186#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2186#true} is VALID [2022-02-20 17:59:11,618 INFO L290 TraceCheckUtils]: 27: Hoare triple {2186#true} assume true; {2186#true} is VALID [2022-02-20 17:59:11,618 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2186#true} {2187#false} #907#return; {2187#false} is VALID [2022-02-20 17:59:11,618 INFO L290 TraceCheckUtils]: 29: Hoare triple {2187#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet12#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2187#false} is VALID [2022-02-20 17:59:11,618 INFO L272 TraceCheckUtils]: 30: Hoare triple {2187#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2237#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:11,619 INFO L290 TraceCheckUtils]: 31: Hoare triple {2237#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2186#true} is VALID [2022-02-20 17:59:11,619 INFO L290 TraceCheckUtils]: 32: Hoare triple {2186#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2186#true} is VALID [2022-02-20 17:59:11,619 INFO L290 TraceCheckUtils]: 33: Hoare triple {2186#true} assume true; {2186#true} is VALID [2022-02-20 17:59:11,619 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {2186#true} {2187#false} #909#return; {2187#false} is VALID [2022-02-20 17:59:11,619 INFO L290 TraceCheckUtils]: 35: Hoare triple {2187#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {2187#false} is VALID [2022-02-20 17:59:11,619 INFO L272 TraceCheckUtils]: 36: Hoare triple {2187#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2238#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:11,619 INFO L290 TraceCheckUtils]: 37: Hoare triple {2238#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2186#true} is VALID [2022-02-20 17:59:11,619 INFO L290 TraceCheckUtils]: 38: Hoare triple {2186#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2186#true} is VALID [2022-02-20 17:59:11,619 INFO L290 TraceCheckUtils]: 39: Hoare triple {2186#true} assume true; {2186#true} is VALID [2022-02-20 17:59:11,620 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2186#true} {2187#false} #911#return; {2187#false} is VALID [2022-02-20 17:59:11,620 INFO L290 TraceCheckUtils]: 41: Hoare triple {2187#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 8, 0;havoc setup_#t~nondet13#1; {2187#false} is VALID [2022-02-20 17:59:11,620 INFO L290 TraceCheckUtils]: 42: Hoare triple {2187#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {2187#false} is VALID [2022-02-20 17:59:11,620 INFO L290 TraceCheckUtils]: 43: Hoare triple {2187#false} assume !false; {2187#false} is VALID [2022-02-20 17:59:11,620 INFO L290 TraceCheckUtils]: 44: Hoare triple {2187#false} assume !(test_~splverifierCounter~0#1 < 4); {2187#false} is VALID [2022-02-20 17:59:11,620 INFO L290 TraceCheckUtils]: 45: Hoare triple {2187#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret6#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret6#1 && bobToRjh_#t~ret6#1 <= 2147483647;havoc bobToRjh_#t~ret6#1; {2187#false} is VALID [2022-02-20 17:59:11,620 INFO L272 TraceCheckUtils]: 46: Hoare triple {2187#false} call sendEmail(~bob~0, ~rjh~0); {2187#false} is VALID [2022-02-20 17:59:11,621 INFO L290 TraceCheckUtils]: 47: Hoare triple {2187#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~31#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~31#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2187#false} is VALID [2022-02-20 17:59:11,621 INFO L272 TraceCheckUtils]: 48: Hoare triple {2187#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2241#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:11,621 INFO L290 TraceCheckUtils]: 49: Hoare triple {2241#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2186#true} is VALID [2022-02-20 17:59:11,621 INFO L290 TraceCheckUtils]: 50: Hoare triple {2186#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2186#true} is VALID [2022-02-20 17:59:11,621 INFO L290 TraceCheckUtils]: 51: Hoare triple {2186#true} assume true; {2186#true} is VALID [2022-02-20 17:59:11,621 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {2186#true} {2187#false} #895#return; {2187#false} is VALID [2022-02-20 17:59:11,621 INFO L272 TraceCheckUtils]: 53: Hoare triple {2187#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {2242#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:11,621 INFO L290 TraceCheckUtils]: 54: Hoare triple {2242#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2186#true} is VALID [2022-02-20 17:59:11,621 INFO L290 TraceCheckUtils]: 55: Hoare triple {2186#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2186#true} is VALID [2022-02-20 17:59:11,622 INFO L290 TraceCheckUtils]: 56: Hoare triple {2186#true} assume true; {2186#true} is VALID [2022-02-20 17:59:11,622 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {2186#true} {2187#false} #897#return; {2187#false} is VALID [2022-02-20 17:59:11,622 INFO L290 TraceCheckUtils]: 58: Hoare triple {2187#false} createEmail_~retValue_acc~31#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~31#1; {2187#false} is VALID [2022-02-20 17:59:11,622 INFO L290 TraceCheckUtils]: 59: Hoare triple {2187#false} #t~ret84#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret84#1 && #t~ret84#1 <= 2147483647;~tmp~17#1 := #t~ret84#1;havoc #t~ret84#1;~email~0#1 := ~tmp~17#1; {2187#false} is VALID [2022-02-20 17:59:11,622 INFO L272 TraceCheckUtils]: 60: Hoare triple {2187#false} call outgoing(~sender#1, ~email~0#1); {2187#false} is VALID [2022-02-20 17:59:11,622 INFO L290 TraceCheckUtils]: 61: Hoare triple {2187#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret88#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~19#1; {2187#false} is VALID [2022-02-20 17:59:11,622 INFO L272 TraceCheckUtils]: 62: Hoare triple {2187#false} call sign_#t~ret88#1 := getClientPrivateKey(sign_~client#1); {2186#true} is VALID [2022-02-20 17:59:11,622 INFO L290 TraceCheckUtils]: 63: Hoare triple {2186#true} ~handle := #in~handle;havoc ~retValue_acc~9; {2186#true} is VALID [2022-02-20 17:59:11,623 INFO L290 TraceCheckUtils]: 64: Hoare triple {2186#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {2186#true} is VALID [2022-02-20 17:59:11,623 INFO L290 TraceCheckUtils]: 65: Hoare triple {2186#true} assume true; {2186#true} is VALID [2022-02-20 17:59:11,623 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {2186#true} {2187#false} #865#return; {2187#false} is VALID [2022-02-20 17:59:11,623 INFO L290 TraceCheckUtils]: 67: Hoare triple {2187#false} assume -2147483648 <= sign_#t~ret88#1 && sign_#t~ret88#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret88#1;havoc sign_#t~ret88#1;sign_~privkey~0#1 := sign_~tmp~19#1; {2187#false} is VALID [2022-02-20 17:59:11,623 INFO L290 TraceCheckUtils]: 68: Hoare triple {2187#false} assume 0 == sign_~privkey~0#1; {2187#false} is VALID [2022-02-20 17:59:11,623 INFO L290 TraceCheckUtils]: 69: Hoare triple {2187#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret80#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__AutoResponder_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {2187#false} is VALID [2022-02-20 17:59:11,623 INFO L290 TraceCheckUtils]: 70: Hoare triple {2187#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {2187#false} is VALID [2022-02-20 17:59:11,624 INFO L290 TraceCheckUtils]: 71: Hoare triple {2187#false} outgoing__wrappee__AutoResponder_#t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret80#1 && outgoing__wrappee__AutoResponder_#t~ret80#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret80#1;havoc outgoing__wrappee__AutoResponder_#t~ret80#1; {2187#false} is VALID [2022-02-20 17:59:11,624 INFO L272 TraceCheckUtils]: 72: Hoare triple {2187#false} call setEmailFrom(outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1); {2241#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:11,624 INFO L290 TraceCheckUtils]: 73: Hoare triple {2241#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2186#true} is VALID [2022-02-20 17:59:11,624 INFO L290 TraceCheckUtils]: 74: Hoare triple {2186#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2186#true} is VALID [2022-02-20 17:59:11,624 INFO L290 TraceCheckUtils]: 75: Hoare triple {2186#true} assume true; {2186#true} is VALID [2022-02-20 17:59:11,624 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {2186#true} {2187#false} #867#return; {2187#false} is VALID [2022-02-20 17:59:11,624 INFO L290 TraceCheckUtils]: 77: Hoare triple {2187#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret75#1, __utac_acc__SignForward_spec__1_#t~ret76#1, __utac_acc__SignForward_spec__1_#t~ret77#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~12#1, __utac_acc__SignForward_spec__1_~tmp___0~5#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~12#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~5#1;call __utac_acc__SignForward_spec__1_#t~ret75#1 := puts(31, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret75#1 && __utac_acc__SignForward_spec__1_#t~ret75#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret75#1; {2187#false} is VALID [2022-02-20 17:59:11,625 INFO L272 TraceCheckUtils]: 78: Hoare triple {2187#false} call __utac_acc__SignForward_spec__1_#t~ret76#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {2186#true} is VALID [2022-02-20 17:59:11,625 INFO L290 TraceCheckUtils]: 79: Hoare triple {2186#true} ~handle := #in~handle;havoc ~retValue_acc~25; {2186#true} is VALID [2022-02-20 17:59:11,625 INFO L290 TraceCheckUtils]: 80: Hoare triple {2186#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~25; {2186#true} is VALID [2022-02-20 17:59:11,625 INFO L290 TraceCheckUtils]: 81: Hoare triple {2186#true} assume true; {2186#true} is VALID [2022-02-20 17:59:11,625 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {2186#true} {2187#false} #869#return; {2187#false} is VALID [2022-02-20 17:59:11,625 INFO L290 TraceCheckUtils]: 83: Hoare triple {2187#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret76#1 && __utac_acc__SignForward_spec__1_#t~ret76#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~5#1 := __utac_acc__SignForward_spec__1_#t~ret76#1;havoc __utac_acc__SignForward_spec__1_#t~ret76#1; {2187#false} is VALID [2022-02-20 17:59:11,625 INFO L290 TraceCheckUtils]: 84: Hoare triple {2187#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~5#1; {2187#false} is VALID [2022-02-20 17:59:11,625 INFO L272 TraceCheckUtils]: 85: Hoare triple {2187#false} call __utac_acc__SignForward_spec__1_#t~ret77#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {2186#true} is VALID [2022-02-20 17:59:11,625 INFO L290 TraceCheckUtils]: 86: Hoare triple {2186#true} ~handle := #in~handle;havoc ~retValue_acc~9; {2186#true} is VALID [2022-02-20 17:59:11,626 INFO L290 TraceCheckUtils]: 87: Hoare triple {2186#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {2186#true} is VALID [2022-02-20 17:59:11,626 INFO L290 TraceCheckUtils]: 88: Hoare triple {2186#true} assume true; {2186#true} is VALID [2022-02-20 17:59:11,626 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {2186#true} {2187#false} #871#return; {2187#false} is VALID [2022-02-20 17:59:11,627 INFO L290 TraceCheckUtils]: 90: Hoare triple {2187#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret77#1 && __utac_acc__SignForward_spec__1_#t~ret77#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~12#1 := __utac_acc__SignForward_spec__1_#t~ret77#1;havoc __utac_acc__SignForward_spec__1_#t~ret77#1; {2187#false} is VALID [2022-02-20 17:59:11,627 INFO L290 TraceCheckUtils]: 91: Hoare triple {2187#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~12#1;assume { :begin_inline___automaton_fail } true; {2187#false} is VALID [2022-02-20 17:59:11,627 INFO L290 TraceCheckUtils]: 92: Hoare triple {2187#false} assume !false; {2187#false} is VALID [2022-02-20 17:59:11,627 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 26 trivial. 0 not checked. [2022-02-20 17:59:11,628 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:11,628 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2059687244] [2022-02-20 17:59:11,628 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2059687244] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:59:11,628 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [211743306] [2022-02-20 17:59:11,628 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:11,628 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:11,628 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:59:11,629 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:59:11,630 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 17:59:11,814 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:11,818 INFO L263 TraceCheckSpWp]: Trace formula consists of 964 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 17:59:11,874 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:11,876 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:59:12,060 INFO L290 TraceCheckUtils]: 0: Hoare triple {2186#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(13, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(20, 34);call #Ultimate.allocInit(22, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(115, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {2186#true} is VALID [2022-02-20 17:59:12,060 INFO L290 TraceCheckUtils]: 1: Hoare triple {2186#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret14#1, main_~retValue_acc~28#1, main_~tmp~3#1;havoc main_~retValue_acc~28#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {2186#true} is VALID [2022-02-20 17:59:12,060 INFO L290 TraceCheckUtils]: 2: Hoare triple {2186#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2186#true} is VALID [2022-02-20 17:59:12,060 INFO L290 TraceCheckUtils]: 3: Hoare triple {2186#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~36#1;havoc valid_product_~retValue_acc~36#1;valid_product_~retValue_acc~36#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~36#1; {2186#true} is VALID [2022-02-20 17:59:12,061 INFO L290 TraceCheckUtils]: 4: Hoare triple {2186#true} main_#t~ret14#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret14#1 && main_#t~ret14#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret14#1;havoc main_#t~ret14#1; {2186#true} is VALID [2022-02-20 17:59:12,061 INFO L290 TraceCheckUtils]: 5: Hoare triple {2186#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet11#1, setup_#t~nondet12#1, setup_#t~nondet13#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2186#true} is VALID [2022-02-20 17:59:12,061 INFO L272 TraceCheckUtils]: 6: Hoare triple {2186#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2186#true} is VALID [2022-02-20 17:59:12,061 INFO L290 TraceCheckUtils]: 7: Hoare triple {2186#true} ~handle := #in~handle;~value := #in~value; {2186#true} is VALID [2022-02-20 17:59:12,061 INFO L290 TraceCheckUtils]: 8: Hoare triple {2186#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2186#true} is VALID [2022-02-20 17:59:12,061 INFO L290 TraceCheckUtils]: 9: Hoare triple {2186#true} assume true; {2186#true} is VALID [2022-02-20 17:59:12,061 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2186#true} {2186#true} #901#return; {2186#true} is VALID [2022-02-20 17:59:12,062 INFO L290 TraceCheckUtils]: 11: Hoare triple {2186#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2186#true} is VALID [2022-02-20 17:59:12,062 INFO L272 TraceCheckUtils]: 12: Hoare triple {2186#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2186#true} is VALID [2022-02-20 17:59:12,062 INFO L290 TraceCheckUtils]: 13: Hoare triple {2186#true} ~handle := #in~handle;~value := #in~value; {2186#true} is VALID [2022-02-20 17:59:12,062 INFO L290 TraceCheckUtils]: 14: Hoare triple {2186#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2186#true} is VALID [2022-02-20 17:59:12,062 INFO L290 TraceCheckUtils]: 15: Hoare triple {2186#true} assume true; {2186#true} is VALID [2022-02-20 17:59:12,062 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2186#true} {2186#true} #903#return; {2186#true} is VALID [2022-02-20 17:59:12,062 INFO L290 TraceCheckUtils]: 17: Hoare triple {2186#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet11#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2186#true} is VALID [2022-02-20 17:59:12,062 INFO L272 TraceCheckUtils]: 18: Hoare triple {2186#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2186#true} is VALID [2022-02-20 17:59:12,063 INFO L290 TraceCheckUtils]: 19: Hoare triple {2186#true} ~handle := #in~handle;~value := #in~value; {2186#true} is VALID [2022-02-20 17:59:12,063 INFO L290 TraceCheckUtils]: 20: Hoare triple {2186#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2186#true} is VALID [2022-02-20 17:59:12,063 INFO L290 TraceCheckUtils]: 21: Hoare triple {2186#true} assume true; {2186#true} is VALID [2022-02-20 17:59:12,063 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {2186#true} {2186#true} #905#return; {2186#true} is VALID [2022-02-20 17:59:12,063 INFO L290 TraceCheckUtils]: 23: Hoare triple {2186#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {2186#true} is VALID [2022-02-20 17:59:12,063 INFO L272 TraceCheckUtils]: 24: Hoare triple {2186#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2186#true} is VALID [2022-02-20 17:59:12,063 INFO L290 TraceCheckUtils]: 25: Hoare triple {2186#true} ~handle := #in~handle;~value := #in~value; {2186#true} is VALID [2022-02-20 17:59:12,064 INFO L290 TraceCheckUtils]: 26: Hoare triple {2186#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2186#true} is VALID [2022-02-20 17:59:12,064 INFO L290 TraceCheckUtils]: 27: Hoare triple {2186#true} assume true; {2186#true} is VALID [2022-02-20 17:59:12,064 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2186#true} {2186#true} #907#return; {2186#true} is VALID [2022-02-20 17:59:12,064 INFO L290 TraceCheckUtils]: 29: Hoare triple {2186#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet12#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2186#true} is VALID [2022-02-20 17:59:12,064 INFO L272 TraceCheckUtils]: 30: Hoare triple {2186#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2186#true} is VALID [2022-02-20 17:59:12,064 INFO L290 TraceCheckUtils]: 31: Hoare triple {2186#true} ~handle := #in~handle;~value := #in~value; {2186#true} is VALID [2022-02-20 17:59:12,064 INFO L290 TraceCheckUtils]: 32: Hoare triple {2186#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2186#true} is VALID [2022-02-20 17:59:12,065 INFO L290 TraceCheckUtils]: 33: Hoare triple {2186#true} assume true; {2186#true} is VALID [2022-02-20 17:59:12,065 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {2186#true} {2186#true} #909#return; {2186#true} is VALID [2022-02-20 17:59:12,065 INFO L290 TraceCheckUtils]: 35: Hoare triple {2186#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {2186#true} is VALID [2022-02-20 17:59:12,065 INFO L272 TraceCheckUtils]: 36: Hoare triple {2186#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2186#true} is VALID [2022-02-20 17:59:12,065 INFO L290 TraceCheckUtils]: 37: Hoare triple {2186#true} ~handle := #in~handle;~value := #in~value; {2186#true} is VALID [2022-02-20 17:59:12,065 INFO L290 TraceCheckUtils]: 38: Hoare triple {2186#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2186#true} is VALID [2022-02-20 17:59:12,065 INFO L290 TraceCheckUtils]: 39: Hoare triple {2186#true} assume true; {2186#true} is VALID [2022-02-20 17:59:12,065 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2186#true} {2186#true} #911#return; {2186#true} is VALID [2022-02-20 17:59:12,066 INFO L290 TraceCheckUtils]: 41: Hoare triple {2186#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 8, 0;havoc setup_#t~nondet13#1; {2186#true} is VALID [2022-02-20 17:59:12,066 INFO L290 TraceCheckUtils]: 42: Hoare triple {2186#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {2372#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:59:12,067 INFO L290 TraceCheckUtils]: 43: Hoare triple {2372#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {2372#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:59:12,067 INFO L290 TraceCheckUtils]: 44: Hoare triple {2372#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {2187#false} is VALID [2022-02-20 17:59:12,067 INFO L290 TraceCheckUtils]: 45: Hoare triple {2187#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret6#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret6#1 && bobToRjh_#t~ret6#1 <= 2147483647;havoc bobToRjh_#t~ret6#1; {2187#false} is VALID [2022-02-20 17:59:12,067 INFO L272 TraceCheckUtils]: 46: Hoare triple {2187#false} call sendEmail(~bob~0, ~rjh~0); {2187#false} is VALID [2022-02-20 17:59:12,067 INFO L290 TraceCheckUtils]: 47: Hoare triple {2187#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~31#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~31#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2187#false} is VALID [2022-02-20 17:59:12,067 INFO L272 TraceCheckUtils]: 48: Hoare triple {2187#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2187#false} is VALID [2022-02-20 17:59:12,068 INFO L290 TraceCheckUtils]: 49: Hoare triple {2187#false} ~handle := #in~handle;~value := #in~value; {2187#false} is VALID [2022-02-20 17:59:12,068 INFO L290 TraceCheckUtils]: 50: Hoare triple {2187#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2187#false} is VALID [2022-02-20 17:59:12,068 INFO L290 TraceCheckUtils]: 51: Hoare triple {2187#false} assume true; {2187#false} is VALID [2022-02-20 17:59:12,068 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {2187#false} {2187#false} #895#return; {2187#false} is VALID [2022-02-20 17:59:12,068 INFO L272 TraceCheckUtils]: 53: Hoare triple {2187#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {2187#false} is VALID [2022-02-20 17:59:12,068 INFO L290 TraceCheckUtils]: 54: Hoare triple {2187#false} ~handle := #in~handle;~value := #in~value; {2187#false} is VALID [2022-02-20 17:59:12,068 INFO L290 TraceCheckUtils]: 55: Hoare triple {2187#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2187#false} is VALID [2022-02-20 17:59:12,069 INFO L290 TraceCheckUtils]: 56: Hoare triple {2187#false} assume true; {2187#false} is VALID [2022-02-20 17:59:12,069 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {2187#false} {2187#false} #897#return; {2187#false} is VALID [2022-02-20 17:59:12,069 INFO L290 TraceCheckUtils]: 58: Hoare triple {2187#false} createEmail_~retValue_acc~31#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~31#1; {2187#false} is VALID [2022-02-20 17:59:12,069 INFO L290 TraceCheckUtils]: 59: Hoare triple {2187#false} #t~ret84#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret84#1 && #t~ret84#1 <= 2147483647;~tmp~17#1 := #t~ret84#1;havoc #t~ret84#1;~email~0#1 := ~tmp~17#1; {2187#false} is VALID [2022-02-20 17:59:12,069 INFO L272 TraceCheckUtils]: 60: Hoare triple {2187#false} call outgoing(~sender#1, ~email~0#1); {2187#false} is VALID [2022-02-20 17:59:12,069 INFO L290 TraceCheckUtils]: 61: Hoare triple {2187#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret88#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~19#1; {2187#false} is VALID [2022-02-20 17:59:12,069 INFO L272 TraceCheckUtils]: 62: Hoare triple {2187#false} call sign_#t~ret88#1 := getClientPrivateKey(sign_~client#1); {2187#false} is VALID [2022-02-20 17:59:12,069 INFO L290 TraceCheckUtils]: 63: Hoare triple {2187#false} ~handle := #in~handle;havoc ~retValue_acc~9; {2187#false} is VALID [2022-02-20 17:59:12,070 INFO L290 TraceCheckUtils]: 64: Hoare triple {2187#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {2187#false} is VALID [2022-02-20 17:59:12,070 INFO L290 TraceCheckUtils]: 65: Hoare triple {2187#false} assume true; {2187#false} is VALID [2022-02-20 17:59:12,070 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {2187#false} {2187#false} #865#return; {2187#false} is VALID [2022-02-20 17:59:12,070 INFO L290 TraceCheckUtils]: 67: Hoare triple {2187#false} assume -2147483648 <= sign_#t~ret88#1 && sign_#t~ret88#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret88#1;havoc sign_#t~ret88#1;sign_~privkey~0#1 := sign_~tmp~19#1; {2187#false} is VALID [2022-02-20 17:59:12,070 INFO L290 TraceCheckUtils]: 68: Hoare triple {2187#false} assume 0 == sign_~privkey~0#1; {2187#false} is VALID [2022-02-20 17:59:12,070 INFO L290 TraceCheckUtils]: 69: Hoare triple {2187#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret80#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__AutoResponder_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {2187#false} is VALID [2022-02-20 17:59:12,070 INFO L290 TraceCheckUtils]: 70: Hoare triple {2187#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {2187#false} is VALID [2022-02-20 17:59:12,070 INFO L290 TraceCheckUtils]: 71: Hoare triple {2187#false} outgoing__wrappee__AutoResponder_#t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret80#1 && outgoing__wrappee__AutoResponder_#t~ret80#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret80#1;havoc outgoing__wrappee__AutoResponder_#t~ret80#1; {2187#false} is VALID [2022-02-20 17:59:12,071 INFO L272 TraceCheckUtils]: 72: Hoare triple {2187#false} call setEmailFrom(outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1); {2187#false} is VALID [2022-02-20 17:59:12,071 INFO L290 TraceCheckUtils]: 73: Hoare triple {2187#false} ~handle := #in~handle;~value := #in~value; {2187#false} is VALID [2022-02-20 17:59:12,071 INFO L290 TraceCheckUtils]: 74: Hoare triple {2187#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2187#false} is VALID [2022-02-20 17:59:12,071 INFO L290 TraceCheckUtils]: 75: Hoare triple {2187#false} assume true; {2187#false} is VALID [2022-02-20 17:59:12,071 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {2187#false} {2187#false} #867#return; {2187#false} is VALID [2022-02-20 17:59:12,071 INFO L290 TraceCheckUtils]: 77: Hoare triple {2187#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret75#1, __utac_acc__SignForward_spec__1_#t~ret76#1, __utac_acc__SignForward_spec__1_#t~ret77#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~12#1, __utac_acc__SignForward_spec__1_~tmp___0~5#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~12#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~5#1;call __utac_acc__SignForward_spec__1_#t~ret75#1 := puts(31, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret75#1 && __utac_acc__SignForward_spec__1_#t~ret75#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret75#1; {2187#false} is VALID [2022-02-20 17:59:12,071 INFO L272 TraceCheckUtils]: 78: Hoare triple {2187#false} call __utac_acc__SignForward_spec__1_#t~ret76#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {2187#false} is VALID [2022-02-20 17:59:12,072 INFO L290 TraceCheckUtils]: 79: Hoare triple {2187#false} ~handle := #in~handle;havoc ~retValue_acc~25; {2187#false} is VALID [2022-02-20 17:59:12,072 INFO L290 TraceCheckUtils]: 80: Hoare triple {2187#false} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~25; {2187#false} is VALID [2022-02-20 17:59:12,072 INFO L290 TraceCheckUtils]: 81: Hoare triple {2187#false} assume true; {2187#false} is VALID [2022-02-20 17:59:12,072 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {2187#false} {2187#false} #869#return; {2187#false} is VALID [2022-02-20 17:59:12,072 INFO L290 TraceCheckUtils]: 83: Hoare triple {2187#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret76#1 && __utac_acc__SignForward_spec__1_#t~ret76#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~5#1 := __utac_acc__SignForward_spec__1_#t~ret76#1;havoc __utac_acc__SignForward_spec__1_#t~ret76#1; {2187#false} is VALID [2022-02-20 17:59:12,072 INFO L290 TraceCheckUtils]: 84: Hoare triple {2187#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~5#1; {2187#false} is VALID [2022-02-20 17:59:12,072 INFO L272 TraceCheckUtils]: 85: Hoare triple {2187#false} call __utac_acc__SignForward_spec__1_#t~ret77#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {2187#false} is VALID [2022-02-20 17:59:12,072 INFO L290 TraceCheckUtils]: 86: Hoare triple {2187#false} ~handle := #in~handle;havoc ~retValue_acc~9; {2187#false} is VALID [2022-02-20 17:59:12,073 INFO L290 TraceCheckUtils]: 87: Hoare triple {2187#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {2187#false} is VALID [2022-02-20 17:59:12,073 INFO L290 TraceCheckUtils]: 88: Hoare triple {2187#false} assume true; {2187#false} is VALID [2022-02-20 17:59:12,073 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {2187#false} {2187#false} #871#return; {2187#false} is VALID [2022-02-20 17:59:12,073 INFO L290 TraceCheckUtils]: 90: Hoare triple {2187#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret77#1 && __utac_acc__SignForward_spec__1_#t~ret77#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~12#1 := __utac_acc__SignForward_spec__1_#t~ret77#1;havoc __utac_acc__SignForward_spec__1_#t~ret77#1; {2187#false} is VALID [2022-02-20 17:59:12,073 INFO L290 TraceCheckUtils]: 91: Hoare triple {2187#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~12#1;assume { :begin_inline___automaton_fail } true; {2187#false} is VALID [2022-02-20 17:59:12,073 INFO L290 TraceCheckUtils]: 92: Hoare triple {2187#false} assume !false; {2187#false} is VALID [2022-02-20 17:59:12,074 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 32 trivial. 0 not checked. [2022-02-20 17:59:12,074 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:59:12,074 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [211743306] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:12,074 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:59:12,074 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 17:59:12,074 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1783458559] [2022-02-20 17:59:12,075 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:12,076 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 16.333333333333332) internal successors, (49), 3 states have internal predecessors, (49), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 93 [2022-02-20 17:59:12,076 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:12,076 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 16.333333333333332) internal successors, (49), 3 states have internal predecessors, (49), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:59:12,131 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 75 edges. 75 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:12,132 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 17:59:12,132 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:12,132 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 17:59:12,133 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:59:12,133 INFO L87 Difference]: Start difference. First operand 284 states and 426 transitions. Second operand has 3 states, 3 states have (on average 16.333333333333332) internal successors, (49), 3 states have internal predecessors, (49), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:59:12,460 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:12,461 INFO L93 Difference]: Finished difference Result 418 states and 611 transitions. [2022-02-20 17:59:12,461 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 17:59:12,461 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 16.333333333333332) internal successors, (49), 3 states have internal predecessors, (49), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 93 [2022-02-20 17:59:12,461 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:12,462 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 16.333333333333332) internal successors, (49), 3 states have internal predecessors, (49), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:59:12,467 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 611 transitions. [2022-02-20 17:59:12,467 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 16.333333333333332) internal successors, (49), 3 states have internal predecessors, (49), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:59:12,472 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 611 transitions. [2022-02-20 17:59:12,473 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 611 transitions. [2022-02-20 17:59:12,825 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 611 edges. 611 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:12,831 INFO L225 Difference]: With dead ends: 418 [2022-02-20 17:59:12,831 INFO L226 Difference]: Without dead ends: 287 [2022-02-20 17:59:12,832 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 120 GetRequests, 112 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:59:12,833 INFO L933 BasicCegarLoop]: 424 mSDtfsCounter, 1 mSDsluCounter, 422 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 846 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:12,833 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 846 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:59:12,834 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 287 states. [2022-02-20 17:59:12,840 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 287 to 286. [2022-02-20 17:59:12,840 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:12,841 INFO L82 GeneralOperation]: Start isEquivalent. First operand 287 states. Second operand has 286 states, 228 states have (on average 1.530701754385965) internal successors, (349), 229 states have internal predecessors, (349), 40 states have call successors, (40), 17 states have call predecessors, (40), 17 states have return successors, (39), 39 states have call predecessors, (39), 39 states have call successors, (39) [2022-02-20 17:59:12,841 INFO L74 IsIncluded]: Start isIncluded. First operand 287 states. Second operand has 286 states, 228 states have (on average 1.530701754385965) internal successors, (349), 229 states have internal predecessors, (349), 40 states have call successors, (40), 17 states have call predecessors, (40), 17 states have return successors, (39), 39 states have call predecessors, (39), 39 states have call successors, (39) [2022-02-20 17:59:12,842 INFO L87 Difference]: Start difference. First operand 287 states. Second operand has 286 states, 228 states have (on average 1.530701754385965) internal successors, (349), 229 states have internal predecessors, (349), 40 states have call successors, (40), 17 states have call predecessors, (40), 17 states have return successors, (39), 39 states have call predecessors, (39), 39 states have call successors, (39) [2022-02-20 17:59:12,849 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:12,849 INFO L93 Difference]: Finished difference Result 287 states and 429 transitions. [2022-02-20 17:59:12,849 INFO L276 IsEmpty]: Start isEmpty. Operand 287 states and 429 transitions. [2022-02-20 17:59:12,850 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:12,850 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:12,851 INFO L74 IsIncluded]: Start isIncluded. First operand has 286 states, 228 states have (on average 1.530701754385965) internal successors, (349), 229 states have internal predecessors, (349), 40 states have call successors, (40), 17 states have call predecessors, (40), 17 states have return successors, (39), 39 states have call predecessors, (39), 39 states have call successors, (39) Second operand 287 states. [2022-02-20 17:59:12,851 INFO L87 Difference]: Start difference. First operand has 286 states, 228 states have (on average 1.530701754385965) internal successors, (349), 229 states have internal predecessors, (349), 40 states have call successors, (40), 17 states have call predecessors, (40), 17 states have return successors, (39), 39 states have call predecessors, (39), 39 states have call successors, (39) Second operand 287 states. [2022-02-20 17:59:12,858 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:12,859 INFO L93 Difference]: Finished difference Result 287 states and 429 transitions. [2022-02-20 17:59:12,859 INFO L276 IsEmpty]: Start isEmpty. Operand 287 states and 429 transitions. [2022-02-20 17:59:12,859 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:12,860 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:12,860 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:12,860 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:12,860 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 286 states, 228 states have (on average 1.530701754385965) internal successors, (349), 229 states have internal predecessors, (349), 40 states have call successors, (40), 17 states have call predecessors, (40), 17 states have return successors, (39), 39 states have call predecessors, (39), 39 states have call successors, (39) [2022-02-20 17:59:12,868 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 286 states to 286 states and 428 transitions. [2022-02-20 17:59:12,868 INFO L78 Accepts]: Start accepts. Automaton has 286 states and 428 transitions. Word has length 93 [2022-02-20 17:59:12,868 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:12,868 INFO L470 AbstractCegarLoop]: Abstraction has 286 states and 428 transitions. [2022-02-20 17:59:12,869 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 16.333333333333332) internal successors, (49), 3 states have internal predecessors, (49), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:59:12,869 INFO L276 IsEmpty]: Start isEmpty. Operand 286 states and 428 transitions. [2022-02-20 17:59:12,870 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 103 [2022-02-20 17:59:12,870 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:12,870 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:12,889 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-02-20 17:59:13,086 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable1 [2022-02-20 17:59:13,086 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:13,087 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:13,087 INFO L85 PathProgramCache]: Analyzing trace with hash 1689423486, now seen corresponding path program 1 times [2022-02-20 17:59:13,087 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:13,087 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [868592006] [2022-02-20 17:59:13,087 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:13,087 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:13,109 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:13,134 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:59:13,136 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:13,138 INFO L290 TraceCheckUtils]: 0: Hoare triple {4126#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4075#true} is VALID [2022-02-20 17:59:13,138 INFO L290 TraceCheckUtils]: 1: Hoare triple {4075#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4075#true} is VALID [2022-02-20 17:59:13,138 INFO L290 TraceCheckUtils]: 2: Hoare triple {4075#true} assume true; {4075#true} is VALID [2022-02-20 17:59:13,138 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4075#true} {4075#true} #901#return; {4075#true} is VALID [2022-02-20 17:59:13,143 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:59:13,144 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:13,146 INFO L290 TraceCheckUtils]: 0: Hoare triple {4127#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4075#true} is VALID [2022-02-20 17:59:13,147 INFO L290 TraceCheckUtils]: 1: Hoare triple {4075#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4075#true} is VALID [2022-02-20 17:59:13,147 INFO L290 TraceCheckUtils]: 2: Hoare triple {4075#true} assume true; {4075#true} is VALID [2022-02-20 17:59:13,147 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4075#true} {4075#true} #903#return; {4075#true} is VALID [2022-02-20 17:59:13,147 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:13,149 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:13,159 INFO L290 TraceCheckUtils]: 0: Hoare triple {4126#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4128#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:13,160 INFO L290 TraceCheckUtils]: 1: Hoare triple {4128#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4129#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:13,160 INFO L290 TraceCheckUtils]: 2: Hoare triple {4129#(= |setClientId_#in~handle| 1)} assume true; {4129#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:13,161 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4129#(= |setClientId_#in~handle| 1)} {4085#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #905#return; {4076#false} is VALID [2022-02-20 17:59:13,161 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:59:13,162 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:13,168 INFO L290 TraceCheckUtils]: 0: Hoare triple {4127#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4075#true} is VALID [2022-02-20 17:59:13,168 INFO L290 TraceCheckUtils]: 1: Hoare triple {4075#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4075#true} is VALID [2022-02-20 17:59:13,168 INFO L290 TraceCheckUtils]: 2: Hoare triple {4075#true} assume true; {4075#true} is VALID [2022-02-20 17:59:13,168 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4075#true} {4076#false} #907#return; {4076#false} is VALID [2022-02-20 17:59:13,168 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:59:13,170 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:13,172 INFO L290 TraceCheckUtils]: 0: Hoare triple {4126#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4075#true} is VALID [2022-02-20 17:59:13,172 INFO L290 TraceCheckUtils]: 1: Hoare triple {4075#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4075#true} is VALID [2022-02-20 17:59:13,172 INFO L290 TraceCheckUtils]: 2: Hoare triple {4075#true} assume true; {4075#true} is VALID [2022-02-20 17:59:13,172 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4075#true} {4076#false} #909#return; {4076#false} is VALID [2022-02-20 17:59:13,172 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:59:13,174 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:13,176 INFO L290 TraceCheckUtils]: 0: Hoare triple {4127#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4075#true} is VALID [2022-02-20 17:59:13,176 INFO L290 TraceCheckUtils]: 1: Hoare triple {4075#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4075#true} is VALID [2022-02-20 17:59:13,176 INFO L290 TraceCheckUtils]: 2: Hoare triple {4075#true} assume true; {4075#true} is VALID [2022-02-20 17:59:13,176 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4075#true} {4076#false} #911#return; {4076#false} is VALID [2022-02-20 17:59:13,185 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 17:59:13,186 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:13,188 INFO L290 TraceCheckUtils]: 0: Hoare triple {4130#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4075#true} is VALID [2022-02-20 17:59:13,188 INFO L290 TraceCheckUtils]: 1: Hoare triple {4075#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4075#true} is VALID [2022-02-20 17:59:13,188 INFO L290 TraceCheckUtils]: 2: Hoare triple {4075#true} assume true; {4075#true} is VALID [2022-02-20 17:59:13,189 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4075#true} {4076#false} #895#return; {4076#false} is VALID [2022-02-20 17:59:13,195 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 17:59:13,196 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:13,199 INFO L290 TraceCheckUtils]: 0: Hoare triple {4131#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4075#true} is VALID [2022-02-20 17:59:13,199 INFO L290 TraceCheckUtils]: 1: Hoare triple {4075#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4075#true} is VALID [2022-02-20 17:59:13,200 INFO L290 TraceCheckUtils]: 2: Hoare triple {4075#true} assume true; {4075#true} is VALID [2022-02-20 17:59:13,200 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4075#true} {4076#false} #897#return; {4076#false} is VALID [2022-02-20 17:59:13,200 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 71 [2022-02-20 17:59:13,201 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:13,202 INFO L290 TraceCheckUtils]: 0: Hoare triple {4075#true} ~handle := #in~handle;havoc ~retValue_acc~9; {4075#true} is VALID [2022-02-20 17:59:13,203 INFO L290 TraceCheckUtils]: 1: Hoare triple {4075#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {4075#true} is VALID [2022-02-20 17:59:13,203 INFO L290 TraceCheckUtils]: 2: Hoare triple {4075#true} assume true; {4075#true} is VALID [2022-02-20 17:59:13,203 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4075#true} {4076#false} #865#return; {4076#false} is VALID [2022-02-20 17:59:13,203 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81 [2022-02-20 17:59:13,204 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:13,206 INFO L290 TraceCheckUtils]: 0: Hoare triple {4130#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4075#true} is VALID [2022-02-20 17:59:13,206 INFO L290 TraceCheckUtils]: 1: Hoare triple {4075#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4075#true} is VALID [2022-02-20 17:59:13,206 INFO L290 TraceCheckUtils]: 2: Hoare triple {4075#true} assume true; {4075#true} is VALID [2022-02-20 17:59:13,206 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4075#true} {4076#false} #867#return; {4076#false} is VALID [2022-02-20 17:59:13,206 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 17:59:13,207 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:13,208 INFO L290 TraceCheckUtils]: 0: Hoare triple {4075#true} ~handle := #in~handle;havoc ~retValue_acc~25; {4075#true} is VALID [2022-02-20 17:59:13,209 INFO L290 TraceCheckUtils]: 1: Hoare triple {4075#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~25; {4075#true} is VALID [2022-02-20 17:59:13,209 INFO L290 TraceCheckUtils]: 2: Hoare triple {4075#true} assume true; {4075#true} is VALID [2022-02-20 17:59:13,209 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4075#true} {4076#false} #869#return; {4076#false} is VALID [2022-02-20 17:59:13,209 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 17:59:13,210 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:13,212 INFO L290 TraceCheckUtils]: 0: Hoare triple {4075#true} ~handle := #in~handle;havoc ~retValue_acc~9; {4075#true} is VALID [2022-02-20 17:59:13,212 INFO L290 TraceCheckUtils]: 1: Hoare triple {4075#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {4075#true} is VALID [2022-02-20 17:59:13,212 INFO L290 TraceCheckUtils]: 2: Hoare triple {4075#true} assume true; {4075#true} is VALID [2022-02-20 17:59:13,212 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4075#true} {4076#false} #871#return; {4076#false} is VALID [2022-02-20 17:59:13,212 INFO L290 TraceCheckUtils]: 0: Hoare triple {4075#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(13, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(20, 34);call #Ultimate.allocInit(22, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(115, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {4075#true} is VALID [2022-02-20 17:59:13,212 INFO L290 TraceCheckUtils]: 1: Hoare triple {4075#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret14#1, main_~retValue_acc~28#1, main_~tmp~3#1;havoc main_~retValue_acc~28#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {4075#true} is VALID [2022-02-20 17:59:13,212 INFO L290 TraceCheckUtils]: 2: Hoare triple {4075#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {4075#true} is VALID [2022-02-20 17:59:13,213 INFO L290 TraceCheckUtils]: 3: Hoare triple {4075#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~36#1;havoc valid_product_~retValue_acc~36#1;valid_product_~retValue_acc~36#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~36#1; {4075#true} is VALID [2022-02-20 17:59:13,213 INFO L290 TraceCheckUtils]: 4: Hoare triple {4075#true} main_#t~ret14#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret14#1 && main_#t~ret14#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret14#1;havoc main_#t~ret14#1; {4075#true} is VALID [2022-02-20 17:59:13,213 INFO L290 TraceCheckUtils]: 5: Hoare triple {4075#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet11#1, setup_#t~nondet12#1, setup_#t~nondet13#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {4075#true} is VALID [2022-02-20 17:59:13,213 INFO L272 TraceCheckUtils]: 6: Hoare triple {4075#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {4126#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:13,214 INFO L290 TraceCheckUtils]: 7: Hoare triple {4126#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4075#true} is VALID [2022-02-20 17:59:13,214 INFO L290 TraceCheckUtils]: 8: Hoare triple {4075#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4075#true} is VALID [2022-02-20 17:59:13,214 INFO L290 TraceCheckUtils]: 9: Hoare triple {4075#true} assume true; {4075#true} is VALID [2022-02-20 17:59:13,214 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {4075#true} {4075#true} #901#return; {4075#true} is VALID [2022-02-20 17:59:13,214 INFO L290 TraceCheckUtils]: 11: Hoare triple {4075#true} assume { :end_inline_setup_bob__wrappee__Base } true; {4075#true} is VALID [2022-02-20 17:59:13,215 INFO L272 TraceCheckUtils]: 12: Hoare triple {4075#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {4127#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:13,215 INFO L290 TraceCheckUtils]: 13: Hoare triple {4127#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4075#true} is VALID [2022-02-20 17:59:13,215 INFO L290 TraceCheckUtils]: 14: Hoare triple {4075#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4075#true} is VALID [2022-02-20 17:59:13,215 INFO L290 TraceCheckUtils]: 15: Hoare triple {4075#true} assume true; {4075#true} is VALID [2022-02-20 17:59:13,215 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {4075#true} {4075#true} #903#return; {4075#true} is VALID [2022-02-20 17:59:13,216 INFO L290 TraceCheckUtils]: 17: Hoare triple {4075#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet11#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {4085#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:59:13,216 INFO L272 TraceCheckUtils]: 18: Hoare triple {4085#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {4126#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:13,216 INFO L290 TraceCheckUtils]: 19: Hoare triple {4126#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4128#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:13,217 INFO L290 TraceCheckUtils]: 20: Hoare triple {4128#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4129#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:13,217 INFO L290 TraceCheckUtils]: 21: Hoare triple {4129#(= |setClientId_#in~handle| 1)} assume true; {4129#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:13,218 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {4129#(= |setClientId_#in~handle| 1)} {4085#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #905#return; {4076#false} is VALID [2022-02-20 17:59:13,218 INFO L290 TraceCheckUtils]: 23: Hoare triple {4076#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {4076#false} is VALID [2022-02-20 17:59:13,218 INFO L272 TraceCheckUtils]: 24: Hoare triple {4076#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {4127#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:13,218 INFO L290 TraceCheckUtils]: 25: Hoare triple {4127#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4075#true} is VALID [2022-02-20 17:59:13,218 INFO L290 TraceCheckUtils]: 26: Hoare triple {4075#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4075#true} is VALID [2022-02-20 17:59:13,218 INFO L290 TraceCheckUtils]: 27: Hoare triple {4075#true} assume true; {4075#true} is VALID [2022-02-20 17:59:13,218 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {4075#true} {4076#false} #907#return; {4076#false} is VALID [2022-02-20 17:59:13,218 INFO L290 TraceCheckUtils]: 29: Hoare triple {4076#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet12#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {4076#false} is VALID [2022-02-20 17:59:13,218 INFO L272 TraceCheckUtils]: 30: Hoare triple {4076#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {4126#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:13,218 INFO L290 TraceCheckUtils]: 31: Hoare triple {4126#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4075#true} is VALID [2022-02-20 17:59:13,219 INFO L290 TraceCheckUtils]: 32: Hoare triple {4075#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4075#true} is VALID [2022-02-20 17:59:13,219 INFO L290 TraceCheckUtils]: 33: Hoare triple {4075#true} assume true; {4075#true} is VALID [2022-02-20 17:59:13,219 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {4075#true} {4076#false} #909#return; {4076#false} is VALID [2022-02-20 17:59:13,219 INFO L290 TraceCheckUtils]: 35: Hoare triple {4076#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {4076#false} is VALID [2022-02-20 17:59:13,219 INFO L272 TraceCheckUtils]: 36: Hoare triple {4076#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {4127#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:13,219 INFO L290 TraceCheckUtils]: 37: Hoare triple {4127#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4075#true} is VALID [2022-02-20 17:59:13,219 INFO L290 TraceCheckUtils]: 38: Hoare triple {4075#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4075#true} is VALID [2022-02-20 17:59:13,219 INFO L290 TraceCheckUtils]: 39: Hoare triple {4075#true} assume true; {4075#true} is VALID [2022-02-20 17:59:13,219 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {4075#true} {4076#false} #911#return; {4076#false} is VALID [2022-02-20 17:59:13,220 INFO L290 TraceCheckUtils]: 41: Hoare triple {4076#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 8, 0;havoc setup_#t~nondet13#1; {4076#false} is VALID [2022-02-20 17:59:13,220 INFO L290 TraceCheckUtils]: 42: Hoare triple {4076#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {4076#false} is VALID [2022-02-20 17:59:13,220 INFO L290 TraceCheckUtils]: 43: Hoare triple {4076#false} assume !false; {4076#false} is VALID [2022-02-20 17:59:13,220 INFO L290 TraceCheckUtils]: 44: Hoare triple {4076#false} assume test_~splverifierCounter~0#1 < 4; {4076#false} is VALID [2022-02-20 17:59:13,220 INFO L290 TraceCheckUtils]: 45: Hoare triple {4076#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {4076#false} is VALID [2022-02-20 17:59:13,220 INFO L290 TraceCheckUtils]: 46: Hoare triple {4076#false} assume !(0 == test_~op1~0#1); {4076#false} is VALID [2022-02-20 17:59:13,220 INFO L290 TraceCheckUtils]: 47: Hoare triple {4076#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet41#1 && test_#t~nondet41#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet41#1;havoc test_#t~nondet41#1; {4076#false} is VALID [2022-02-20 17:59:13,220 INFO L290 TraceCheckUtils]: 48: Hoare triple {4076#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {4076#false} is VALID [2022-02-20 17:59:13,221 INFO L290 TraceCheckUtils]: 49: Hoare triple {4076#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {4076#false} is VALID [2022-02-20 17:59:13,221 INFO L290 TraceCheckUtils]: 50: Hoare triple {4076#false} assume { :end_inline_setClientAutoResponse } true; {4076#false} is VALID [2022-02-20 17:59:13,221 INFO L290 TraceCheckUtils]: 51: Hoare triple {4076#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {4076#false} is VALID [2022-02-20 17:59:13,221 INFO L290 TraceCheckUtils]: 52: Hoare triple {4076#false} assume !false; {4076#false} is VALID [2022-02-20 17:59:13,221 INFO L290 TraceCheckUtils]: 53: Hoare triple {4076#false} assume !(test_~splverifierCounter~0#1 < 4); {4076#false} is VALID [2022-02-20 17:59:13,221 INFO L290 TraceCheckUtils]: 54: Hoare triple {4076#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret6#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret6#1 && bobToRjh_#t~ret6#1 <= 2147483647;havoc bobToRjh_#t~ret6#1; {4076#false} is VALID [2022-02-20 17:59:13,221 INFO L272 TraceCheckUtils]: 55: Hoare triple {4076#false} call sendEmail(~bob~0, ~rjh~0); {4076#false} is VALID [2022-02-20 17:59:13,221 INFO L290 TraceCheckUtils]: 56: Hoare triple {4076#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~31#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~31#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {4076#false} is VALID [2022-02-20 17:59:13,221 INFO L272 TraceCheckUtils]: 57: Hoare triple {4076#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {4130#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:13,222 INFO L290 TraceCheckUtils]: 58: Hoare triple {4130#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4075#true} is VALID [2022-02-20 17:59:13,222 INFO L290 TraceCheckUtils]: 59: Hoare triple {4075#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4075#true} is VALID [2022-02-20 17:59:13,222 INFO L290 TraceCheckUtils]: 60: Hoare triple {4075#true} assume true; {4075#true} is VALID [2022-02-20 17:59:13,222 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {4075#true} {4076#false} #895#return; {4076#false} is VALID [2022-02-20 17:59:13,222 INFO L272 TraceCheckUtils]: 62: Hoare triple {4076#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {4131#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:13,222 INFO L290 TraceCheckUtils]: 63: Hoare triple {4131#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4075#true} is VALID [2022-02-20 17:59:13,222 INFO L290 TraceCheckUtils]: 64: Hoare triple {4075#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4075#true} is VALID [2022-02-20 17:59:13,222 INFO L290 TraceCheckUtils]: 65: Hoare triple {4075#true} assume true; {4075#true} is VALID [2022-02-20 17:59:13,222 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {4075#true} {4076#false} #897#return; {4076#false} is VALID [2022-02-20 17:59:13,223 INFO L290 TraceCheckUtils]: 67: Hoare triple {4076#false} createEmail_~retValue_acc~31#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~31#1; {4076#false} is VALID [2022-02-20 17:59:13,223 INFO L290 TraceCheckUtils]: 68: Hoare triple {4076#false} #t~ret84#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret84#1 && #t~ret84#1 <= 2147483647;~tmp~17#1 := #t~ret84#1;havoc #t~ret84#1;~email~0#1 := ~tmp~17#1; {4076#false} is VALID [2022-02-20 17:59:13,223 INFO L272 TraceCheckUtils]: 69: Hoare triple {4076#false} call outgoing(~sender#1, ~email~0#1); {4076#false} is VALID [2022-02-20 17:59:13,223 INFO L290 TraceCheckUtils]: 70: Hoare triple {4076#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret88#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~19#1; {4076#false} is VALID [2022-02-20 17:59:13,223 INFO L272 TraceCheckUtils]: 71: Hoare triple {4076#false} call sign_#t~ret88#1 := getClientPrivateKey(sign_~client#1); {4075#true} is VALID [2022-02-20 17:59:13,223 INFO L290 TraceCheckUtils]: 72: Hoare triple {4075#true} ~handle := #in~handle;havoc ~retValue_acc~9; {4075#true} is VALID [2022-02-20 17:59:13,223 INFO L290 TraceCheckUtils]: 73: Hoare triple {4075#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {4075#true} is VALID [2022-02-20 17:59:13,223 INFO L290 TraceCheckUtils]: 74: Hoare triple {4075#true} assume true; {4075#true} is VALID [2022-02-20 17:59:13,223 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {4075#true} {4076#false} #865#return; {4076#false} is VALID [2022-02-20 17:59:13,223 INFO L290 TraceCheckUtils]: 76: Hoare triple {4076#false} assume -2147483648 <= sign_#t~ret88#1 && sign_#t~ret88#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret88#1;havoc sign_#t~ret88#1;sign_~privkey~0#1 := sign_~tmp~19#1; {4076#false} is VALID [2022-02-20 17:59:13,224 INFO L290 TraceCheckUtils]: 77: Hoare triple {4076#false} assume 0 == sign_~privkey~0#1; {4076#false} is VALID [2022-02-20 17:59:13,224 INFO L290 TraceCheckUtils]: 78: Hoare triple {4076#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret80#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__AutoResponder_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {4076#false} is VALID [2022-02-20 17:59:13,224 INFO L290 TraceCheckUtils]: 79: Hoare triple {4076#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {4076#false} is VALID [2022-02-20 17:59:13,224 INFO L290 TraceCheckUtils]: 80: Hoare triple {4076#false} outgoing__wrappee__AutoResponder_#t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret80#1 && outgoing__wrappee__AutoResponder_#t~ret80#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret80#1;havoc outgoing__wrappee__AutoResponder_#t~ret80#1; {4076#false} is VALID [2022-02-20 17:59:13,224 INFO L272 TraceCheckUtils]: 81: Hoare triple {4076#false} call setEmailFrom(outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1); {4130#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:13,224 INFO L290 TraceCheckUtils]: 82: Hoare triple {4130#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4075#true} is VALID [2022-02-20 17:59:13,224 INFO L290 TraceCheckUtils]: 83: Hoare triple {4075#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4075#true} is VALID [2022-02-20 17:59:13,224 INFO L290 TraceCheckUtils]: 84: Hoare triple {4075#true} assume true; {4075#true} is VALID [2022-02-20 17:59:13,224 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {4075#true} {4076#false} #867#return; {4076#false} is VALID [2022-02-20 17:59:13,225 INFO L290 TraceCheckUtils]: 86: Hoare triple {4076#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret75#1, __utac_acc__SignForward_spec__1_#t~ret76#1, __utac_acc__SignForward_spec__1_#t~ret77#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~12#1, __utac_acc__SignForward_spec__1_~tmp___0~5#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~12#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~5#1;call __utac_acc__SignForward_spec__1_#t~ret75#1 := puts(31, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret75#1 && __utac_acc__SignForward_spec__1_#t~ret75#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret75#1; {4076#false} is VALID [2022-02-20 17:59:13,225 INFO L272 TraceCheckUtils]: 87: Hoare triple {4076#false} call __utac_acc__SignForward_spec__1_#t~ret76#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {4075#true} is VALID [2022-02-20 17:59:13,225 INFO L290 TraceCheckUtils]: 88: Hoare triple {4075#true} ~handle := #in~handle;havoc ~retValue_acc~25; {4075#true} is VALID [2022-02-20 17:59:13,225 INFO L290 TraceCheckUtils]: 89: Hoare triple {4075#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~25; {4075#true} is VALID [2022-02-20 17:59:13,225 INFO L290 TraceCheckUtils]: 90: Hoare triple {4075#true} assume true; {4075#true} is VALID [2022-02-20 17:59:13,225 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {4075#true} {4076#false} #869#return; {4076#false} is VALID [2022-02-20 17:59:13,225 INFO L290 TraceCheckUtils]: 92: Hoare triple {4076#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret76#1 && __utac_acc__SignForward_spec__1_#t~ret76#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~5#1 := __utac_acc__SignForward_spec__1_#t~ret76#1;havoc __utac_acc__SignForward_spec__1_#t~ret76#1; {4076#false} is VALID [2022-02-20 17:59:13,225 INFO L290 TraceCheckUtils]: 93: Hoare triple {4076#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~5#1; {4076#false} is VALID [2022-02-20 17:59:13,225 INFO L272 TraceCheckUtils]: 94: Hoare triple {4076#false} call __utac_acc__SignForward_spec__1_#t~ret77#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {4075#true} is VALID [2022-02-20 17:59:13,226 INFO L290 TraceCheckUtils]: 95: Hoare triple {4075#true} ~handle := #in~handle;havoc ~retValue_acc~9; {4075#true} is VALID [2022-02-20 17:59:13,226 INFO L290 TraceCheckUtils]: 96: Hoare triple {4075#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {4075#true} is VALID [2022-02-20 17:59:13,226 INFO L290 TraceCheckUtils]: 97: Hoare triple {4075#true} assume true; {4075#true} is VALID [2022-02-20 17:59:13,226 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {4075#true} {4076#false} #871#return; {4076#false} is VALID [2022-02-20 17:59:13,226 INFO L290 TraceCheckUtils]: 99: Hoare triple {4076#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret77#1 && __utac_acc__SignForward_spec__1_#t~ret77#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~12#1 := __utac_acc__SignForward_spec__1_#t~ret77#1;havoc __utac_acc__SignForward_spec__1_#t~ret77#1; {4076#false} is VALID [2022-02-20 17:59:13,226 INFO L290 TraceCheckUtils]: 100: Hoare triple {4076#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~12#1;assume { :begin_inline___automaton_fail } true; {4076#false} is VALID [2022-02-20 17:59:13,226 INFO L290 TraceCheckUtils]: 101: Hoare triple {4076#false} assume !false; {4076#false} is VALID [2022-02-20 17:59:13,226 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 17:59:13,227 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:13,227 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [868592006] [2022-02-20 17:59:13,227 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [868592006] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:59:13,227 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1980408317] [2022-02-20 17:59:13,227 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:13,227 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:13,227 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:59:13,228 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:59:13,257 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-02-20 17:59:13,418 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:13,421 INFO L263 TraceCheckSpWp]: Trace formula consists of 991 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 17:59:13,456 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:13,458 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:59:13,624 INFO L290 TraceCheckUtils]: 0: Hoare triple {4075#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(13, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(20, 34);call #Ultimate.allocInit(22, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(115, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {4075#true} is VALID [2022-02-20 17:59:13,624 INFO L290 TraceCheckUtils]: 1: Hoare triple {4075#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret14#1, main_~retValue_acc~28#1, main_~tmp~3#1;havoc main_~retValue_acc~28#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {4075#true} is VALID [2022-02-20 17:59:13,625 INFO L290 TraceCheckUtils]: 2: Hoare triple {4075#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {4075#true} is VALID [2022-02-20 17:59:13,625 INFO L290 TraceCheckUtils]: 3: Hoare triple {4075#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~36#1;havoc valid_product_~retValue_acc~36#1;valid_product_~retValue_acc~36#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~36#1; {4075#true} is VALID [2022-02-20 17:59:13,625 INFO L290 TraceCheckUtils]: 4: Hoare triple {4075#true} main_#t~ret14#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret14#1 && main_#t~ret14#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret14#1;havoc main_#t~ret14#1; {4075#true} is VALID [2022-02-20 17:59:13,625 INFO L290 TraceCheckUtils]: 5: Hoare triple {4075#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet11#1, setup_#t~nondet12#1, setup_#t~nondet13#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {4075#true} is VALID [2022-02-20 17:59:13,625 INFO L272 TraceCheckUtils]: 6: Hoare triple {4075#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {4075#true} is VALID [2022-02-20 17:59:13,625 INFO L290 TraceCheckUtils]: 7: Hoare triple {4075#true} ~handle := #in~handle;~value := #in~value; {4075#true} is VALID [2022-02-20 17:59:13,625 INFO L290 TraceCheckUtils]: 8: Hoare triple {4075#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4075#true} is VALID [2022-02-20 17:59:13,625 INFO L290 TraceCheckUtils]: 9: Hoare triple {4075#true} assume true; {4075#true} is VALID [2022-02-20 17:59:13,625 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {4075#true} {4075#true} #901#return; {4075#true} is VALID [2022-02-20 17:59:13,626 INFO L290 TraceCheckUtils]: 11: Hoare triple {4075#true} assume { :end_inline_setup_bob__wrappee__Base } true; {4075#true} is VALID [2022-02-20 17:59:13,626 INFO L272 TraceCheckUtils]: 12: Hoare triple {4075#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {4075#true} is VALID [2022-02-20 17:59:13,626 INFO L290 TraceCheckUtils]: 13: Hoare triple {4075#true} ~handle := #in~handle;~value := #in~value; {4075#true} is VALID [2022-02-20 17:59:13,626 INFO L290 TraceCheckUtils]: 14: Hoare triple {4075#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4075#true} is VALID [2022-02-20 17:59:13,626 INFO L290 TraceCheckUtils]: 15: Hoare triple {4075#true} assume true; {4075#true} is VALID [2022-02-20 17:59:13,626 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {4075#true} {4075#true} #903#return; {4075#true} is VALID [2022-02-20 17:59:13,626 INFO L290 TraceCheckUtils]: 17: Hoare triple {4075#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet11#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {4075#true} is VALID [2022-02-20 17:59:13,626 INFO L272 TraceCheckUtils]: 18: Hoare triple {4075#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {4075#true} is VALID [2022-02-20 17:59:13,626 INFO L290 TraceCheckUtils]: 19: Hoare triple {4075#true} ~handle := #in~handle;~value := #in~value; {4075#true} is VALID [2022-02-20 17:59:13,627 INFO L290 TraceCheckUtils]: 20: Hoare triple {4075#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4075#true} is VALID [2022-02-20 17:59:13,627 INFO L290 TraceCheckUtils]: 21: Hoare triple {4075#true} assume true; {4075#true} is VALID [2022-02-20 17:59:13,627 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {4075#true} {4075#true} #905#return; {4075#true} is VALID [2022-02-20 17:59:13,627 INFO L290 TraceCheckUtils]: 23: Hoare triple {4075#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {4075#true} is VALID [2022-02-20 17:59:13,627 INFO L272 TraceCheckUtils]: 24: Hoare triple {4075#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {4075#true} is VALID [2022-02-20 17:59:13,627 INFO L290 TraceCheckUtils]: 25: Hoare triple {4075#true} ~handle := #in~handle;~value := #in~value; {4075#true} is VALID [2022-02-20 17:59:13,627 INFO L290 TraceCheckUtils]: 26: Hoare triple {4075#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4075#true} is VALID [2022-02-20 17:59:13,627 INFO L290 TraceCheckUtils]: 27: Hoare triple {4075#true} assume true; {4075#true} is VALID [2022-02-20 17:59:13,627 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {4075#true} {4075#true} #907#return; {4075#true} is VALID [2022-02-20 17:59:13,628 INFO L290 TraceCheckUtils]: 29: Hoare triple {4075#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet12#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {4075#true} is VALID [2022-02-20 17:59:13,628 INFO L272 TraceCheckUtils]: 30: Hoare triple {4075#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {4075#true} is VALID [2022-02-20 17:59:13,628 INFO L290 TraceCheckUtils]: 31: Hoare triple {4075#true} ~handle := #in~handle;~value := #in~value; {4075#true} is VALID [2022-02-20 17:59:13,628 INFO L290 TraceCheckUtils]: 32: Hoare triple {4075#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4075#true} is VALID [2022-02-20 17:59:13,628 INFO L290 TraceCheckUtils]: 33: Hoare triple {4075#true} assume true; {4075#true} is VALID [2022-02-20 17:59:13,628 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {4075#true} {4075#true} #909#return; {4075#true} is VALID [2022-02-20 17:59:13,628 INFO L290 TraceCheckUtils]: 35: Hoare triple {4075#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {4075#true} is VALID [2022-02-20 17:59:13,628 INFO L272 TraceCheckUtils]: 36: Hoare triple {4075#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {4075#true} is VALID [2022-02-20 17:59:13,628 INFO L290 TraceCheckUtils]: 37: Hoare triple {4075#true} ~handle := #in~handle;~value := #in~value; {4075#true} is VALID [2022-02-20 17:59:13,629 INFO L290 TraceCheckUtils]: 38: Hoare triple {4075#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4075#true} is VALID [2022-02-20 17:59:13,629 INFO L290 TraceCheckUtils]: 39: Hoare triple {4075#true} assume true; {4075#true} is VALID [2022-02-20 17:59:13,629 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {4075#true} {4075#true} #911#return; {4075#true} is VALID [2022-02-20 17:59:13,629 INFO L290 TraceCheckUtils]: 41: Hoare triple {4075#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 8, 0;havoc setup_#t~nondet13#1; {4075#true} is VALID [2022-02-20 17:59:13,629 INFO L290 TraceCheckUtils]: 42: Hoare triple {4075#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {4261#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:59:13,630 INFO L290 TraceCheckUtils]: 43: Hoare triple {4261#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !false; {4261#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:59:13,630 INFO L290 TraceCheckUtils]: 44: Hoare triple {4261#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {4261#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:59:13,630 INFO L290 TraceCheckUtils]: 45: Hoare triple {4261#(= |ULTIMATE.start_test_~op1~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {4261#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:59:13,631 INFO L290 TraceCheckUtils]: 46: Hoare triple {4261#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !(0 == test_~op1~0#1); {4076#false} is VALID [2022-02-20 17:59:13,631 INFO L290 TraceCheckUtils]: 47: Hoare triple {4076#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet41#1 && test_#t~nondet41#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet41#1;havoc test_#t~nondet41#1; {4076#false} is VALID [2022-02-20 17:59:13,631 INFO L290 TraceCheckUtils]: 48: Hoare triple {4076#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {4076#false} is VALID [2022-02-20 17:59:13,632 INFO L290 TraceCheckUtils]: 49: Hoare triple {4076#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {4076#false} is VALID [2022-02-20 17:59:13,632 INFO L290 TraceCheckUtils]: 50: Hoare triple {4076#false} assume { :end_inline_setClientAutoResponse } true; {4076#false} is VALID [2022-02-20 17:59:13,632 INFO L290 TraceCheckUtils]: 51: Hoare triple {4076#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {4076#false} is VALID [2022-02-20 17:59:13,632 INFO L290 TraceCheckUtils]: 52: Hoare triple {4076#false} assume !false; {4076#false} is VALID [2022-02-20 17:59:13,632 INFO L290 TraceCheckUtils]: 53: Hoare triple {4076#false} assume !(test_~splverifierCounter~0#1 < 4); {4076#false} is VALID [2022-02-20 17:59:13,632 INFO L290 TraceCheckUtils]: 54: Hoare triple {4076#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret6#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret6#1 && bobToRjh_#t~ret6#1 <= 2147483647;havoc bobToRjh_#t~ret6#1; {4076#false} is VALID [2022-02-20 17:59:13,632 INFO L272 TraceCheckUtils]: 55: Hoare triple {4076#false} call sendEmail(~bob~0, ~rjh~0); {4076#false} is VALID [2022-02-20 17:59:13,632 INFO L290 TraceCheckUtils]: 56: Hoare triple {4076#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~31#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~31#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {4076#false} is VALID [2022-02-20 17:59:13,632 INFO L272 TraceCheckUtils]: 57: Hoare triple {4076#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {4076#false} is VALID [2022-02-20 17:59:13,632 INFO L290 TraceCheckUtils]: 58: Hoare triple {4076#false} ~handle := #in~handle;~value := #in~value; {4076#false} is VALID [2022-02-20 17:59:13,633 INFO L290 TraceCheckUtils]: 59: Hoare triple {4076#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4076#false} is VALID [2022-02-20 17:59:13,633 INFO L290 TraceCheckUtils]: 60: Hoare triple {4076#false} assume true; {4076#false} is VALID [2022-02-20 17:59:13,633 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {4076#false} {4076#false} #895#return; {4076#false} is VALID [2022-02-20 17:59:13,633 INFO L272 TraceCheckUtils]: 62: Hoare triple {4076#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {4076#false} is VALID [2022-02-20 17:59:13,633 INFO L290 TraceCheckUtils]: 63: Hoare triple {4076#false} ~handle := #in~handle;~value := #in~value; {4076#false} is VALID [2022-02-20 17:59:13,633 INFO L290 TraceCheckUtils]: 64: Hoare triple {4076#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4076#false} is VALID [2022-02-20 17:59:13,633 INFO L290 TraceCheckUtils]: 65: Hoare triple {4076#false} assume true; {4076#false} is VALID [2022-02-20 17:59:13,633 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {4076#false} {4076#false} #897#return; {4076#false} is VALID [2022-02-20 17:59:13,633 INFO L290 TraceCheckUtils]: 67: Hoare triple {4076#false} createEmail_~retValue_acc~31#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~31#1; {4076#false} is VALID [2022-02-20 17:59:13,634 INFO L290 TraceCheckUtils]: 68: Hoare triple {4076#false} #t~ret84#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret84#1 && #t~ret84#1 <= 2147483647;~tmp~17#1 := #t~ret84#1;havoc #t~ret84#1;~email~0#1 := ~tmp~17#1; {4076#false} is VALID [2022-02-20 17:59:13,634 INFO L272 TraceCheckUtils]: 69: Hoare triple {4076#false} call outgoing(~sender#1, ~email~0#1); {4076#false} is VALID [2022-02-20 17:59:13,634 INFO L290 TraceCheckUtils]: 70: Hoare triple {4076#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret88#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~19#1; {4076#false} is VALID [2022-02-20 17:59:13,634 INFO L272 TraceCheckUtils]: 71: Hoare triple {4076#false} call sign_#t~ret88#1 := getClientPrivateKey(sign_~client#1); {4076#false} is VALID [2022-02-20 17:59:13,634 INFO L290 TraceCheckUtils]: 72: Hoare triple {4076#false} ~handle := #in~handle;havoc ~retValue_acc~9; {4076#false} is VALID [2022-02-20 17:59:13,634 INFO L290 TraceCheckUtils]: 73: Hoare triple {4076#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {4076#false} is VALID [2022-02-20 17:59:13,634 INFO L290 TraceCheckUtils]: 74: Hoare triple {4076#false} assume true; {4076#false} is VALID [2022-02-20 17:59:13,634 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {4076#false} {4076#false} #865#return; {4076#false} is VALID [2022-02-20 17:59:13,634 INFO L290 TraceCheckUtils]: 76: Hoare triple {4076#false} assume -2147483648 <= sign_#t~ret88#1 && sign_#t~ret88#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret88#1;havoc sign_#t~ret88#1;sign_~privkey~0#1 := sign_~tmp~19#1; {4076#false} is VALID [2022-02-20 17:59:13,635 INFO L290 TraceCheckUtils]: 77: Hoare triple {4076#false} assume 0 == sign_~privkey~0#1; {4076#false} is VALID [2022-02-20 17:59:13,635 INFO L290 TraceCheckUtils]: 78: Hoare triple {4076#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret80#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__AutoResponder_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {4076#false} is VALID [2022-02-20 17:59:13,635 INFO L290 TraceCheckUtils]: 79: Hoare triple {4076#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {4076#false} is VALID [2022-02-20 17:59:13,635 INFO L290 TraceCheckUtils]: 80: Hoare triple {4076#false} outgoing__wrappee__AutoResponder_#t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret80#1 && outgoing__wrappee__AutoResponder_#t~ret80#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret80#1;havoc outgoing__wrappee__AutoResponder_#t~ret80#1; {4076#false} is VALID [2022-02-20 17:59:13,635 INFO L272 TraceCheckUtils]: 81: Hoare triple {4076#false} call setEmailFrom(outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1); {4076#false} is VALID [2022-02-20 17:59:13,635 INFO L290 TraceCheckUtils]: 82: Hoare triple {4076#false} ~handle := #in~handle;~value := #in~value; {4076#false} is VALID [2022-02-20 17:59:13,635 INFO L290 TraceCheckUtils]: 83: Hoare triple {4076#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4076#false} is VALID [2022-02-20 17:59:13,635 INFO L290 TraceCheckUtils]: 84: Hoare triple {4076#false} assume true; {4076#false} is VALID [2022-02-20 17:59:13,635 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {4076#false} {4076#false} #867#return; {4076#false} is VALID [2022-02-20 17:59:13,636 INFO L290 TraceCheckUtils]: 86: Hoare triple {4076#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret75#1, __utac_acc__SignForward_spec__1_#t~ret76#1, __utac_acc__SignForward_spec__1_#t~ret77#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~12#1, __utac_acc__SignForward_spec__1_~tmp___0~5#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~12#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~5#1;call __utac_acc__SignForward_spec__1_#t~ret75#1 := puts(31, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret75#1 && __utac_acc__SignForward_spec__1_#t~ret75#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret75#1; {4076#false} is VALID [2022-02-20 17:59:13,636 INFO L272 TraceCheckUtils]: 87: Hoare triple {4076#false} call __utac_acc__SignForward_spec__1_#t~ret76#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {4076#false} is VALID [2022-02-20 17:59:13,636 INFO L290 TraceCheckUtils]: 88: Hoare triple {4076#false} ~handle := #in~handle;havoc ~retValue_acc~25; {4076#false} is VALID [2022-02-20 17:59:13,636 INFO L290 TraceCheckUtils]: 89: Hoare triple {4076#false} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~25; {4076#false} is VALID [2022-02-20 17:59:13,636 INFO L290 TraceCheckUtils]: 90: Hoare triple {4076#false} assume true; {4076#false} is VALID [2022-02-20 17:59:13,636 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {4076#false} {4076#false} #869#return; {4076#false} is VALID [2022-02-20 17:59:13,636 INFO L290 TraceCheckUtils]: 92: Hoare triple {4076#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret76#1 && __utac_acc__SignForward_spec__1_#t~ret76#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~5#1 := __utac_acc__SignForward_spec__1_#t~ret76#1;havoc __utac_acc__SignForward_spec__1_#t~ret76#1; {4076#false} is VALID [2022-02-20 17:59:13,636 INFO L290 TraceCheckUtils]: 93: Hoare triple {4076#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~5#1; {4076#false} is VALID [2022-02-20 17:59:13,636 INFO L272 TraceCheckUtils]: 94: Hoare triple {4076#false} call __utac_acc__SignForward_spec__1_#t~ret77#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {4076#false} is VALID [2022-02-20 17:59:13,636 INFO L290 TraceCheckUtils]: 95: Hoare triple {4076#false} ~handle := #in~handle;havoc ~retValue_acc~9; {4076#false} is VALID [2022-02-20 17:59:13,637 INFO L290 TraceCheckUtils]: 96: Hoare triple {4076#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {4076#false} is VALID [2022-02-20 17:59:13,637 INFO L290 TraceCheckUtils]: 97: Hoare triple {4076#false} assume true; {4076#false} is VALID [2022-02-20 17:59:13,637 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {4076#false} {4076#false} #871#return; {4076#false} is VALID [2022-02-20 17:59:13,637 INFO L290 TraceCheckUtils]: 99: Hoare triple {4076#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret77#1 && __utac_acc__SignForward_spec__1_#t~ret77#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~12#1 := __utac_acc__SignForward_spec__1_#t~ret77#1;havoc __utac_acc__SignForward_spec__1_#t~ret77#1; {4076#false} is VALID [2022-02-20 17:59:13,637 INFO L290 TraceCheckUtils]: 100: Hoare triple {4076#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~12#1;assume { :begin_inline___automaton_fail } true; {4076#false} is VALID [2022-02-20 17:59:13,637 INFO L290 TraceCheckUtils]: 101: Hoare triple {4076#false} assume !false; {4076#false} is VALID [2022-02-20 17:59:13,637 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 32 trivial. 0 not checked. [2022-02-20 17:59:13,637 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:59:13,638 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1980408317] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:13,638 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:59:13,638 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 17:59:13,638 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [203997647] [2022-02-20 17:59:13,638 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:13,639 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 19.333333333333332) internal successors, (58), 3 states have internal predecessors, (58), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 102 [2022-02-20 17:59:13,639 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:13,639 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 19.333333333333332) internal successors, (58), 3 states have internal predecessors, (58), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:59:13,693 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 84 edges. 84 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:13,693 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 17:59:13,693 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:13,694 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 17:59:13,694 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:59:13,694 INFO L87 Difference]: Start difference. First operand 286 states and 428 transitions. Second operand has 3 states, 3 states have (on average 19.333333333333332) internal successors, (58), 3 states have internal predecessors, (58), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:59:14,044 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:14,044 INFO L93 Difference]: Finished difference Result 602 states and 915 transitions. [2022-02-20 17:59:14,044 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 17:59:14,044 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 19.333333333333332) internal successors, (58), 3 states have internal predecessors, (58), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 102 [2022-02-20 17:59:14,045 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:14,045 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 19.333333333333332) internal successors, (58), 3 states have internal predecessors, (58), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:59:14,053 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 913 transitions. [2022-02-20 17:59:14,053 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 19.333333333333332) internal successors, (58), 3 states have internal predecessors, (58), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:59:14,059 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 913 transitions. [2022-02-20 17:59:14,059 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 913 transitions. [2022-02-20 17:59:14,674 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 913 edges. 913 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:14,682 INFO L225 Difference]: With dead ends: 602 [2022-02-20 17:59:14,682 INFO L226 Difference]: Without dead ends: 343 [2022-02-20 17:59:14,696 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 129 GetRequests, 121 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:59:14,696 INFO L933 BasicCegarLoop]: 444 mSDtfsCounter, 107 mSDsluCounter, 380 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 122 SdHoareTripleChecker+Valid, 824 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:14,697 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [122 Valid, 824 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:59:14,697 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 343 states. [2022-02-20 17:59:14,704 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 343 to 335. [2022-02-20 17:59:14,704 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:14,705 INFO L82 GeneralOperation]: Start isEquivalent. First operand 343 states. Second operand has 335 states, 266 states have (on average 1.5451127819548873) internal successors, (411), 267 states have internal predecessors, (411), 51 states have call successors, (51), 17 states have call predecessors, (51), 17 states have return successors, (50), 50 states have call predecessors, (50), 50 states have call successors, (50) [2022-02-20 17:59:14,706 INFO L74 IsIncluded]: Start isIncluded. First operand 343 states. Second operand has 335 states, 266 states have (on average 1.5451127819548873) internal successors, (411), 267 states have internal predecessors, (411), 51 states have call successors, (51), 17 states have call predecessors, (51), 17 states have return successors, (50), 50 states have call predecessors, (50), 50 states have call successors, (50) [2022-02-20 17:59:14,706 INFO L87 Difference]: Start difference. First operand 343 states. Second operand has 335 states, 266 states have (on average 1.5451127819548873) internal successors, (411), 267 states have internal predecessors, (411), 51 states have call successors, (51), 17 states have call predecessors, (51), 17 states have return successors, (50), 50 states have call predecessors, (50), 50 states have call successors, (50) [2022-02-20 17:59:14,727 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:14,727 INFO L93 Difference]: Finished difference Result 343 states and 521 transitions. [2022-02-20 17:59:14,727 INFO L276 IsEmpty]: Start isEmpty. Operand 343 states and 521 transitions. [2022-02-20 17:59:14,728 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:14,728 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:14,729 INFO L74 IsIncluded]: Start isIncluded. First operand has 335 states, 266 states have (on average 1.5451127819548873) internal successors, (411), 267 states have internal predecessors, (411), 51 states have call successors, (51), 17 states have call predecessors, (51), 17 states have return successors, (50), 50 states have call predecessors, (50), 50 states have call successors, (50) Second operand 343 states. [2022-02-20 17:59:14,730 INFO L87 Difference]: Start difference. First operand has 335 states, 266 states have (on average 1.5451127819548873) internal successors, (411), 267 states have internal predecessors, (411), 51 states have call successors, (51), 17 states have call predecessors, (51), 17 states have return successors, (50), 50 states have call predecessors, (50), 50 states have call successors, (50) Second operand 343 states. [2022-02-20 17:59:14,737 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:14,737 INFO L93 Difference]: Finished difference Result 343 states and 521 transitions. [2022-02-20 17:59:14,737 INFO L276 IsEmpty]: Start isEmpty. Operand 343 states and 521 transitions. [2022-02-20 17:59:14,738 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:14,738 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:14,738 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:14,738 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:14,739 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 335 states, 266 states have (on average 1.5451127819548873) internal successors, (411), 267 states have internal predecessors, (411), 51 states have call successors, (51), 17 states have call predecessors, (51), 17 states have return successors, (50), 50 states have call predecessors, (50), 50 states have call successors, (50) [2022-02-20 17:59:14,748 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 335 states to 335 states and 512 transitions. [2022-02-20 17:59:14,748 INFO L78 Accepts]: Start accepts. Automaton has 335 states and 512 transitions. Word has length 102 [2022-02-20 17:59:14,749 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:14,749 INFO L470 AbstractCegarLoop]: Abstraction has 335 states and 512 transitions. [2022-02-20 17:59:14,749 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 19.333333333333332) internal successors, (58), 3 states have internal predecessors, (58), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:59:14,749 INFO L276 IsEmpty]: Start isEmpty. Operand 335 states and 512 transitions. [2022-02-20 17:59:14,750 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 104 [2022-02-20 17:59:14,750 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:14,750 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:14,769 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-02-20 17:59:14,975 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:14,978 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:14,978 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:14,978 INFO L85 PathProgramCache]: Analyzing trace with hash 406530022, now seen corresponding path program 1 times [2022-02-20 17:59:14,978 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:14,980 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [408776030] [2022-02-20 17:59:14,980 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:14,980 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:15,029 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:15,049 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:59:15,051 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:15,053 INFO L290 TraceCheckUtils]: 0: Hoare triple {6497#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {6446#true} is VALID [2022-02-20 17:59:15,053 INFO L290 TraceCheckUtils]: 1: Hoare triple {6446#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6446#true} is VALID [2022-02-20 17:59:15,053 INFO L290 TraceCheckUtils]: 2: Hoare triple {6446#true} assume true; {6446#true} is VALID [2022-02-20 17:59:15,053 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6446#true} {6446#true} #901#return; {6446#true} is VALID [2022-02-20 17:59:15,058 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:59:15,059 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:15,062 INFO L290 TraceCheckUtils]: 0: Hoare triple {6498#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {6446#true} is VALID [2022-02-20 17:59:15,062 INFO L290 TraceCheckUtils]: 1: Hoare triple {6446#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6446#true} is VALID [2022-02-20 17:59:15,062 INFO L290 TraceCheckUtils]: 2: Hoare triple {6446#true} assume true; {6446#true} is VALID [2022-02-20 17:59:15,062 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6446#true} {6446#true} #903#return; {6446#true} is VALID [2022-02-20 17:59:15,062 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:15,064 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:15,074 INFO L290 TraceCheckUtils]: 0: Hoare triple {6497#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {6499#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:15,075 INFO L290 TraceCheckUtils]: 1: Hoare triple {6499#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6500#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:15,075 INFO L290 TraceCheckUtils]: 2: Hoare triple {6500#(= |setClientId_#in~handle| 1)} assume true; {6500#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:15,076 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6500#(= |setClientId_#in~handle| 1)} {6456#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #905#return; {6447#false} is VALID [2022-02-20 17:59:15,076 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:59:15,077 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:15,079 INFO L290 TraceCheckUtils]: 0: Hoare triple {6498#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {6446#true} is VALID [2022-02-20 17:59:15,079 INFO L290 TraceCheckUtils]: 1: Hoare triple {6446#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6446#true} is VALID [2022-02-20 17:59:15,079 INFO L290 TraceCheckUtils]: 2: Hoare triple {6446#true} assume true; {6446#true} is VALID [2022-02-20 17:59:15,080 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6446#true} {6447#false} #907#return; {6447#false} is VALID [2022-02-20 17:59:15,080 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:59:15,081 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:15,083 INFO L290 TraceCheckUtils]: 0: Hoare triple {6497#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {6446#true} is VALID [2022-02-20 17:59:15,083 INFO L290 TraceCheckUtils]: 1: Hoare triple {6446#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6446#true} is VALID [2022-02-20 17:59:15,083 INFO L290 TraceCheckUtils]: 2: Hoare triple {6446#true} assume true; {6446#true} is VALID [2022-02-20 17:59:15,083 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6446#true} {6447#false} #909#return; {6447#false} is VALID [2022-02-20 17:59:15,083 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:59:15,085 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:15,088 INFO L290 TraceCheckUtils]: 0: Hoare triple {6498#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {6446#true} is VALID [2022-02-20 17:59:15,088 INFO L290 TraceCheckUtils]: 1: Hoare triple {6446#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6446#true} is VALID [2022-02-20 17:59:15,088 INFO L290 TraceCheckUtils]: 2: Hoare triple {6446#true} assume true; {6446#true} is VALID [2022-02-20 17:59:15,088 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6446#true} {6447#false} #911#return; {6447#false} is VALID [2022-02-20 17:59:15,094 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 17:59:15,095 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:15,097 INFO L290 TraceCheckUtils]: 0: Hoare triple {6501#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {6446#true} is VALID [2022-02-20 17:59:15,097 INFO L290 TraceCheckUtils]: 1: Hoare triple {6446#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {6446#true} is VALID [2022-02-20 17:59:15,097 INFO L290 TraceCheckUtils]: 2: Hoare triple {6446#true} assume true; {6446#true} is VALID [2022-02-20 17:59:15,097 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6446#true} {6447#false} #895#return; {6447#false} is VALID [2022-02-20 17:59:15,104 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63 [2022-02-20 17:59:15,105 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:15,107 INFO L290 TraceCheckUtils]: 0: Hoare triple {6502#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {6446#true} is VALID [2022-02-20 17:59:15,108 INFO L290 TraceCheckUtils]: 1: Hoare triple {6446#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {6446#true} is VALID [2022-02-20 17:59:15,108 INFO L290 TraceCheckUtils]: 2: Hoare triple {6446#true} assume true; {6446#true} is VALID [2022-02-20 17:59:15,108 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6446#true} {6447#false} #897#return; {6447#false} is VALID [2022-02-20 17:59:15,108 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 17:59:15,109 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:15,110 INFO L290 TraceCheckUtils]: 0: Hoare triple {6446#true} ~handle := #in~handle;havoc ~retValue_acc~9; {6446#true} is VALID [2022-02-20 17:59:15,111 INFO L290 TraceCheckUtils]: 1: Hoare triple {6446#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {6446#true} is VALID [2022-02-20 17:59:15,111 INFO L290 TraceCheckUtils]: 2: Hoare triple {6446#true} assume true; {6446#true} is VALID [2022-02-20 17:59:15,111 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6446#true} {6447#false} #865#return; {6447#false} is VALID [2022-02-20 17:59:15,111 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82 [2022-02-20 17:59:15,112 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:15,114 INFO L290 TraceCheckUtils]: 0: Hoare triple {6501#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {6446#true} is VALID [2022-02-20 17:59:15,115 INFO L290 TraceCheckUtils]: 1: Hoare triple {6446#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {6446#true} is VALID [2022-02-20 17:59:15,115 INFO L290 TraceCheckUtils]: 2: Hoare triple {6446#true} assume true; {6446#true} is VALID [2022-02-20 17:59:15,115 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6446#true} {6447#false} #867#return; {6447#false} is VALID [2022-02-20 17:59:15,115 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 17:59:15,116 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:15,117 INFO L290 TraceCheckUtils]: 0: Hoare triple {6446#true} ~handle := #in~handle;havoc ~retValue_acc~25; {6446#true} is VALID [2022-02-20 17:59:15,118 INFO L290 TraceCheckUtils]: 1: Hoare triple {6446#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~25; {6446#true} is VALID [2022-02-20 17:59:15,118 INFO L290 TraceCheckUtils]: 2: Hoare triple {6446#true} assume true; {6446#true} is VALID [2022-02-20 17:59:15,118 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6446#true} {6447#false} #869#return; {6447#false} is VALID [2022-02-20 17:59:15,118 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-02-20 17:59:15,119 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:15,121 INFO L290 TraceCheckUtils]: 0: Hoare triple {6446#true} ~handle := #in~handle;havoc ~retValue_acc~9; {6446#true} is VALID [2022-02-20 17:59:15,121 INFO L290 TraceCheckUtils]: 1: Hoare triple {6446#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {6446#true} is VALID [2022-02-20 17:59:15,121 INFO L290 TraceCheckUtils]: 2: Hoare triple {6446#true} assume true; {6446#true} is VALID [2022-02-20 17:59:15,121 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6446#true} {6447#false} #871#return; {6447#false} is VALID [2022-02-20 17:59:15,121 INFO L290 TraceCheckUtils]: 0: Hoare triple {6446#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(13, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(20, 34);call #Ultimate.allocInit(22, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(115, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {6446#true} is VALID [2022-02-20 17:59:15,121 INFO L290 TraceCheckUtils]: 1: Hoare triple {6446#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret14#1, main_~retValue_acc~28#1, main_~tmp~3#1;havoc main_~retValue_acc~28#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {6446#true} is VALID [2022-02-20 17:59:15,121 INFO L290 TraceCheckUtils]: 2: Hoare triple {6446#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {6446#true} is VALID [2022-02-20 17:59:15,121 INFO L290 TraceCheckUtils]: 3: Hoare triple {6446#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~36#1;havoc valid_product_~retValue_acc~36#1;valid_product_~retValue_acc~36#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~36#1; {6446#true} is VALID [2022-02-20 17:59:15,122 INFO L290 TraceCheckUtils]: 4: Hoare triple {6446#true} main_#t~ret14#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret14#1 && main_#t~ret14#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret14#1;havoc main_#t~ret14#1; {6446#true} is VALID [2022-02-20 17:59:15,122 INFO L290 TraceCheckUtils]: 5: Hoare triple {6446#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet11#1, setup_#t~nondet12#1, setup_#t~nondet13#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {6446#true} is VALID [2022-02-20 17:59:15,122 INFO L272 TraceCheckUtils]: 6: Hoare triple {6446#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {6497#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:15,122 INFO L290 TraceCheckUtils]: 7: Hoare triple {6497#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {6446#true} is VALID [2022-02-20 17:59:15,123 INFO L290 TraceCheckUtils]: 8: Hoare triple {6446#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6446#true} is VALID [2022-02-20 17:59:15,123 INFO L290 TraceCheckUtils]: 9: Hoare triple {6446#true} assume true; {6446#true} is VALID [2022-02-20 17:59:15,123 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {6446#true} {6446#true} #901#return; {6446#true} is VALID [2022-02-20 17:59:15,123 INFO L290 TraceCheckUtils]: 11: Hoare triple {6446#true} assume { :end_inline_setup_bob__wrappee__Base } true; {6446#true} is VALID [2022-02-20 17:59:15,123 INFO L272 TraceCheckUtils]: 12: Hoare triple {6446#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {6498#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:15,124 INFO L290 TraceCheckUtils]: 13: Hoare triple {6498#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {6446#true} is VALID [2022-02-20 17:59:15,124 INFO L290 TraceCheckUtils]: 14: Hoare triple {6446#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6446#true} is VALID [2022-02-20 17:59:15,124 INFO L290 TraceCheckUtils]: 15: Hoare triple {6446#true} assume true; {6446#true} is VALID [2022-02-20 17:59:15,124 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {6446#true} {6446#true} #903#return; {6446#true} is VALID [2022-02-20 17:59:15,124 INFO L290 TraceCheckUtils]: 17: Hoare triple {6446#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet11#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {6456#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:59:15,125 INFO L272 TraceCheckUtils]: 18: Hoare triple {6456#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {6497#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:15,125 INFO L290 TraceCheckUtils]: 19: Hoare triple {6497#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {6499#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:15,126 INFO L290 TraceCheckUtils]: 20: Hoare triple {6499#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6500#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:15,126 INFO L290 TraceCheckUtils]: 21: Hoare triple {6500#(= |setClientId_#in~handle| 1)} assume true; {6500#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:15,126 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {6500#(= |setClientId_#in~handle| 1)} {6456#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #905#return; {6447#false} is VALID [2022-02-20 17:59:15,126 INFO L290 TraceCheckUtils]: 23: Hoare triple {6447#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {6447#false} is VALID [2022-02-20 17:59:15,126 INFO L272 TraceCheckUtils]: 24: Hoare triple {6447#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {6498#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:15,127 INFO L290 TraceCheckUtils]: 25: Hoare triple {6498#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {6446#true} is VALID [2022-02-20 17:59:15,127 INFO L290 TraceCheckUtils]: 26: Hoare triple {6446#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6446#true} is VALID [2022-02-20 17:59:15,127 INFO L290 TraceCheckUtils]: 27: Hoare triple {6446#true} assume true; {6446#true} is VALID [2022-02-20 17:59:15,127 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {6446#true} {6447#false} #907#return; {6447#false} is VALID [2022-02-20 17:59:15,127 INFO L290 TraceCheckUtils]: 29: Hoare triple {6447#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet12#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {6447#false} is VALID [2022-02-20 17:59:15,127 INFO L272 TraceCheckUtils]: 30: Hoare triple {6447#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {6497#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:15,127 INFO L290 TraceCheckUtils]: 31: Hoare triple {6497#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {6446#true} is VALID [2022-02-20 17:59:15,127 INFO L290 TraceCheckUtils]: 32: Hoare triple {6446#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6446#true} is VALID [2022-02-20 17:59:15,127 INFO L290 TraceCheckUtils]: 33: Hoare triple {6446#true} assume true; {6446#true} is VALID [2022-02-20 17:59:15,128 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {6446#true} {6447#false} #909#return; {6447#false} is VALID [2022-02-20 17:59:15,128 INFO L290 TraceCheckUtils]: 35: Hoare triple {6447#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {6447#false} is VALID [2022-02-20 17:59:15,128 INFO L272 TraceCheckUtils]: 36: Hoare triple {6447#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {6498#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:15,128 INFO L290 TraceCheckUtils]: 37: Hoare triple {6498#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {6446#true} is VALID [2022-02-20 17:59:15,128 INFO L290 TraceCheckUtils]: 38: Hoare triple {6446#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6446#true} is VALID [2022-02-20 17:59:15,128 INFO L290 TraceCheckUtils]: 39: Hoare triple {6446#true} assume true; {6446#true} is VALID [2022-02-20 17:59:15,128 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {6446#true} {6447#false} #911#return; {6447#false} is VALID [2022-02-20 17:59:15,128 INFO L290 TraceCheckUtils]: 41: Hoare triple {6447#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 8, 0;havoc setup_#t~nondet13#1; {6447#false} is VALID [2022-02-20 17:59:15,128 INFO L290 TraceCheckUtils]: 42: Hoare triple {6447#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {6447#false} is VALID [2022-02-20 17:59:15,129 INFO L290 TraceCheckUtils]: 43: Hoare triple {6447#false} assume !false; {6447#false} is VALID [2022-02-20 17:59:15,129 INFO L290 TraceCheckUtils]: 44: Hoare triple {6447#false} assume test_~splverifierCounter~0#1 < 4; {6447#false} is VALID [2022-02-20 17:59:15,129 INFO L290 TraceCheckUtils]: 45: Hoare triple {6447#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {6447#false} is VALID [2022-02-20 17:59:15,129 INFO L290 TraceCheckUtils]: 46: Hoare triple {6447#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet40#1 && test_#t~nondet40#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet40#1;havoc test_#t~nondet40#1; {6447#false} is VALID [2022-02-20 17:59:15,129 INFO L290 TraceCheckUtils]: 47: Hoare triple {6447#false} assume !(0 != test_~tmp___9~0#1); {6447#false} is VALID [2022-02-20 17:59:15,129 INFO L290 TraceCheckUtils]: 48: Hoare triple {6447#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet41#1 && test_#t~nondet41#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet41#1;havoc test_#t~nondet41#1; {6447#false} is VALID [2022-02-20 17:59:15,129 INFO L290 TraceCheckUtils]: 49: Hoare triple {6447#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {6447#false} is VALID [2022-02-20 17:59:15,129 INFO L290 TraceCheckUtils]: 50: Hoare triple {6447#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {6447#false} is VALID [2022-02-20 17:59:15,129 INFO L290 TraceCheckUtils]: 51: Hoare triple {6447#false} assume { :end_inline_setClientAutoResponse } true; {6447#false} is VALID [2022-02-20 17:59:15,130 INFO L290 TraceCheckUtils]: 52: Hoare triple {6447#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {6447#false} is VALID [2022-02-20 17:59:15,130 INFO L290 TraceCheckUtils]: 53: Hoare triple {6447#false} assume !false; {6447#false} is VALID [2022-02-20 17:59:15,130 INFO L290 TraceCheckUtils]: 54: Hoare triple {6447#false} assume !(test_~splverifierCounter~0#1 < 4); {6447#false} is VALID [2022-02-20 17:59:15,130 INFO L290 TraceCheckUtils]: 55: Hoare triple {6447#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret6#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret6#1 && bobToRjh_#t~ret6#1 <= 2147483647;havoc bobToRjh_#t~ret6#1; {6447#false} is VALID [2022-02-20 17:59:15,130 INFO L272 TraceCheckUtils]: 56: Hoare triple {6447#false} call sendEmail(~bob~0, ~rjh~0); {6447#false} is VALID [2022-02-20 17:59:15,130 INFO L290 TraceCheckUtils]: 57: Hoare triple {6447#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~31#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~31#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {6447#false} is VALID [2022-02-20 17:59:15,130 INFO L272 TraceCheckUtils]: 58: Hoare triple {6447#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {6501#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:15,130 INFO L290 TraceCheckUtils]: 59: Hoare triple {6501#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {6446#true} is VALID [2022-02-20 17:59:15,130 INFO L290 TraceCheckUtils]: 60: Hoare triple {6446#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {6446#true} is VALID [2022-02-20 17:59:15,131 INFO L290 TraceCheckUtils]: 61: Hoare triple {6446#true} assume true; {6446#true} is VALID [2022-02-20 17:59:15,131 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {6446#true} {6447#false} #895#return; {6447#false} is VALID [2022-02-20 17:59:15,131 INFO L272 TraceCheckUtils]: 63: Hoare triple {6447#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {6502#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:15,131 INFO L290 TraceCheckUtils]: 64: Hoare triple {6502#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {6446#true} is VALID [2022-02-20 17:59:15,131 INFO L290 TraceCheckUtils]: 65: Hoare triple {6446#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {6446#true} is VALID [2022-02-20 17:59:15,131 INFO L290 TraceCheckUtils]: 66: Hoare triple {6446#true} assume true; {6446#true} is VALID [2022-02-20 17:59:15,131 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {6446#true} {6447#false} #897#return; {6447#false} is VALID [2022-02-20 17:59:15,131 INFO L290 TraceCheckUtils]: 68: Hoare triple {6447#false} createEmail_~retValue_acc~31#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~31#1; {6447#false} is VALID [2022-02-20 17:59:15,131 INFO L290 TraceCheckUtils]: 69: Hoare triple {6447#false} #t~ret84#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret84#1 && #t~ret84#1 <= 2147483647;~tmp~17#1 := #t~ret84#1;havoc #t~ret84#1;~email~0#1 := ~tmp~17#1; {6447#false} is VALID [2022-02-20 17:59:15,132 INFO L272 TraceCheckUtils]: 70: Hoare triple {6447#false} call outgoing(~sender#1, ~email~0#1); {6447#false} is VALID [2022-02-20 17:59:15,132 INFO L290 TraceCheckUtils]: 71: Hoare triple {6447#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret88#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~19#1; {6447#false} is VALID [2022-02-20 17:59:15,132 INFO L272 TraceCheckUtils]: 72: Hoare triple {6447#false} call sign_#t~ret88#1 := getClientPrivateKey(sign_~client#1); {6446#true} is VALID [2022-02-20 17:59:15,132 INFO L290 TraceCheckUtils]: 73: Hoare triple {6446#true} ~handle := #in~handle;havoc ~retValue_acc~9; {6446#true} is VALID [2022-02-20 17:59:15,132 INFO L290 TraceCheckUtils]: 74: Hoare triple {6446#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {6446#true} is VALID [2022-02-20 17:59:15,132 INFO L290 TraceCheckUtils]: 75: Hoare triple {6446#true} assume true; {6446#true} is VALID [2022-02-20 17:59:15,132 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {6446#true} {6447#false} #865#return; {6447#false} is VALID [2022-02-20 17:59:15,132 INFO L290 TraceCheckUtils]: 77: Hoare triple {6447#false} assume -2147483648 <= sign_#t~ret88#1 && sign_#t~ret88#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret88#1;havoc sign_#t~ret88#1;sign_~privkey~0#1 := sign_~tmp~19#1; {6447#false} is VALID [2022-02-20 17:59:15,132 INFO L290 TraceCheckUtils]: 78: Hoare triple {6447#false} assume 0 == sign_~privkey~0#1; {6447#false} is VALID [2022-02-20 17:59:15,133 INFO L290 TraceCheckUtils]: 79: Hoare triple {6447#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret80#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__AutoResponder_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {6447#false} is VALID [2022-02-20 17:59:15,133 INFO L290 TraceCheckUtils]: 80: Hoare triple {6447#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {6447#false} is VALID [2022-02-20 17:59:15,133 INFO L290 TraceCheckUtils]: 81: Hoare triple {6447#false} outgoing__wrappee__AutoResponder_#t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret80#1 && outgoing__wrappee__AutoResponder_#t~ret80#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret80#1;havoc outgoing__wrappee__AutoResponder_#t~ret80#1; {6447#false} is VALID [2022-02-20 17:59:15,133 INFO L272 TraceCheckUtils]: 82: Hoare triple {6447#false} call setEmailFrom(outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1); {6501#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:15,133 INFO L290 TraceCheckUtils]: 83: Hoare triple {6501#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {6446#true} is VALID [2022-02-20 17:59:15,133 INFO L290 TraceCheckUtils]: 84: Hoare triple {6446#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {6446#true} is VALID [2022-02-20 17:59:15,133 INFO L290 TraceCheckUtils]: 85: Hoare triple {6446#true} assume true; {6446#true} is VALID [2022-02-20 17:59:15,133 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {6446#true} {6447#false} #867#return; {6447#false} is VALID [2022-02-20 17:59:15,133 INFO L290 TraceCheckUtils]: 87: Hoare triple {6447#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret75#1, __utac_acc__SignForward_spec__1_#t~ret76#1, __utac_acc__SignForward_spec__1_#t~ret77#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~12#1, __utac_acc__SignForward_spec__1_~tmp___0~5#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~12#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~5#1;call __utac_acc__SignForward_spec__1_#t~ret75#1 := puts(31, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret75#1 && __utac_acc__SignForward_spec__1_#t~ret75#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret75#1; {6447#false} is VALID [2022-02-20 17:59:15,134 INFO L272 TraceCheckUtils]: 88: Hoare triple {6447#false} call __utac_acc__SignForward_spec__1_#t~ret76#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {6446#true} is VALID [2022-02-20 17:59:15,134 INFO L290 TraceCheckUtils]: 89: Hoare triple {6446#true} ~handle := #in~handle;havoc ~retValue_acc~25; {6446#true} is VALID [2022-02-20 17:59:15,134 INFO L290 TraceCheckUtils]: 90: Hoare triple {6446#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~25; {6446#true} is VALID [2022-02-20 17:59:15,134 INFO L290 TraceCheckUtils]: 91: Hoare triple {6446#true} assume true; {6446#true} is VALID [2022-02-20 17:59:15,134 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {6446#true} {6447#false} #869#return; {6447#false} is VALID [2022-02-20 17:59:15,134 INFO L290 TraceCheckUtils]: 93: Hoare triple {6447#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret76#1 && __utac_acc__SignForward_spec__1_#t~ret76#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~5#1 := __utac_acc__SignForward_spec__1_#t~ret76#1;havoc __utac_acc__SignForward_spec__1_#t~ret76#1; {6447#false} is VALID [2022-02-20 17:59:15,134 INFO L290 TraceCheckUtils]: 94: Hoare triple {6447#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~5#1; {6447#false} is VALID [2022-02-20 17:59:15,134 INFO L272 TraceCheckUtils]: 95: Hoare triple {6447#false} call __utac_acc__SignForward_spec__1_#t~ret77#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {6446#true} is VALID [2022-02-20 17:59:15,134 INFO L290 TraceCheckUtils]: 96: Hoare triple {6446#true} ~handle := #in~handle;havoc ~retValue_acc~9; {6446#true} is VALID [2022-02-20 17:59:15,134 INFO L290 TraceCheckUtils]: 97: Hoare triple {6446#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {6446#true} is VALID [2022-02-20 17:59:15,135 INFO L290 TraceCheckUtils]: 98: Hoare triple {6446#true} assume true; {6446#true} is VALID [2022-02-20 17:59:15,135 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {6446#true} {6447#false} #871#return; {6447#false} is VALID [2022-02-20 17:59:15,135 INFO L290 TraceCheckUtils]: 100: Hoare triple {6447#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret77#1 && __utac_acc__SignForward_spec__1_#t~ret77#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~12#1 := __utac_acc__SignForward_spec__1_#t~ret77#1;havoc __utac_acc__SignForward_spec__1_#t~ret77#1; {6447#false} is VALID [2022-02-20 17:59:15,135 INFO L290 TraceCheckUtils]: 101: Hoare triple {6447#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~12#1;assume { :begin_inline___automaton_fail } true; {6447#false} is VALID [2022-02-20 17:59:15,135 INFO L290 TraceCheckUtils]: 102: Hoare triple {6447#false} assume !false; {6447#false} is VALID [2022-02-20 17:59:15,135 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 17:59:15,135 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:15,136 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [408776030] [2022-02-20 17:59:15,136 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [408776030] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:59:15,136 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [26768915] [2022-02-20 17:59:15,136 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:15,136 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:15,136 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:59:15,137 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:59:15,138 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2022-02-20 17:59:15,328 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:15,332 INFO L263 TraceCheckSpWp]: Trace formula consists of 998 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 17:59:15,365 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:15,367 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:59:15,611 INFO L290 TraceCheckUtils]: 0: Hoare triple {6446#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(13, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(20, 34);call #Ultimate.allocInit(22, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(115, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {6446#true} is VALID [2022-02-20 17:59:15,611 INFO L290 TraceCheckUtils]: 1: Hoare triple {6446#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret14#1, main_~retValue_acc~28#1, main_~tmp~3#1;havoc main_~retValue_acc~28#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {6446#true} is VALID [2022-02-20 17:59:15,611 INFO L290 TraceCheckUtils]: 2: Hoare triple {6446#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {6446#true} is VALID [2022-02-20 17:59:15,611 INFO L290 TraceCheckUtils]: 3: Hoare triple {6446#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~36#1;havoc valid_product_~retValue_acc~36#1;valid_product_~retValue_acc~36#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~36#1; {6446#true} is VALID [2022-02-20 17:59:15,611 INFO L290 TraceCheckUtils]: 4: Hoare triple {6446#true} main_#t~ret14#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret14#1 && main_#t~ret14#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret14#1;havoc main_#t~ret14#1; {6446#true} is VALID [2022-02-20 17:59:15,611 INFO L290 TraceCheckUtils]: 5: Hoare triple {6446#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet11#1, setup_#t~nondet12#1, setup_#t~nondet13#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {6446#true} is VALID [2022-02-20 17:59:15,612 INFO L272 TraceCheckUtils]: 6: Hoare triple {6446#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {6446#true} is VALID [2022-02-20 17:59:15,612 INFO L290 TraceCheckUtils]: 7: Hoare triple {6446#true} ~handle := #in~handle;~value := #in~value; {6446#true} is VALID [2022-02-20 17:59:15,612 INFO L290 TraceCheckUtils]: 8: Hoare triple {6446#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6446#true} is VALID [2022-02-20 17:59:15,612 INFO L290 TraceCheckUtils]: 9: Hoare triple {6446#true} assume true; {6446#true} is VALID [2022-02-20 17:59:15,612 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {6446#true} {6446#true} #901#return; {6446#true} is VALID [2022-02-20 17:59:15,612 INFO L290 TraceCheckUtils]: 11: Hoare triple {6446#true} assume { :end_inline_setup_bob__wrappee__Base } true; {6446#true} is VALID [2022-02-20 17:59:15,612 INFO L272 TraceCheckUtils]: 12: Hoare triple {6446#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {6446#true} is VALID [2022-02-20 17:59:15,612 INFO L290 TraceCheckUtils]: 13: Hoare triple {6446#true} ~handle := #in~handle;~value := #in~value; {6446#true} is VALID [2022-02-20 17:59:15,612 INFO L290 TraceCheckUtils]: 14: Hoare triple {6446#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6446#true} is VALID [2022-02-20 17:59:15,613 INFO L290 TraceCheckUtils]: 15: Hoare triple {6446#true} assume true; {6446#true} is VALID [2022-02-20 17:59:15,613 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {6446#true} {6446#true} #903#return; {6446#true} is VALID [2022-02-20 17:59:15,613 INFO L290 TraceCheckUtils]: 17: Hoare triple {6446#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet11#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {6557#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 17:59:15,613 INFO L272 TraceCheckUtils]: 18: Hoare triple {6557#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {6446#true} is VALID [2022-02-20 17:59:15,614 INFO L290 TraceCheckUtils]: 19: Hoare triple {6446#true} ~handle := #in~handle;~value := #in~value; {6564#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID [2022-02-20 17:59:15,614 INFO L290 TraceCheckUtils]: 20: Hoare triple {6564#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6568#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:15,614 INFO L290 TraceCheckUtils]: 21: Hoare triple {6568#(<= |setClientId_#in~handle| 1)} assume true; {6568#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:15,615 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {6568#(<= |setClientId_#in~handle| 1)} {6557#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #905#return; {6447#false} is VALID [2022-02-20 17:59:15,615 INFO L290 TraceCheckUtils]: 23: Hoare triple {6447#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {6447#false} is VALID [2022-02-20 17:59:15,615 INFO L272 TraceCheckUtils]: 24: Hoare triple {6447#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {6447#false} is VALID [2022-02-20 17:59:15,615 INFO L290 TraceCheckUtils]: 25: Hoare triple {6447#false} ~handle := #in~handle;~value := #in~value; {6447#false} is VALID [2022-02-20 17:59:15,615 INFO L290 TraceCheckUtils]: 26: Hoare triple {6447#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6447#false} is VALID [2022-02-20 17:59:15,615 INFO L290 TraceCheckUtils]: 27: Hoare triple {6447#false} assume true; {6447#false} is VALID [2022-02-20 17:59:15,615 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {6447#false} {6447#false} #907#return; {6447#false} is VALID [2022-02-20 17:59:15,616 INFO L290 TraceCheckUtils]: 29: Hoare triple {6447#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet12#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {6447#false} is VALID [2022-02-20 17:59:15,616 INFO L272 TraceCheckUtils]: 30: Hoare triple {6447#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {6447#false} is VALID [2022-02-20 17:59:15,616 INFO L290 TraceCheckUtils]: 31: Hoare triple {6447#false} ~handle := #in~handle;~value := #in~value; {6447#false} is VALID [2022-02-20 17:59:15,616 INFO L290 TraceCheckUtils]: 32: Hoare triple {6447#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6447#false} is VALID [2022-02-20 17:59:15,616 INFO L290 TraceCheckUtils]: 33: Hoare triple {6447#false} assume true; {6447#false} is VALID [2022-02-20 17:59:15,616 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {6447#false} {6447#false} #909#return; {6447#false} is VALID [2022-02-20 17:59:15,616 INFO L290 TraceCheckUtils]: 35: Hoare triple {6447#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {6447#false} is VALID [2022-02-20 17:59:15,616 INFO L272 TraceCheckUtils]: 36: Hoare triple {6447#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {6447#false} is VALID [2022-02-20 17:59:15,616 INFO L290 TraceCheckUtils]: 37: Hoare triple {6447#false} ~handle := #in~handle;~value := #in~value; {6447#false} is VALID [2022-02-20 17:59:15,617 INFO L290 TraceCheckUtils]: 38: Hoare triple {6447#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6447#false} is VALID [2022-02-20 17:59:15,617 INFO L290 TraceCheckUtils]: 39: Hoare triple {6447#false} assume true; {6447#false} is VALID [2022-02-20 17:59:15,617 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {6447#false} {6447#false} #911#return; {6447#false} is VALID [2022-02-20 17:59:15,617 INFO L290 TraceCheckUtils]: 41: Hoare triple {6447#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 8, 0;havoc setup_#t~nondet13#1; {6447#false} is VALID [2022-02-20 17:59:15,617 INFO L290 TraceCheckUtils]: 42: Hoare triple {6447#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {6447#false} is VALID [2022-02-20 17:59:15,617 INFO L290 TraceCheckUtils]: 43: Hoare triple {6447#false} assume !false; {6447#false} is VALID [2022-02-20 17:59:15,617 INFO L290 TraceCheckUtils]: 44: Hoare triple {6447#false} assume test_~splverifierCounter~0#1 < 4; {6447#false} is VALID [2022-02-20 17:59:15,617 INFO L290 TraceCheckUtils]: 45: Hoare triple {6447#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {6447#false} is VALID [2022-02-20 17:59:15,617 INFO L290 TraceCheckUtils]: 46: Hoare triple {6447#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet40#1 && test_#t~nondet40#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet40#1;havoc test_#t~nondet40#1; {6447#false} is VALID [2022-02-20 17:59:15,618 INFO L290 TraceCheckUtils]: 47: Hoare triple {6447#false} assume !(0 != test_~tmp___9~0#1); {6447#false} is VALID [2022-02-20 17:59:15,618 INFO L290 TraceCheckUtils]: 48: Hoare triple {6447#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet41#1 && test_#t~nondet41#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet41#1;havoc test_#t~nondet41#1; {6447#false} is VALID [2022-02-20 17:59:15,618 INFO L290 TraceCheckUtils]: 49: Hoare triple {6447#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {6447#false} is VALID [2022-02-20 17:59:15,618 INFO L290 TraceCheckUtils]: 50: Hoare triple {6447#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {6447#false} is VALID [2022-02-20 17:59:15,618 INFO L290 TraceCheckUtils]: 51: Hoare triple {6447#false} assume { :end_inline_setClientAutoResponse } true; {6447#false} is VALID [2022-02-20 17:59:15,618 INFO L290 TraceCheckUtils]: 52: Hoare triple {6447#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {6447#false} is VALID [2022-02-20 17:59:15,618 INFO L290 TraceCheckUtils]: 53: Hoare triple {6447#false} assume !false; {6447#false} is VALID [2022-02-20 17:59:15,618 INFO L290 TraceCheckUtils]: 54: Hoare triple {6447#false} assume !(test_~splverifierCounter~0#1 < 4); {6447#false} is VALID [2022-02-20 17:59:15,618 INFO L290 TraceCheckUtils]: 55: Hoare triple {6447#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret6#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret6#1 && bobToRjh_#t~ret6#1 <= 2147483647;havoc bobToRjh_#t~ret6#1; {6447#false} is VALID [2022-02-20 17:59:15,619 INFO L272 TraceCheckUtils]: 56: Hoare triple {6447#false} call sendEmail(~bob~0, ~rjh~0); {6447#false} is VALID [2022-02-20 17:59:15,619 INFO L290 TraceCheckUtils]: 57: Hoare triple {6447#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~31#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~31#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {6447#false} is VALID [2022-02-20 17:59:15,619 INFO L272 TraceCheckUtils]: 58: Hoare triple {6447#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {6447#false} is VALID [2022-02-20 17:59:15,619 INFO L290 TraceCheckUtils]: 59: Hoare triple {6447#false} ~handle := #in~handle;~value := #in~value; {6447#false} is VALID [2022-02-20 17:59:15,619 INFO L290 TraceCheckUtils]: 60: Hoare triple {6447#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {6447#false} is VALID [2022-02-20 17:59:15,619 INFO L290 TraceCheckUtils]: 61: Hoare triple {6447#false} assume true; {6447#false} is VALID [2022-02-20 17:59:15,619 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {6447#false} {6447#false} #895#return; {6447#false} is VALID [2022-02-20 17:59:15,619 INFO L272 TraceCheckUtils]: 63: Hoare triple {6447#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {6447#false} is VALID [2022-02-20 17:59:15,619 INFO L290 TraceCheckUtils]: 64: Hoare triple {6447#false} ~handle := #in~handle;~value := #in~value; {6447#false} is VALID [2022-02-20 17:59:15,620 INFO L290 TraceCheckUtils]: 65: Hoare triple {6447#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {6447#false} is VALID [2022-02-20 17:59:15,620 INFO L290 TraceCheckUtils]: 66: Hoare triple {6447#false} assume true; {6447#false} is VALID [2022-02-20 17:59:15,620 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {6447#false} {6447#false} #897#return; {6447#false} is VALID [2022-02-20 17:59:15,620 INFO L290 TraceCheckUtils]: 68: Hoare triple {6447#false} createEmail_~retValue_acc~31#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~31#1; {6447#false} is VALID [2022-02-20 17:59:15,620 INFO L290 TraceCheckUtils]: 69: Hoare triple {6447#false} #t~ret84#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret84#1 && #t~ret84#1 <= 2147483647;~tmp~17#1 := #t~ret84#1;havoc #t~ret84#1;~email~0#1 := ~tmp~17#1; {6447#false} is VALID [2022-02-20 17:59:15,620 INFO L272 TraceCheckUtils]: 70: Hoare triple {6447#false} call outgoing(~sender#1, ~email~0#1); {6447#false} is VALID [2022-02-20 17:59:15,620 INFO L290 TraceCheckUtils]: 71: Hoare triple {6447#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret88#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~19#1; {6447#false} is VALID [2022-02-20 17:59:15,620 INFO L272 TraceCheckUtils]: 72: Hoare triple {6447#false} call sign_#t~ret88#1 := getClientPrivateKey(sign_~client#1); {6447#false} is VALID [2022-02-20 17:59:15,620 INFO L290 TraceCheckUtils]: 73: Hoare triple {6447#false} ~handle := #in~handle;havoc ~retValue_acc~9; {6447#false} is VALID [2022-02-20 17:59:15,620 INFO L290 TraceCheckUtils]: 74: Hoare triple {6447#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {6447#false} is VALID [2022-02-20 17:59:15,621 INFO L290 TraceCheckUtils]: 75: Hoare triple {6447#false} assume true; {6447#false} is VALID [2022-02-20 17:59:15,621 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {6447#false} {6447#false} #865#return; {6447#false} is VALID [2022-02-20 17:59:15,621 INFO L290 TraceCheckUtils]: 77: Hoare triple {6447#false} assume -2147483648 <= sign_#t~ret88#1 && sign_#t~ret88#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret88#1;havoc sign_#t~ret88#1;sign_~privkey~0#1 := sign_~tmp~19#1; {6447#false} is VALID [2022-02-20 17:59:15,621 INFO L290 TraceCheckUtils]: 78: Hoare triple {6447#false} assume 0 == sign_~privkey~0#1; {6447#false} is VALID [2022-02-20 17:59:15,621 INFO L290 TraceCheckUtils]: 79: Hoare triple {6447#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret80#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__AutoResponder_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {6447#false} is VALID [2022-02-20 17:59:15,621 INFO L290 TraceCheckUtils]: 80: Hoare triple {6447#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {6447#false} is VALID [2022-02-20 17:59:15,621 INFO L290 TraceCheckUtils]: 81: Hoare triple {6447#false} outgoing__wrappee__AutoResponder_#t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret80#1 && outgoing__wrappee__AutoResponder_#t~ret80#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret80#1;havoc outgoing__wrappee__AutoResponder_#t~ret80#1; {6447#false} is VALID [2022-02-20 17:59:15,621 INFO L272 TraceCheckUtils]: 82: Hoare triple {6447#false} call setEmailFrom(outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1); {6447#false} is VALID [2022-02-20 17:59:15,621 INFO L290 TraceCheckUtils]: 83: Hoare triple {6447#false} ~handle := #in~handle;~value := #in~value; {6447#false} is VALID [2022-02-20 17:59:15,622 INFO L290 TraceCheckUtils]: 84: Hoare triple {6447#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {6447#false} is VALID [2022-02-20 17:59:15,622 INFO L290 TraceCheckUtils]: 85: Hoare triple {6447#false} assume true; {6447#false} is VALID [2022-02-20 17:59:15,622 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {6447#false} {6447#false} #867#return; {6447#false} is VALID [2022-02-20 17:59:15,622 INFO L290 TraceCheckUtils]: 87: Hoare triple {6447#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret75#1, __utac_acc__SignForward_spec__1_#t~ret76#1, __utac_acc__SignForward_spec__1_#t~ret77#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~12#1, __utac_acc__SignForward_spec__1_~tmp___0~5#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~12#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~5#1;call __utac_acc__SignForward_spec__1_#t~ret75#1 := puts(31, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret75#1 && __utac_acc__SignForward_spec__1_#t~ret75#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret75#1; {6447#false} is VALID [2022-02-20 17:59:15,622 INFO L272 TraceCheckUtils]: 88: Hoare triple {6447#false} call __utac_acc__SignForward_spec__1_#t~ret76#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {6447#false} is VALID [2022-02-20 17:59:15,622 INFO L290 TraceCheckUtils]: 89: Hoare triple {6447#false} ~handle := #in~handle;havoc ~retValue_acc~25; {6447#false} is VALID [2022-02-20 17:59:15,622 INFO L290 TraceCheckUtils]: 90: Hoare triple {6447#false} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~25; {6447#false} is VALID [2022-02-20 17:59:15,622 INFO L290 TraceCheckUtils]: 91: Hoare triple {6447#false} assume true; {6447#false} is VALID [2022-02-20 17:59:15,622 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {6447#false} {6447#false} #869#return; {6447#false} is VALID [2022-02-20 17:59:15,623 INFO L290 TraceCheckUtils]: 93: Hoare triple {6447#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret76#1 && __utac_acc__SignForward_spec__1_#t~ret76#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~5#1 := __utac_acc__SignForward_spec__1_#t~ret76#1;havoc __utac_acc__SignForward_spec__1_#t~ret76#1; {6447#false} is VALID [2022-02-20 17:59:15,623 INFO L290 TraceCheckUtils]: 94: Hoare triple {6447#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~5#1; {6447#false} is VALID [2022-02-20 17:59:15,623 INFO L272 TraceCheckUtils]: 95: Hoare triple {6447#false} call __utac_acc__SignForward_spec__1_#t~ret77#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {6447#false} is VALID [2022-02-20 17:59:15,623 INFO L290 TraceCheckUtils]: 96: Hoare triple {6447#false} ~handle := #in~handle;havoc ~retValue_acc~9; {6447#false} is VALID [2022-02-20 17:59:15,623 INFO L290 TraceCheckUtils]: 97: Hoare triple {6447#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {6447#false} is VALID [2022-02-20 17:59:15,623 INFO L290 TraceCheckUtils]: 98: Hoare triple {6447#false} assume true; {6447#false} is VALID [2022-02-20 17:59:15,623 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {6447#false} {6447#false} #871#return; {6447#false} is VALID [2022-02-20 17:59:15,623 INFO L290 TraceCheckUtils]: 100: Hoare triple {6447#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret77#1 && __utac_acc__SignForward_spec__1_#t~ret77#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~12#1 := __utac_acc__SignForward_spec__1_#t~ret77#1;havoc __utac_acc__SignForward_spec__1_#t~ret77#1; {6447#false} is VALID [2022-02-20 17:59:15,623 INFO L290 TraceCheckUtils]: 101: Hoare triple {6447#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~12#1;assume { :begin_inline___automaton_fail } true; {6447#false} is VALID [2022-02-20 17:59:15,624 INFO L290 TraceCheckUtils]: 102: Hoare triple {6447#false} assume !false; {6447#false} is VALID [2022-02-20 17:59:15,624 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 15 trivial. 0 not checked. [2022-02-20 17:59:15,624 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:59:15,624 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [26768915] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:15,624 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:59:15,624 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [9] total 12 [2022-02-20 17:59:15,624 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [847195082] [2022-02-20 17:59:15,625 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:15,625 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 16.75) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 103 [2022-02-20 17:59:15,625 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:15,626 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 4 states have (on average 16.75) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:59:15,678 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 93 edges. 93 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:15,679 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 17:59:15,679 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:15,679 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 17:59:15,679 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=24, Invalid=108, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:59:15,680 INFO L87 Difference]: Start difference. First operand 335 states and 512 transitions. Second operand has 5 states, 4 states have (on average 16.75) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:59:16,335 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:16,335 INFO L93 Difference]: Finished difference Result 661 states and 1014 transitions. [2022-02-20 17:59:16,335 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 17:59:16,336 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 16.75) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 103 [2022-02-20 17:59:16,336 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:16,337 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 16.75) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:59:16,343 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 842 transitions. [2022-02-20 17:59:16,343 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 16.75) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:59:16,348 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 842 transitions. [2022-02-20 17:59:16,348 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 842 transitions. [2022-02-20 17:59:16,771 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 842 edges. 842 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:16,778 INFO L225 Difference]: With dead ends: 661 [2022-02-20 17:59:16,778 INFO L226 Difference]: Without dead ends: 337 [2022-02-20 17:59:16,779 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 131 GetRequests, 120 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=28, Invalid=128, Unknown=0, NotChecked=0, Total=156 [2022-02-20 17:59:16,780 INFO L933 BasicCegarLoop]: 417 mSDtfsCounter, 125 mSDsluCounter, 1107 mSDsCounter, 0 mSdLazyCounter, 34 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 145 SdHoareTripleChecker+Valid, 1524 SdHoareTripleChecker+Invalid, 34 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 34 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:16,780 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [145 Valid, 1524 Invalid, 34 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 34 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:59:16,781 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 337 states. [2022-02-20 17:59:16,841 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 337 to 337. [2022-02-20 17:59:16,841 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:16,842 INFO L82 GeneralOperation]: Start isEquivalent. First operand 337 states. Second operand has 337 states, 267 states have (on average 1.5430711610486891) internal successors, (412), 269 states have internal predecessors, (412), 51 states have call successors, (51), 17 states have call predecessors, (51), 18 states have return successors, (52), 50 states have call predecessors, (52), 50 states have call successors, (52) [2022-02-20 17:59:16,843 INFO L74 IsIncluded]: Start isIncluded. First operand 337 states. Second operand has 337 states, 267 states have (on average 1.5430711610486891) internal successors, (412), 269 states have internal predecessors, (412), 51 states have call successors, (51), 17 states have call predecessors, (51), 18 states have return successors, (52), 50 states have call predecessors, (52), 50 states have call successors, (52) [2022-02-20 17:59:16,843 INFO L87 Difference]: Start difference. First operand 337 states. Second operand has 337 states, 267 states have (on average 1.5430711610486891) internal successors, (412), 269 states have internal predecessors, (412), 51 states have call successors, (51), 17 states have call predecessors, (51), 18 states have return successors, (52), 50 states have call predecessors, (52), 50 states have call successors, (52) [2022-02-20 17:59:16,850 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:16,850 INFO L93 Difference]: Finished difference Result 337 states and 515 transitions. [2022-02-20 17:59:16,850 INFO L276 IsEmpty]: Start isEmpty. Operand 337 states and 515 transitions. [2022-02-20 17:59:16,851 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:16,851 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:16,852 INFO L74 IsIncluded]: Start isIncluded. First operand has 337 states, 267 states have (on average 1.5430711610486891) internal successors, (412), 269 states have internal predecessors, (412), 51 states have call successors, (51), 17 states have call predecessors, (51), 18 states have return successors, (52), 50 states have call predecessors, (52), 50 states have call successors, (52) Second operand 337 states. [2022-02-20 17:59:16,853 INFO L87 Difference]: Start difference. First operand has 337 states, 267 states have (on average 1.5430711610486891) internal successors, (412), 269 states have internal predecessors, (412), 51 states have call successors, (51), 17 states have call predecessors, (51), 18 states have return successors, (52), 50 states have call predecessors, (52), 50 states have call successors, (52) Second operand 337 states. [2022-02-20 17:59:16,859 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:16,859 INFO L93 Difference]: Finished difference Result 337 states and 515 transitions. [2022-02-20 17:59:16,859 INFO L276 IsEmpty]: Start isEmpty. Operand 337 states and 515 transitions. [2022-02-20 17:59:16,860 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:16,860 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:16,860 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:16,860 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:16,861 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 337 states, 267 states have (on average 1.5430711610486891) internal successors, (412), 269 states have internal predecessors, (412), 51 states have call successors, (51), 17 states have call predecessors, (51), 18 states have return successors, (52), 50 states have call predecessors, (52), 50 states have call successors, (52) [2022-02-20 17:59:16,869 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 337 states to 337 states and 515 transitions. [2022-02-20 17:59:16,869 INFO L78 Accepts]: Start accepts. Automaton has 337 states and 515 transitions. Word has length 103 [2022-02-20 17:59:16,869 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:16,869 INFO L470 AbstractCegarLoop]: Abstraction has 337 states and 515 transitions. [2022-02-20 17:59:16,869 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 16.75) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:59:16,869 INFO L276 IsEmpty]: Start isEmpty. Operand 337 states and 515 transitions. [2022-02-20 17:59:16,870 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 105 [2022-02-20 17:59:16,871 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:16,871 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:16,905 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Forceful destruction successful, exit code 0 [2022-02-20 17:59:17,088 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:17,088 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:17,089 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:17,089 INFO L85 PathProgramCache]: Analyzing trace with hash 33479798, now seen corresponding path program 1 times [2022-02-20 17:59:17,089 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:17,089 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1461333473] [2022-02-20 17:59:17,089 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:17,089 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:17,110 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:17,138 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:59:17,139 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:17,141 INFO L290 TraceCheckUtils]: 0: Hoare triple {8959#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8906#true} is VALID [2022-02-20 17:59:17,141 INFO L290 TraceCheckUtils]: 1: Hoare triple {8906#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8906#true} is VALID [2022-02-20 17:59:17,142 INFO L290 TraceCheckUtils]: 2: Hoare triple {8906#true} assume true; {8906#true} is VALID [2022-02-20 17:59:17,142 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8906#true} {8906#true} #901#return; {8906#true} is VALID [2022-02-20 17:59:17,147 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:59:17,148 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:17,150 INFO L290 TraceCheckUtils]: 0: Hoare triple {8960#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8906#true} is VALID [2022-02-20 17:59:17,150 INFO L290 TraceCheckUtils]: 1: Hoare triple {8906#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8906#true} is VALID [2022-02-20 17:59:17,150 INFO L290 TraceCheckUtils]: 2: Hoare triple {8906#true} assume true; {8906#true} is VALID [2022-02-20 17:59:17,150 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8906#true} {8906#true} #903#return; {8906#true} is VALID [2022-02-20 17:59:17,150 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:17,152 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:17,164 INFO L290 TraceCheckUtils]: 0: Hoare triple {8959#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8961#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:17,164 INFO L290 TraceCheckUtils]: 1: Hoare triple {8961#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {8961#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:17,165 INFO L290 TraceCheckUtils]: 2: Hoare triple {8961#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {8962#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:17,165 INFO L290 TraceCheckUtils]: 3: Hoare triple {8962#(= 2 |setClientId_#in~handle|)} assume true; {8962#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:17,166 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {8962#(= 2 |setClientId_#in~handle|)} {8916#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #905#return; {8922#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 17:59:17,166 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:59:17,167 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:17,181 INFO L290 TraceCheckUtils]: 0: Hoare triple {8960#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8963#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:17,181 INFO L290 TraceCheckUtils]: 1: Hoare triple {8963#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8964#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:59:17,181 INFO L290 TraceCheckUtils]: 2: Hoare triple {8964#(= |setClientPrivateKey_#in~handle| 1)} assume true; {8964#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:59:17,182 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8964#(= |setClientPrivateKey_#in~handle| 1)} {8922#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #907#return; {8907#false} is VALID [2022-02-20 17:59:17,182 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2022-02-20 17:59:17,184 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:17,185 INFO L290 TraceCheckUtils]: 0: Hoare triple {8959#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8906#true} is VALID [2022-02-20 17:59:17,185 INFO L290 TraceCheckUtils]: 1: Hoare triple {8906#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8906#true} is VALID [2022-02-20 17:59:17,186 INFO L290 TraceCheckUtils]: 2: Hoare triple {8906#true} assume true; {8906#true} is VALID [2022-02-20 17:59:17,186 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8906#true} {8907#false} #909#return; {8907#false} is VALID [2022-02-20 17:59:17,186 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 37 [2022-02-20 17:59:17,187 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:17,188 INFO L290 TraceCheckUtils]: 0: Hoare triple {8960#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8906#true} is VALID [2022-02-20 17:59:17,188 INFO L290 TraceCheckUtils]: 1: Hoare triple {8906#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8906#true} is VALID [2022-02-20 17:59:17,188 INFO L290 TraceCheckUtils]: 2: Hoare triple {8906#true} assume true; {8906#true} is VALID [2022-02-20 17:59:17,188 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8906#true} {8907#false} #911#return; {8907#false} is VALID [2022-02-20 17:59:17,195 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 17:59:17,196 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:17,197 INFO L290 TraceCheckUtils]: 0: Hoare triple {8965#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8906#true} is VALID [2022-02-20 17:59:17,197 INFO L290 TraceCheckUtils]: 1: Hoare triple {8906#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8906#true} is VALID [2022-02-20 17:59:17,197 INFO L290 TraceCheckUtils]: 2: Hoare triple {8906#true} assume true; {8906#true} is VALID [2022-02-20 17:59:17,198 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8906#true} {8907#false} #895#return; {8907#false} is VALID [2022-02-20 17:59:17,205 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2022-02-20 17:59:17,205 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:17,207 INFO L290 TraceCheckUtils]: 0: Hoare triple {8966#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {8906#true} is VALID [2022-02-20 17:59:17,207 INFO L290 TraceCheckUtils]: 1: Hoare triple {8906#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8906#true} is VALID [2022-02-20 17:59:17,207 INFO L290 TraceCheckUtils]: 2: Hoare triple {8906#true} assume true; {8906#true} is VALID [2022-02-20 17:59:17,207 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8906#true} {8907#false} #897#return; {8907#false} is VALID [2022-02-20 17:59:17,207 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 73 [2022-02-20 17:59:17,208 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:17,209 INFO L290 TraceCheckUtils]: 0: Hoare triple {8906#true} ~handle := #in~handle;havoc ~retValue_acc~9; {8906#true} is VALID [2022-02-20 17:59:17,209 INFO L290 TraceCheckUtils]: 1: Hoare triple {8906#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {8906#true} is VALID [2022-02-20 17:59:17,209 INFO L290 TraceCheckUtils]: 2: Hoare triple {8906#true} assume true; {8906#true} is VALID [2022-02-20 17:59:17,209 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8906#true} {8907#false} #865#return; {8907#false} is VALID [2022-02-20 17:59:17,210 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83 [2022-02-20 17:59:17,210 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:17,233 INFO L290 TraceCheckUtils]: 0: Hoare triple {8965#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8906#true} is VALID [2022-02-20 17:59:17,234 INFO L290 TraceCheckUtils]: 1: Hoare triple {8906#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8906#true} is VALID [2022-02-20 17:59:17,234 INFO L290 TraceCheckUtils]: 2: Hoare triple {8906#true} assume true; {8906#true} is VALID [2022-02-20 17:59:17,234 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8906#true} {8907#false} #867#return; {8907#false} is VALID [2022-02-20 17:59:17,234 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 89 [2022-02-20 17:59:17,235 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:17,236 INFO L290 TraceCheckUtils]: 0: Hoare triple {8906#true} ~handle := #in~handle;havoc ~retValue_acc~25; {8906#true} is VALID [2022-02-20 17:59:17,237 INFO L290 TraceCheckUtils]: 1: Hoare triple {8906#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~25; {8906#true} is VALID [2022-02-20 17:59:17,237 INFO L290 TraceCheckUtils]: 2: Hoare triple {8906#true} assume true; {8906#true} is VALID [2022-02-20 17:59:17,237 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8906#true} {8907#false} #869#return; {8907#false} is VALID [2022-02-20 17:59:17,237 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 17:59:17,237 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:17,239 INFO L290 TraceCheckUtils]: 0: Hoare triple {8906#true} ~handle := #in~handle;havoc ~retValue_acc~9; {8906#true} is VALID [2022-02-20 17:59:17,239 INFO L290 TraceCheckUtils]: 1: Hoare triple {8906#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {8906#true} is VALID [2022-02-20 17:59:17,239 INFO L290 TraceCheckUtils]: 2: Hoare triple {8906#true} assume true; {8906#true} is VALID [2022-02-20 17:59:17,239 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8906#true} {8907#false} #871#return; {8907#false} is VALID [2022-02-20 17:59:17,239 INFO L290 TraceCheckUtils]: 0: Hoare triple {8906#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(13, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(20, 34);call #Ultimate.allocInit(22, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(115, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {8906#true} is VALID [2022-02-20 17:59:17,239 INFO L290 TraceCheckUtils]: 1: Hoare triple {8906#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret14#1, main_~retValue_acc~28#1, main_~tmp~3#1;havoc main_~retValue_acc~28#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {8906#true} is VALID [2022-02-20 17:59:17,239 INFO L290 TraceCheckUtils]: 2: Hoare triple {8906#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {8906#true} is VALID [2022-02-20 17:59:17,239 INFO L290 TraceCheckUtils]: 3: Hoare triple {8906#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~36#1;havoc valid_product_~retValue_acc~36#1;valid_product_~retValue_acc~36#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~36#1; {8906#true} is VALID [2022-02-20 17:59:17,240 INFO L290 TraceCheckUtils]: 4: Hoare triple {8906#true} main_#t~ret14#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret14#1 && main_#t~ret14#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret14#1;havoc main_#t~ret14#1; {8906#true} is VALID [2022-02-20 17:59:17,240 INFO L290 TraceCheckUtils]: 5: Hoare triple {8906#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet11#1, setup_#t~nondet12#1, setup_#t~nondet13#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {8906#true} is VALID [2022-02-20 17:59:17,240 INFO L272 TraceCheckUtils]: 6: Hoare triple {8906#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {8959#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:17,240 INFO L290 TraceCheckUtils]: 7: Hoare triple {8959#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8906#true} is VALID [2022-02-20 17:59:17,241 INFO L290 TraceCheckUtils]: 8: Hoare triple {8906#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8906#true} is VALID [2022-02-20 17:59:17,241 INFO L290 TraceCheckUtils]: 9: Hoare triple {8906#true} assume true; {8906#true} is VALID [2022-02-20 17:59:17,241 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {8906#true} {8906#true} #901#return; {8906#true} is VALID [2022-02-20 17:59:17,241 INFO L290 TraceCheckUtils]: 11: Hoare triple {8906#true} assume { :end_inline_setup_bob__wrappee__Base } true; {8906#true} is VALID [2022-02-20 17:59:17,241 INFO L272 TraceCheckUtils]: 12: Hoare triple {8906#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {8960#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:17,242 INFO L290 TraceCheckUtils]: 13: Hoare triple {8960#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8906#true} is VALID [2022-02-20 17:59:17,242 INFO L290 TraceCheckUtils]: 14: Hoare triple {8906#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8906#true} is VALID [2022-02-20 17:59:17,242 INFO L290 TraceCheckUtils]: 15: Hoare triple {8906#true} assume true; {8906#true} is VALID [2022-02-20 17:59:17,242 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {8906#true} {8906#true} #903#return; {8906#true} is VALID [2022-02-20 17:59:17,242 INFO L290 TraceCheckUtils]: 17: Hoare triple {8906#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet11#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {8916#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 17:59:17,243 INFO L272 TraceCheckUtils]: 18: Hoare triple {8916#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {8959#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:17,243 INFO L290 TraceCheckUtils]: 19: Hoare triple {8959#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8961#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:17,243 INFO L290 TraceCheckUtils]: 20: Hoare triple {8961#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {8961#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:17,244 INFO L290 TraceCheckUtils]: 21: Hoare triple {8961#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {8962#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:17,244 INFO L290 TraceCheckUtils]: 22: Hoare triple {8962#(= 2 |setClientId_#in~handle|)} assume true; {8962#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:17,245 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {8962#(= 2 |setClientId_#in~handle|)} {8916#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #905#return; {8922#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 17:59:17,245 INFO L290 TraceCheckUtils]: 24: Hoare triple {8922#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {8922#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 17:59:17,245 INFO L272 TraceCheckUtils]: 25: Hoare triple {8922#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {8960#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:17,246 INFO L290 TraceCheckUtils]: 26: Hoare triple {8960#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8963#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:17,246 INFO L290 TraceCheckUtils]: 27: Hoare triple {8963#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8964#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:59:17,246 INFO L290 TraceCheckUtils]: 28: Hoare triple {8964#(= |setClientPrivateKey_#in~handle| 1)} assume true; {8964#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:59:17,247 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {8964#(= |setClientPrivateKey_#in~handle| 1)} {8922#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #907#return; {8907#false} is VALID [2022-02-20 17:59:17,247 INFO L290 TraceCheckUtils]: 30: Hoare triple {8907#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet12#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {8907#false} is VALID [2022-02-20 17:59:17,247 INFO L272 TraceCheckUtils]: 31: Hoare triple {8907#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {8959#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:17,247 INFO L290 TraceCheckUtils]: 32: Hoare triple {8959#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8906#true} is VALID [2022-02-20 17:59:17,247 INFO L290 TraceCheckUtils]: 33: Hoare triple {8906#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8906#true} is VALID [2022-02-20 17:59:17,247 INFO L290 TraceCheckUtils]: 34: Hoare triple {8906#true} assume true; {8906#true} is VALID [2022-02-20 17:59:17,247 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {8906#true} {8907#false} #909#return; {8907#false} is VALID [2022-02-20 17:59:17,247 INFO L290 TraceCheckUtils]: 36: Hoare triple {8907#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {8907#false} is VALID [2022-02-20 17:59:17,248 INFO L272 TraceCheckUtils]: 37: Hoare triple {8907#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {8960#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:17,248 INFO L290 TraceCheckUtils]: 38: Hoare triple {8960#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8906#true} is VALID [2022-02-20 17:59:17,248 INFO L290 TraceCheckUtils]: 39: Hoare triple {8906#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8906#true} is VALID [2022-02-20 17:59:17,248 INFO L290 TraceCheckUtils]: 40: Hoare triple {8906#true} assume true; {8906#true} is VALID [2022-02-20 17:59:17,248 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {8906#true} {8907#false} #911#return; {8907#false} is VALID [2022-02-20 17:59:17,248 INFO L290 TraceCheckUtils]: 42: Hoare triple {8907#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 8, 0;havoc setup_#t~nondet13#1; {8907#false} is VALID [2022-02-20 17:59:17,248 INFO L290 TraceCheckUtils]: 43: Hoare triple {8907#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {8907#false} is VALID [2022-02-20 17:59:17,248 INFO L290 TraceCheckUtils]: 44: Hoare triple {8907#false} assume !false; {8907#false} is VALID [2022-02-20 17:59:17,248 INFO L290 TraceCheckUtils]: 45: Hoare triple {8907#false} assume test_~splverifierCounter~0#1 < 4; {8907#false} is VALID [2022-02-20 17:59:17,248 INFO L290 TraceCheckUtils]: 46: Hoare triple {8907#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {8907#false} is VALID [2022-02-20 17:59:17,249 INFO L290 TraceCheckUtils]: 47: Hoare triple {8907#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet40#1 && test_#t~nondet40#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet40#1;havoc test_#t~nondet40#1; {8907#false} is VALID [2022-02-20 17:59:17,249 INFO L290 TraceCheckUtils]: 48: Hoare triple {8907#false} assume !(0 != test_~tmp___9~0#1); {8907#false} is VALID [2022-02-20 17:59:17,249 INFO L290 TraceCheckUtils]: 49: Hoare triple {8907#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet41#1 && test_#t~nondet41#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet41#1;havoc test_#t~nondet41#1; {8907#false} is VALID [2022-02-20 17:59:17,249 INFO L290 TraceCheckUtils]: 50: Hoare triple {8907#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {8907#false} is VALID [2022-02-20 17:59:17,249 INFO L290 TraceCheckUtils]: 51: Hoare triple {8907#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {8907#false} is VALID [2022-02-20 17:59:17,249 INFO L290 TraceCheckUtils]: 52: Hoare triple {8907#false} assume { :end_inline_setClientAutoResponse } true; {8907#false} is VALID [2022-02-20 17:59:17,249 INFO L290 TraceCheckUtils]: 53: Hoare triple {8907#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {8907#false} is VALID [2022-02-20 17:59:17,249 INFO L290 TraceCheckUtils]: 54: Hoare triple {8907#false} assume !false; {8907#false} is VALID [2022-02-20 17:59:17,249 INFO L290 TraceCheckUtils]: 55: Hoare triple {8907#false} assume !(test_~splverifierCounter~0#1 < 4); {8907#false} is VALID [2022-02-20 17:59:17,250 INFO L290 TraceCheckUtils]: 56: Hoare triple {8907#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret6#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret6#1 && bobToRjh_#t~ret6#1 <= 2147483647;havoc bobToRjh_#t~ret6#1; {8907#false} is VALID [2022-02-20 17:59:17,250 INFO L272 TraceCheckUtils]: 57: Hoare triple {8907#false} call sendEmail(~bob~0, ~rjh~0); {8907#false} is VALID [2022-02-20 17:59:17,250 INFO L290 TraceCheckUtils]: 58: Hoare triple {8907#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~31#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~31#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {8907#false} is VALID [2022-02-20 17:59:17,250 INFO L272 TraceCheckUtils]: 59: Hoare triple {8907#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {8965#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:17,250 INFO L290 TraceCheckUtils]: 60: Hoare triple {8965#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8906#true} is VALID [2022-02-20 17:59:17,250 INFO L290 TraceCheckUtils]: 61: Hoare triple {8906#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8906#true} is VALID [2022-02-20 17:59:17,250 INFO L290 TraceCheckUtils]: 62: Hoare triple {8906#true} assume true; {8906#true} is VALID [2022-02-20 17:59:17,250 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {8906#true} {8907#false} #895#return; {8907#false} is VALID [2022-02-20 17:59:17,250 INFO L272 TraceCheckUtils]: 64: Hoare triple {8907#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {8966#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:17,251 INFO L290 TraceCheckUtils]: 65: Hoare triple {8966#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {8906#true} is VALID [2022-02-20 17:59:17,251 INFO L290 TraceCheckUtils]: 66: Hoare triple {8906#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8906#true} is VALID [2022-02-20 17:59:17,251 INFO L290 TraceCheckUtils]: 67: Hoare triple {8906#true} assume true; {8906#true} is VALID [2022-02-20 17:59:17,251 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {8906#true} {8907#false} #897#return; {8907#false} is VALID [2022-02-20 17:59:17,251 INFO L290 TraceCheckUtils]: 69: Hoare triple {8907#false} createEmail_~retValue_acc~31#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~31#1; {8907#false} is VALID [2022-02-20 17:59:17,251 INFO L290 TraceCheckUtils]: 70: Hoare triple {8907#false} #t~ret84#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret84#1 && #t~ret84#1 <= 2147483647;~tmp~17#1 := #t~ret84#1;havoc #t~ret84#1;~email~0#1 := ~tmp~17#1; {8907#false} is VALID [2022-02-20 17:59:17,251 INFO L272 TraceCheckUtils]: 71: Hoare triple {8907#false} call outgoing(~sender#1, ~email~0#1); {8907#false} is VALID [2022-02-20 17:59:17,251 INFO L290 TraceCheckUtils]: 72: Hoare triple {8907#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret88#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~19#1; {8907#false} is VALID [2022-02-20 17:59:17,251 INFO L272 TraceCheckUtils]: 73: Hoare triple {8907#false} call sign_#t~ret88#1 := getClientPrivateKey(sign_~client#1); {8906#true} is VALID [2022-02-20 17:59:17,251 INFO L290 TraceCheckUtils]: 74: Hoare triple {8906#true} ~handle := #in~handle;havoc ~retValue_acc~9; {8906#true} is VALID [2022-02-20 17:59:17,252 INFO L290 TraceCheckUtils]: 75: Hoare triple {8906#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {8906#true} is VALID [2022-02-20 17:59:17,252 INFO L290 TraceCheckUtils]: 76: Hoare triple {8906#true} assume true; {8906#true} is VALID [2022-02-20 17:59:17,252 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {8906#true} {8907#false} #865#return; {8907#false} is VALID [2022-02-20 17:59:17,252 INFO L290 TraceCheckUtils]: 78: Hoare triple {8907#false} assume -2147483648 <= sign_#t~ret88#1 && sign_#t~ret88#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret88#1;havoc sign_#t~ret88#1;sign_~privkey~0#1 := sign_~tmp~19#1; {8907#false} is VALID [2022-02-20 17:59:17,252 INFO L290 TraceCheckUtils]: 79: Hoare triple {8907#false} assume 0 == sign_~privkey~0#1; {8907#false} is VALID [2022-02-20 17:59:17,252 INFO L290 TraceCheckUtils]: 80: Hoare triple {8907#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret80#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__AutoResponder_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {8907#false} is VALID [2022-02-20 17:59:17,252 INFO L290 TraceCheckUtils]: 81: Hoare triple {8907#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {8907#false} is VALID [2022-02-20 17:59:17,252 INFO L290 TraceCheckUtils]: 82: Hoare triple {8907#false} outgoing__wrappee__AutoResponder_#t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret80#1 && outgoing__wrappee__AutoResponder_#t~ret80#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret80#1;havoc outgoing__wrappee__AutoResponder_#t~ret80#1; {8907#false} is VALID [2022-02-20 17:59:17,252 INFO L272 TraceCheckUtils]: 83: Hoare triple {8907#false} call setEmailFrom(outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1); {8965#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:17,253 INFO L290 TraceCheckUtils]: 84: Hoare triple {8965#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8906#true} is VALID [2022-02-20 17:59:17,253 INFO L290 TraceCheckUtils]: 85: Hoare triple {8906#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8906#true} is VALID [2022-02-20 17:59:17,253 INFO L290 TraceCheckUtils]: 86: Hoare triple {8906#true} assume true; {8906#true} is VALID [2022-02-20 17:59:17,253 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {8906#true} {8907#false} #867#return; {8907#false} is VALID [2022-02-20 17:59:17,253 INFO L290 TraceCheckUtils]: 88: Hoare triple {8907#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret75#1, __utac_acc__SignForward_spec__1_#t~ret76#1, __utac_acc__SignForward_spec__1_#t~ret77#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~12#1, __utac_acc__SignForward_spec__1_~tmp___0~5#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~12#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~5#1;call __utac_acc__SignForward_spec__1_#t~ret75#1 := puts(31, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret75#1 && __utac_acc__SignForward_spec__1_#t~ret75#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret75#1; {8907#false} is VALID [2022-02-20 17:59:17,253 INFO L272 TraceCheckUtils]: 89: Hoare triple {8907#false} call __utac_acc__SignForward_spec__1_#t~ret76#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {8906#true} is VALID [2022-02-20 17:59:17,253 INFO L290 TraceCheckUtils]: 90: Hoare triple {8906#true} ~handle := #in~handle;havoc ~retValue_acc~25; {8906#true} is VALID [2022-02-20 17:59:17,253 INFO L290 TraceCheckUtils]: 91: Hoare triple {8906#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~25; {8906#true} is VALID [2022-02-20 17:59:17,253 INFO L290 TraceCheckUtils]: 92: Hoare triple {8906#true} assume true; {8906#true} is VALID [2022-02-20 17:59:17,253 INFO L284 TraceCheckUtils]: 93: Hoare quadruple {8906#true} {8907#false} #869#return; {8907#false} is VALID [2022-02-20 17:59:17,254 INFO L290 TraceCheckUtils]: 94: Hoare triple {8907#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret76#1 && __utac_acc__SignForward_spec__1_#t~ret76#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~5#1 := __utac_acc__SignForward_spec__1_#t~ret76#1;havoc __utac_acc__SignForward_spec__1_#t~ret76#1; {8907#false} is VALID [2022-02-20 17:59:17,254 INFO L290 TraceCheckUtils]: 95: Hoare triple {8907#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~5#1; {8907#false} is VALID [2022-02-20 17:59:17,254 INFO L272 TraceCheckUtils]: 96: Hoare triple {8907#false} call __utac_acc__SignForward_spec__1_#t~ret77#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {8906#true} is VALID [2022-02-20 17:59:17,254 INFO L290 TraceCheckUtils]: 97: Hoare triple {8906#true} ~handle := #in~handle;havoc ~retValue_acc~9; {8906#true} is VALID [2022-02-20 17:59:17,254 INFO L290 TraceCheckUtils]: 98: Hoare triple {8906#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {8906#true} is VALID [2022-02-20 17:59:17,254 INFO L290 TraceCheckUtils]: 99: Hoare triple {8906#true} assume true; {8906#true} is VALID [2022-02-20 17:59:17,254 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {8906#true} {8907#false} #871#return; {8907#false} is VALID [2022-02-20 17:59:17,254 INFO L290 TraceCheckUtils]: 101: Hoare triple {8907#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret77#1 && __utac_acc__SignForward_spec__1_#t~ret77#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~12#1 := __utac_acc__SignForward_spec__1_#t~ret77#1;havoc __utac_acc__SignForward_spec__1_#t~ret77#1; {8907#false} is VALID [2022-02-20 17:59:17,254 INFO L290 TraceCheckUtils]: 102: Hoare triple {8907#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~12#1;assume { :begin_inline___automaton_fail } true; {8907#false} is VALID [2022-02-20 17:59:17,255 INFO L290 TraceCheckUtils]: 103: Hoare triple {8907#false} assume !false; {8907#false} is VALID [2022-02-20 17:59:17,255 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 17:59:17,255 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:17,255 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1461333473] [2022-02-20 17:59:17,255 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1461333473] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:59:17,255 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [85777801] [2022-02-20 17:59:17,255 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:17,256 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:17,256 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:59:17,257 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:59:17,258 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Waiting until timeout for monitored process [2022-02-20 17:59:17,439 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:17,443 INFO L263 TraceCheckSpWp]: Trace formula consists of 999 conjuncts, 6 conjunts are in the unsatisfiable core [2022-02-20 17:59:17,482 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:17,484 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:59:17,738 INFO L290 TraceCheckUtils]: 0: Hoare triple {8906#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(13, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(20, 34);call #Ultimate.allocInit(22, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(115, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {8906#true} is VALID [2022-02-20 17:59:17,738 INFO L290 TraceCheckUtils]: 1: Hoare triple {8906#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret14#1, main_~retValue_acc~28#1, main_~tmp~3#1;havoc main_~retValue_acc~28#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {8906#true} is VALID [2022-02-20 17:59:17,738 INFO L290 TraceCheckUtils]: 2: Hoare triple {8906#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {8906#true} is VALID [2022-02-20 17:59:17,739 INFO L290 TraceCheckUtils]: 3: Hoare triple {8906#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~36#1;havoc valid_product_~retValue_acc~36#1;valid_product_~retValue_acc~36#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~36#1; {8906#true} is VALID [2022-02-20 17:59:17,739 INFO L290 TraceCheckUtils]: 4: Hoare triple {8906#true} main_#t~ret14#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret14#1 && main_#t~ret14#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret14#1;havoc main_#t~ret14#1; {8906#true} is VALID [2022-02-20 17:59:17,739 INFO L290 TraceCheckUtils]: 5: Hoare triple {8906#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet11#1, setup_#t~nondet12#1, setup_#t~nondet13#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {8906#true} is VALID [2022-02-20 17:59:17,739 INFO L272 TraceCheckUtils]: 6: Hoare triple {8906#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {8906#true} is VALID [2022-02-20 17:59:17,739 INFO L290 TraceCheckUtils]: 7: Hoare triple {8906#true} ~handle := #in~handle;~value := #in~value; {8906#true} is VALID [2022-02-20 17:59:17,739 INFO L290 TraceCheckUtils]: 8: Hoare triple {8906#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8906#true} is VALID [2022-02-20 17:59:17,739 INFO L290 TraceCheckUtils]: 9: Hoare triple {8906#true} assume true; {8906#true} is VALID [2022-02-20 17:59:17,739 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {8906#true} {8906#true} #901#return; {8906#true} is VALID [2022-02-20 17:59:17,739 INFO L290 TraceCheckUtils]: 11: Hoare triple {8906#true} assume { :end_inline_setup_bob__wrappee__Base } true; {8906#true} is VALID [2022-02-20 17:59:17,740 INFO L272 TraceCheckUtils]: 12: Hoare triple {8906#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {8906#true} is VALID [2022-02-20 17:59:17,740 INFO L290 TraceCheckUtils]: 13: Hoare triple {8906#true} ~handle := #in~handle;~value := #in~value; {8906#true} is VALID [2022-02-20 17:59:17,740 INFO L290 TraceCheckUtils]: 14: Hoare triple {8906#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8906#true} is VALID [2022-02-20 17:59:17,740 INFO L290 TraceCheckUtils]: 15: Hoare triple {8906#true} assume true; {8906#true} is VALID [2022-02-20 17:59:17,740 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {8906#true} {8906#true} #903#return; {8906#true} is VALID [2022-02-20 17:59:17,740 INFO L290 TraceCheckUtils]: 17: Hoare triple {8906#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet11#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {9021#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:59:17,741 INFO L272 TraceCheckUtils]: 18: Hoare triple {9021#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {8906#true} is VALID [2022-02-20 17:59:17,741 INFO L290 TraceCheckUtils]: 19: Hoare triple {8906#true} ~handle := #in~handle;~value := #in~value; {8906#true} is VALID [2022-02-20 17:59:17,741 INFO L290 TraceCheckUtils]: 20: Hoare triple {8906#true} assume !(1 == ~handle); {8906#true} is VALID [2022-02-20 17:59:17,741 INFO L290 TraceCheckUtils]: 21: Hoare triple {8906#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {8906#true} is VALID [2022-02-20 17:59:17,741 INFO L290 TraceCheckUtils]: 22: Hoare triple {8906#true} assume true; {8906#true} is VALID [2022-02-20 17:59:17,742 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {8906#true} {9021#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #905#return; {9021#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:59:17,742 INFO L290 TraceCheckUtils]: 24: Hoare triple {9021#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume { :end_inline_setup_rjh__wrappee__Base } true; {9021#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:59:17,742 INFO L272 TraceCheckUtils]: 25: Hoare triple {9021#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {8906#true} is VALID [2022-02-20 17:59:17,742 INFO L290 TraceCheckUtils]: 26: Hoare triple {8906#true} ~handle := #in~handle;~value := #in~value; {9049#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} is VALID [2022-02-20 17:59:17,743 INFO L290 TraceCheckUtils]: 27: Hoare triple {9049#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9053#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:59:17,743 INFO L290 TraceCheckUtils]: 28: Hoare triple {9053#(<= |setClientPrivateKey_#in~handle| 1)} assume true; {9053#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:59:17,744 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {9053#(<= |setClientPrivateKey_#in~handle| 1)} {9021#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #907#return; {8907#false} is VALID [2022-02-20 17:59:17,744 INFO L290 TraceCheckUtils]: 30: Hoare triple {8907#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet12#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {8907#false} is VALID [2022-02-20 17:59:17,744 INFO L272 TraceCheckUtils]: 31: Hoare triple {8907#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {8907#false} is VALID [2022-02-20 17:59:17,744 INFO L290 TraceCheckUtils]: 32: Hoare triple {8907#false} ~handle := #in~handle;~value := #in~value; {8907#false} is VALID [2022-02-20 17:59:17,744 INFO L290 TraceCheckUtils]: 33: Hoare triple {8907#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8907#false} is VALID [2022-02-20 17:59:17,744 INFO L290 TraceCheckUtils]: 34: Hoare triple {8907#false} assume true; {8907#false} is VALID [2022-02-20 17:59:17,744 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {8907#false} {8907#false} #909#return; {8907#false} is VALID [2022-02-20 17:59:17,744 INFO L290 TraceCheckUtils]: 36: Hoare triple {8907#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {8907#false} is VALID [2022-02-20 17:59:17,744 INFO L272 TraceCheckUtils]: 37: Hoare triple {8907#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {8907#false} is VALID [2022-02-20 17:59:17,745 INFO L290 TraceCheckUtils]: 38: Hoare triple {8907#false} ~handle := #in~handle;~value := #in~value; {8907#false} is VALID [2022-02-20 17:59:17,745 INFO L290 TraceCheckUtils]: 39: Hoare triple {8907#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8907#false} is VALID [2022-02-20 17:59:17,745 INFO L290 TraceCheckUtils]: 40: Hoare triple {8907#false} assume true; {8907#false} is VALID [2022-02-20 17:59:17,745 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {8907#false} {8907#false} #911#return; {8907#false} is VALID [2022-02-20 17:59:17,745 INFO L290 TraceCheckUtils]: 42: Hoare triple {8907#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 8, 0;havoc setup_#t~nondet13#1; {8907#false} is VALID [2022-02-20 17:59:17,745 INFO L290 TraceCheckUtils]: 43: Hoare triple {8907#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {8907#false} is VALID [2022-02-20 17:59:17,745 INFO L290 TraceCheckUtils]: 44: Hoare triple {8907#false} assume !false; {8907#false} is VALID [2022-02-20 17:59:17,745 INFO L290 TraceCheckUtils]: 45: Hoare triple {8907#false} assume test_~splverifierCounter~0#1 < 4; {8907#false} is VALID [2022-02-20 17:59:17,745 INFO L290 TraceCheckUtils]: 46: Hoare triple {8907#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {8907#false} is VALID [2022-02-20 17:59:17,746 INFO L290 TraceCheckUtils]: 47: Hoare triple {8907#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet40#1 && test_#t~nondet40#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet40#1;havoc test_#t~nondet40#1; {8907#false} is VALID [2022-02-20 17:59:17,746 INFO L290 TraceCheckUtils]: 48: Hoare triple {8907#false} assume !(0 != test_~tmp___9~0#1); {8907#false} is VALID [2022-02-20 17:59:17,746 INFO L290 TraceCheckUtils]: 49: Hoare triple {8907#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet41#1 && test_#t~nondet41#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet41#1;havoc test_#t~nondet41#1; {8907#false} is VALID [2022-02-20 17:59:17,746 INFO L290 TraceCheckUtils]: 50: Hoare triple {8907#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {8907#false} is VALID [2022-02-20 17:59:17,746 INFO L290 TraceCheckUtils]: 51: Hoare triple {8907#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {8907#false} is VALID [2022-02-20 17:59:17,746 INFO L290 TraceCheckUtils]: 52: Hoare triple {8907#false} assume { :end_inline_setClientAutoResponse } true; {8907#false} is VALID [2022-02-20 17:59:17,746 INFO L290 TraceCheckUtils]: 53: Hoare triple {8907#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {8907#false} is VALID [2022-02-20 17:59:17,746 INFO L290 TraceCheckUtils]: 54: Hoare triple {8907#false} assume !false; {8907#false} is VALID [2022-02-20 17:59:17,746 INFO L290 TraceCheckUtils]: 55: Hoare triple {8907#false} assume !(test_~splverifierCounter~0#1 < 4); {8907#false} is VALID [2022-02-20 17:59:17,746 INFO L290 TraceCheckUtils]: 56: Hoare triple {8907#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret6#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret6#1 && bobToRjh_#t~ret6#1 <= 2147483647;havoc bobToRjh_#t~ret6#1; {8907#false} is VALID [2022-02-20 17:59:17,747 INFO L272 TraceCheckUtils]: 57: Hoare triple {8907#false} call sendEmail(~bob~0, ~rjh~0); {8907#false} is VALID [2022-02-20 17:59:17,747 INFO L290 TraceCheckUtils]: 58: Hoare triple {8907#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~31#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~31#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {8907#false} is VALID [2022-02-20 17:59:17,747 INFO L272 TraceCheckUtils]: 59: Hoare triple {8907#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {8907#false} is VALID [2022-02-20 17:59:17,747 INFO L290 TraceCheckUtils]: 60: Hoare triple {8907#false} ~handle := #in~handle;~value := #in~value; {8907#false} is VALID [2022-02-20 17:59:17,747 INFO L290 TraceCheckUtils]: 61: Hoare triple {8907#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8907#false} is VALID [2022-02-20 17:59:17,747 INFO L290 TraceCheckUtils]: 62: Hoare triple {8907#false} assume true; {8907#false} is VALID [2022-02-20 17:59:17,747 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {8907#false} {8907#false} #895#return; {8907#false} is VALID [2022-02-20 17:59:17,747 INFO L272 TraceCheckUtils]: 64: Hoare triple {8907#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {8907#false} is VALID [2022-02-20 17:59:17,747 INFO L290 TraceCheckUtils]: 65: Hoare triple {8907#false} ~handle := #in~handle;~value := #in~value; {8907#false} is VALID [2022-02-20 17:59:17,748 INFO L290 TraceCheckUtils]: 66: Hoare triple {8907#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8907#false} is VALID [2022-02-20 17:59:17,748 INFO L290 TraceCheckUtils]: 67: Hoare triple {8907#false} assume true; {8907#false} is VALID [2022-02-20 17:59:17,748 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {8907#false} {8907#false} #897#return; {8907#false} is VALID [2022-02-20 17:59:17,748 INFO L290 TraceCheckUtils]: 69: Hoare triple {8907#false} createEmail_~retValue_acc~31#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~31#1; {8907#false} is VALID [2022-02-20 17:59:17,748 INFO L290 TraceCheckUtils]: 70: Hoare triple {8907#false} #t~ret84#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret84#1 && #t~ret84#1 <= 2147483647;~tmp~17#1 := #t~ret84#1;havoc #t~ret84#1;~email~0#1 := ~tmp~17#1; {8907#false} is VALID [2022-02-20 17:59:17,748 INFO L272 TraceCheckUtils]: 71: Hoare triple {8907#false} call outgoing(~sender#1, ~email~0#1); {8907#false} is VALID [2022-02-20 17:59:17,748 INFO L290 TraceCheckUtils]: 72: Hoare triple {8907#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret88#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~19#1; {8907#false} is VALID [2022-02-20 17:59:17,748 INFO L272 TraceCheckUtils]: 73: Hoare triple {8907#false} call sign_#t~ret88#1 := getClientPrivateKey(sign_~client#1); {8907#false} is VALID [2022-02-20 17:59:17,748 INFO L290 TraceCheckUtils]: 74: Hoare triple {8907#false} ~handle := #in~handle;havoc ~retValue_acc~9; {8907#false} is VALID [2022-02-20 17:59:17,749 INFO L290 TraceCheckUtils]: 75: Hoare triple {8907#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {8907#false} is VALID [2022-02-20 17:59:17,749 INFO L290 TraceCheckUtils]: 76: Hoare triple {8907#false} assume true; {8907#false} is VALID [2022-02-20 17:59:17,749 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {8907#false} {8907#false} #865#return; {8907#false} is VALID [2022-02-20 17:59:17,749 INFO L290 TraceCheckUtils]: 78: Hoare triple {8907#false} assume -2147483648 <= sign_#t~ret88#1 && sign_#t~ret88#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret88#1;havoc sign_#t~ret88#1;sign_~privkey~0#1 := sign_~tmp~19#1; {8907#false} is VALID [2022-02-20 17:59:17,749 INFO L290 TraceCheckUtils]: 79: Hoare triple {8907#false} assume 0 == sign_~privkey~0#1; {8907#false} is VALID [2022-02-20 17:59:17,749 INFO L290 TraceCheckUtils]: 80: Hoare triple {8907#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret80#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__AutoResponder_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {8907#false} is VALID [2022-02-20 17:59:17,749 INFO L290 TraceCheckUtils]: 81: Hoare triple {8907#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {8907#false} is VALID [2022-02-20 17:59:17,749 INFO L290 TraceCheckUtils]: 82: Hoare triple {8907#false} outgoing__wrappee__AutoResponder_#t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret80#1 && outgoing__wrappee__AutoResponder_#t~ret80#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret80#1;havoc outgoing__wrappee__AutoResponder_#t~ret80#1; {8907#false} is VALID [2022-02-20 17:59:17,749 INFO L272 TraceCheckUtils]: 83: Hoare triple {8907#false} call setEmailFrom(outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1); {8907#false} is VALID [2022-02-20 17:59:17,750 INFO L290 TraceCheckUtils]: 84: Hoare triple {8907#false} ~handle := #in~handle;~value := #in~value; {8907#false} is VALID [2022-02-20 17:59:17,750 INFO L290 TraceCheckUtils]: 85: Hoare triple {8907#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8907#false} is VALID [2022-02-20 17:59:17,750 INFO L290 TraceCheckUtils]: 86: Hoare triple {8907#false} assume true; {8907#false} is VALID [2022-02-20 17:59:17,750 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {8907#false} {8907#false} #867#return; {8907#false} is VALID [2022-02-20 17:59:17,750 INFO L290 TraceCheckUtils]: 88: Hoare triple {8907#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret75#1, __utac_acc__SignForward_spec__1_#t~ret76#1, __utac_acc__SignForward_spec__1_#t~ret77#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~12#1, __utac_acc__SignForward_spec__1_~tmp___0~5#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~12#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~5#1;call __utac_acc__SignForward_spec__1_#t~ret75#1 := puts(31, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret75#1 && __utac_acc__SignForward_spec__1_#t~ret75#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret75#1; {8907#false} is VALID [2022-02-20 17:59:17,750 INFO L272 TraceCheckUtils]: 89: Hoare triple {8907#false} call __utac_acc__SignForward_spec__1_#t~ret76#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {8907#false} is VALID [2022-02-20 17:59:17,750 INFO L290 TraceCheckUtils]: 90: Hoare triple {8907#false} ~handle := #in~handle;havoc ~retValue_acc~25; {8907#false} is VALID [2022-02-20 17:59:17,750 INFO L290 TraceCheckUtils]: 91: Hoare triple {8907#false} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~25; {8907#false} is VALID [2022-02-20 17:59:17,750 INFO L290 TraceCheckUtils]: 92: Hoare triple {8907#false} assume true; {8907#false} is VALID [2022-02-20 17:59:17,750 INFO L284 TraceCheckUtils]: 93: Hoare quadruple {8907#false} {8907#false} #869#return; {8907#false} is VALID [2022-02-20 17:59:17,751 INFO L290 TraceCheckUtils]: 94: Hoare triple {8907#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret76#1 && __utac_acc__SignForward_spec__1_#t~ret76#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~5#1 := __utac_acc__SignForward_spec__1_#t~ret76#1;havoc __utac_acc__SignForward_spec__1_#t~ret76#1; {8907#false} is VALID [2022-02-20 17:59:17,751 INFO L290 TraceCheckUtils]: 95: Hoare triple {8907#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~5#1; {8907#false} is VALID [2022-02-20 17:59:17,751 INFO L272 TraceCheckUtils]: 96: Hoare triple {8907#false} call __utac_acc__SignForward_spec__1_#t~ret77#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {8907#false} is VALID [2022-02-20 17:59:17,751 INFO L290 TraceCheckUtils]: 97: Hoare triple {8907#false} ~handle := #in~handle;havoc ~retValue_acc~9; {8907#false} is VALID [2022-02-20 17:59:17,751 INFO L290 TraceCheckUtils]: 98: Hoare triple {8907#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {8907#false} is VALID [2022-02-20 17:59:17,751 INFO L290 TraceCheckUtils]: 99: Hoare triple {8907#false} assume true; {8907#false} is VALID [2022-02-20 17:59:17,751 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {8907#false} {8907#false} #871#return; {8907#false} is VALID [2022-02-20 17:59:17,751 INFO L290 TraceCheckUtils]: 101: Hoare triple {8907#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret77#1 && __utac_acc__SignForward_spec__1_#t~ret77#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~12#1 := __utac_acc__SignForward_spec__1_#t~ret77#1;havoc __utac_acc__SignForward_spec__1_#t~ret77#1; {8907#false} is VALID [2022-02-20 17:59:17,751 INFO L290 TraceCheckUtils]: 102: Hoare triple {8907#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~12#1;assume { :begin_inline___automaton_fail } true; {8907#false} is VALID [2022-02-20 17:59:17,752 INFO L290 TraceCheckUtils]: 103: Hoare triple {8907#false} assume !false; {8907#false} is VALID [2022-02-20 17:59:17,752 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 15 trivial. 0 not checked. [2022-02-20 17:59:17,752 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:59:17,752 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [85777801] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:17,752 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:59:17,752 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [12] total 15 [2022-02-20 17:59:17,753 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1119887436] [2022-02-20 17:59:17,753 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:17,753 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 13.8) internal successors, (69), 5 states have internal predecessors, (69), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) Word has length 104 [2022-02-20 17:59:17,753 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:17,754 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 13.8) internal successors, (69), 5 states have internal predecessors, (69), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:59:17,817 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 95 edges. 95 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:17,818 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 17:59:17,818 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:17,818 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 17:59:17,818 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=30, Invalid=180, Unknown=0, NotChecked=0, Total=210 [2022-02-20 17:59:17,818 INFO L87 Difference]: Start difference. First operand 337 states and 515 transitions. Second operand has 5 states, 5 states have (on average 13.8) internal successors, (69), 5 states have internal predecessors, (69), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:59:18,536 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:18,536 INFO L93 Difference]: Finished difference Result 663 states and 1019 transitions. [2022-02-20 17:59:18,536 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 17:59:18,537 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 13.8) internal successors, (69), 5 states have internal predecessors, (69), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) Word has length 104 [2022-02-20 17:59:18,537 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:18,537 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 13.8) internal successors, (69), 5 states have internal predecessors, (69), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:59:18,552 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 841 transitions. [2022-02-20 17:59:18,552 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 13.8) internal successors, (69), 5 states have internal predecessors, (69), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:59:18,557 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 841 transitions. [2022-02-20 17:59:18,557 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 841 transitions. [2022-02-20 17:59:19,041 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 841 edges. 841 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:19,048 INFO L225 Difference]: With dead ends: 663 [2022-02-20 17:59:19,048 INFO L226 Difference]: Without dead ends: 339 [2022-02-20 17:59:19,049 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 134 GetRequests, 120 SyntacticMatches, 0 SemanticMatches, 14 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=34, Invalid=206, Unknown=0, NotChecked=0, Total=240 [2022-02-20 17:59:19,050 INFO L933 BasicCegarLoop]: 415 mSDtfsCounter, 124 mSDsluCounter, 1098 mSDsCounter, 0 mSdLazyCounter, 45 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 144 SdHoareTripleChecker+Valid, 1513 SdHoareTripleChecker+Invalid, 45 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 45 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:19,050 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [144 Valid, 1513 Invalid, 45 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 45 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:59:19,050 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 339 states. [2022-02-20 17:59:19,132 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 339 to 339. [2022-02-20 17:59:19,132 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:19,133 INFO L82 GeneralOperation]: Start isEquivalent. First operand 339 states. Second operand has 339 states, 268 states have (on average 1.541044776119403) internal successors, (413), 271 states have internal predecessors, (413), 51 states have call successors, (51), 17 states have call predecessors, (51), 19 states have return successors, (57), 50 states have call predecessors, (57), 50 states have call successors, (57) [2022-02-20 17:59:19,133 INFO L74 IsIncluded]: Start isIncluded. First operand 339 states. Second operand has 339 states, 268 states have (on average 1.541044776119403) internal successors, (413), 271 states have internal predecessors, (413), 51 states have call successors, (51), 17 states have call predecessors, (51), 19 states have return successors, (57), 50 states have call predecessors, (57), 50 states have call successors, (57) [2022-02-20 17:59:19,134 INFO L87 Difference]: Start difference. First operand 339 states. Second operand has 339 states, 268 states have (on average 1.541044776119403) internal successors, (413), 271 states have internal predecessors, (413), 51 states have call successors, (51), 17 states have call predecessors, (51), 19 states have return successors, (57), 50 states have call predecessors, (57), 50 states have call successors, (57) [2022-02-20 17:59:19,141 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:19,148 INFO L93 Difference]: Finished difference Result 339 states and 521 transitions. [2022-02-20 17:59:19,148 INFO L276 IsEmpty]: Start isEmpty. Operand 339 states and 521 transitions. [2022-02-20 17:59:19,149 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:19,149 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:19,150 INFO L74 IsIncluded]: Start isIncluded. First operand has 339 states, 268 states have (on average 1.541044776119403) internal successors, (413), 271 states have internal predecessors, (413), 51 states have call successors, (51), 17 states have call predecessors, (51), 19 states have return successors, (57), 50 states have call predecessors, (57), 50 states have call successors, (57) Second operand 339 states. [2022-02-20 17:59:19,151 INFO L87 Difference]: Start difference. First operand has 339 states, 268 states have (on average 1.541044776119403) internal successors, (413), 271 states have internal predecessors, (413), 51 states have call successors, (51), 17 states have call predecessors, (51), 19 states have return successors, (57), 50 states have call predecessors, (57), 50 states have call successors, (57) Second operand 339 states. [2022-02-20 17:59:19,160 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:19,160 INFO L93 Difference]: Finished difference Result 339 states and 521 transitions. [2022-02-20 17:59:19,160 INFO L276 IsEmpty]: Start isEmpty. Operand 339 states and 521 transitions. [2022-02-20 17:59:19,161 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:19,161 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:19,161 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:19,161 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:19,162 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 339 states, 268 states have (on average 1.541044776119403) internal successors, (413), 271 states have internal predecessors, (413), 51 states have call successors, (51), 17 states have call predecessors, (51), 19 states have return successors, (57), 50 states have call predecessors, (57), 50 states have call successors, (57) [2022-02-20 17:59:19,186 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 339 states to 339 states and 521 transitions. [2022-02-20 17:59:19,187 INFO L78 Accepts]: Start accepts. Automaton has 339 states and 521 transitions. Word has length 104 [2022-02-20 17:59:19,187 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:19,187 INFO L470 AbstractCegarLoop]: Abstraction has 339 states and 521 transitions. [2022-02-20 17:59:19,187 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 13.8) internal successors, (69), 5 states have internal predecessors, (69), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:59:19,187 INFO L276 IsEmpty]: Start isEmpty. Operand 339 states and 521 transitions. [2022-02-20 17:59:19,188 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 106 [2022-02-20 17:59:19,188 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:19,188 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:19,208 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Ended with exit code 0 [2022-02-20 17:59:19,405 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4,6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:19,405 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:19,406 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:19,406 INFO L85 PathProgramCache]: Analyzing trace with hash -851300096, now seen corresponding path program 1 times [2022-02-20 17:59:19,406 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:19,406 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [313122273] [2022-02-20 17:59:19,406 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:19,406 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:19,429 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:19,459 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:59:19,460 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:19,461 INFO L290 TraceCheckUtils]: 0: Hoare triple {11432#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11379#true} is VALID [2022-02-20 17:59:19,461 INFO L290 TraceCheckUtils]: 1: Hoare triple {11379#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11379#true} is VALID [2022-02-20 17:59:19,462 INFO L290 TraceCheckUtils]: 2: Hoare triple {11379#true} assume true; {11379#true} is VALID [2022-02-20 17:59:19,462 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11379#true} {11379#true} #901#return; {11379#true} is VALID [2022-02-20 17:59:19,466 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:59:19,467 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:19,468 INFO L290 TraceCheckUtils]: 0: Hoare triple {11433#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11379#true} is VALID [2022-02-20 17:59:19,468 INFO L290 TraceCheckUtils]: 1: Hoare triple {11379#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11379#true} is VALID [2022-02-20 17:59:19,469 INFO L290 TraceCheckUtils]: 2: Hoare triple {11379#true} assume true; {11379#true} is VALID [2022-02-20 17:59:19,469 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11379#true} {11379#true} #903#return; {11379#true} is VALID [2022-02-20 17:59:19,469 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:19,470 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:19,471 INFO L290 TraceCheckUtils]: 0: Hoare triple {11432#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11379#true} is VALID [2022-02-20 17:59:19,472 INFO L290 TraceCheckUtils]: 1: Hoare triple {11379#true} assume !(1 == ~handle); {11379#true} is VALID [2022-02-20 17:59:19,472 INFO L290 TraceCheckUtils]: 2: Hoare triple {11379#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {11379#true} is VALID [2022-02-20 17:59:19,472 INFO L290 TraceCheckUtils]: 3: Hoare triple {11379#true} assume true; {11379#true} is VALID [2022-02-20 17:59:19,472 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {11379#true} {11379#true} #905#return; {11379#true} is VALID [2022-02-20 17:59:19,472 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:59:19,474 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:19,476 INFO L290 TraceCheckUtils]: 0: Hoare triple {11433#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11379#true} is VALID [2022-02-20 17:59:19,476 INFO L290 TraceCheckUtils]: 1: Hoare triple {11379#true} assume !(1 == ~handle); {11379#true} is VALID [2022-02-20 17:59:19,476 INFO L290 TraceCheckUtils]: 2: Hoare triple {11379#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {11379#true} is VALID [2022-02-20 17:59:19,476 INFO L290 TraceCheckUtils]: 3: Hoare triple {11379#true} assume true; {11379#true} is VALID [2022-02-20 17:59:19,476 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {11379#true} {11379#true} #907#return; {11379#true} is VALID [2022-02-20 17:59:19,476 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:59:19,478 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:19,490 INFO L290 TraceCheckUtils]: 0: Hoare triple {11432#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11434#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:19,491 INFO L290 TraceCheckUtils]: 1: Hoare triple {11434#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11435#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:19,491 INFO L290 TraceCheckUtils]: 2: Hoare triple {11435#(= |setClientId_#in~handle| 1)} assume true; {11435#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:19,491 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11435#(= |setClientId_#in~handle| 1)} {11399#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #909#return; {11380#false} is VALID [2022-02-20 17:59:19,492 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:59:19,493 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:19,498 INFO L290 TraceCheckUtils]: 0: Hoare triple {11433#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11379#true} is VALID [2022-02-20 17:59:19,498 INFO L290 TraceCheckUtils]: 1: Hoare triple {11379#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11379#true} is VALID [2022-02-20 17:59:19,498 INFO L290 TraceCheckUtils]: 2: Hoare triple {11379#true} assume true; {11379#true} is VALID [2022-02-20 17:59:19,498 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11379#true} {11380#false} #911#return; {11380#false} is VALID [2022-02-20 17:59:19,503 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-02-20 17:59:19,505 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:19,507 INFO L290 TraceCheckUtils]: 0: Hoare triple {11436#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11379#true} is VALID [2022-02-20 17:59:19,507 INFO L290 TraceCheckUtils]: 1: Hoare triple {11379#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11379#true} is VALID [2022-02-20 17:59:19,507 INFO L290 TraceCheckUtils]: 2: Hoare triple {11379#true} assume true; {11379#true} is VALID [2022-02-20 17:59:19,507 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11379#true} {11380#false} #895#return; {11380#false} is VALID [2022-02-20 17:59:19,513 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65 [2022-02-20 17:59:19,514 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:19,518 INFO L290 TraceCheckUtils]: 0: Hoare triple {11437#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {11379#true} is VALID [2022-02-20 17:59:19,518 INFO L290 TraceCheckUtils]: 1: Hoare triple {11379#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {11379#true} is VALID [2022-02-20 17:59:19,518 INFO L290 TraceCheckUtils]: 2: Hoare triple {11379#true} assume true; {11379#true} is VALID [2022-02-20 17:59:19,519 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11379#true} {11380#false} #897#return; {11380#false} is VALID [2022-02-20 17:59:19,519 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 74 [2022-02-20 17:59:19,519 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:19,521 INFO L290 TraceCheckUtils]: 0: Hoare triple {11379#true} ~handle := #in~handle;havoc ~retValue_acc~9; {11379#true} is VALID [2022-02-20 17:59:19,521 INFO L290 TraceCheckUtils]: 1: Hoare triple {11379#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {11379#true} is VALID [2022-02-20 17:59:19,521 INFO L290 TraceCheckUtils]: 2: Hoare triple {11379#true} assume true; {11379#true} is VALID [2022-02-20 17:59:19,521 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11379#true} {11380#false} #865#return; {11380#false} is VALID [2022-02-20 17:59:19,522 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 17:59:19,523 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:19,525 INFO L290 TraceCheckUtils]: 0: Hoare triple {11436#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11379#true} is VALID [2022-02-20 17:59:19,525 INFO L290 TraceCheckUtils]: 1: Hoare triple {11379#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11379#true} is VALID [2022-02-20 17:59:19,525 INFO L290 TraceCheckUtils]: 2: Hoare triple {11379#true} assume true; {11379#true} is VALID [2022-02-20 17:59:19,525 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11379#true} {11380#false} #867#return; {11380#false} is VALID [2022-02-20 17:59:19,525 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90 [2022-02-20 17:59:19,526 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:19,527 INFO L290 TraceCheckUtils]: 0: Hoare triple {11379#true} ~handle := #in~handle;havoc ~retValue_acc~25; {11379#true} is VALID [2022-02-20 17:59:19,527 INFO L290 TraceCheckUtils]: 1: Hoare triple {11379#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~25; {11379#true} is VALID [2022-02-20 17:59:19,527 INFO L290 TraceCheckUtils]: 2: Hoare triple {11379#true} assume true; {11379#true} is VALID [2022-02-20 17:59:19,528 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11379#true} {11380#false} #869#return; {11380#false} is VALID [2022-02-20 17:59:19,528 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 97 [2022-02-20 17:59:19,530 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:19,532 INFO L290 TraceCheckUtils]: 0: Hoare triple {11379#true} ~handle := #in~handle;havoc ~retValue_acc~9; {11379#true} is VALID [2022-02-20 17:59:19,532 INFO L290 TraceCheckUtils]: 1: Hoare triple {11379#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {11379#true} is VALID [2022-02-20 17:59:19,532 INFO L290 TraceCheckUtils]: 2: Hoare triple {11379#true} assume true; {11379#true} is VALID [2022-02-20 17:59:19,532 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11379#true} {11380#false} #871#return; {11380#false} is VALID [2022-02-20 17:59:19,533 INFO L290 TraceCheckUtils]: 0: Hoare triple {11379#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(13, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(20, 34);call #Ultimate.allocInit(22, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(115, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {11379#true} is VALID [2022-02-20 17:59:19,533 INFO L290 TraceCheckUtils]: 1: Hoare triple {11379#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret14#1, main_~retValue_acc~28#1, main_~tmp~3#1;havoc main_~retValue_acc~28#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {11379#true} is VALID [2022-02-20 17:59:19,533 INFO L290 TraceCheckUtils]: 2: Hoare triple {11379#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {11379#true} is VALID [2022-02-20 17:59:19,533 INFO L290 TraceCheckUtils]: 3: Hoare triple {11379#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~36#1;havoc valid_product_~retValue_acc~36#1;valid_product_~retValue_acc~36#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~36#1; {11379#true} is VALID [2022-02-20 17:59:19,533 INFO L290 TraceCheckUtils]: 4: Hoare triple {11379#true} main_#t~ret14#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret14#1 && main_#t~ret14#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret14#1;havoc main_#t~ret14#1; {11379#true} is VALID [2022-02-20 17:59:19,533 INFO L290 TraceCheckUtils]: 5: Hoare triple {11379#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet11#1, setup_#t~nondet12#1, setup_#t~nondet13#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {11379#true} is VALID [2022-02-20 17:59:19,534 INFO L272 TraceCheckUtils]: 6: Hoare triple {11379#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {11432#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:19,534 INFO L290 TraceCheckUtils]: 7: Hoare triple {11432#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11379#true} is VALID [2022-02-20 17:59:19,534 INFO L290 TraceCheckUtils]: 8: Hoare triple {11379#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11379#true} is VALID [2022-02-20 17:59:19,534 INFO L290 TraceCheckUtils]: 9: Hoare triple {11379#true} assume true; {11379#true} is VALID [2022-02-20 17:59:19,534 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {11379#true} {11379#true} #901#return; {11379#true} is VALID [2022-02-20 17:59:19,534 INFO L290 TraceCheckUtils]: 11: Hoare triple {11379#true} assume { :end_inline_setup_bob__wrappee__Base } true; {11379#true} is VALID [2022-02-20 17:59:19,535 INFO L272 TraceCheckUtils]: 12: Hoare triple {11379#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {11433#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:19,535 INFO L290 TraceCheckUtils]: 13: Hoare triple {11433#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11379#true} is VALID [2022-02-20 17:59:19,535 INFO L290 TraceCheckUtils]: 14: Hoare triple {11379#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11379#true} is VALID [2022-02-20 17:59:19,535 INFO L290 TraceCheckUtils]: 15: Hoare triple {11379#true} assume true; {11379#true} is VALID [2022-02-20 17:59:19,535 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {11379#true} {11379#true} #903#return; {11379#true} is VALID [2022-02-20 17:59:19,535 INFO L290 TraceCheckUtils]: 17: Hoare triple {11379#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet11#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {11379#true} is VALID [2022-02-20 17:59:19,536 INFO L272 TraceCheckUtils]: 18: Hoare triple {11379#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {11432#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:19,536 INFO L290 TraceCheckUtils]: 19: Hoare triple {11432#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11379#true} is VALID [2022-02-20 17:59:19,536 INFO L290 TraceCheckUtils]: 20: Hoare triple {11379#true} assume !(1 == ~handle); {11379#true} is VALID [2022-02-20 17:59:19,536 INFO L290 TraceCheckUtils]: 21: Hoare triple {11379#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {11379#true} is VALID [2022-02-20 17:59:19,536 INFO L290 TraceCheckUtils]: 22: Hoare triple {11379#true} assume true; {11379#true} is VALID [2022-02-20 17:59:19,536 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {11379#true} {11379#true} #905#return; {11379#true} is VALID [2022-02-20 17:59:19,536 INFO L290 TraceCheckUtils]: 24: Hoare triple {11379#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {11379#true} is VALID [2022-02-20 17:59:19,537 INFO L272 TraceCheckUtils]: 25: Hoare triple {11379#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {11433#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:19,537 INFO L290 TraceCheckUtils]: 26: Hoare triple {11433#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11379#true} is VALID [2022-02-20 17:59:19,537 INFO L290 TraceCheckUtils]: 27: Hoare triple {11379#true} assume !(1 == ~handle); {11379#true} is VALID [2022-02-20 17:59:19,537 INFO L290 TraceCheckUtils]: 28: Hoare triple {11379#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {11379#true} is VALID [2022-02-20 17:59:19,537 INFO L290 TraceCheckUtils]: 29: Hoare triple {11379#true} assume true; {11379#true} is VALID [2022-02-20 17:59:19,537 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {11379#true} {11379#true} #907#return; {11379#true} is VALID [2022-02-20 17:59:19,538 INFO L290 TraceCheckUtils]: 31: Hoare triple {11379#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet12#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {11399#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:59:19,538 INFO L272 TraceCheckUtils]: 32: Hoare triple {11399#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {11432#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:19,539 INFO L290 TraceCheckUtils]: 33: Hoare triple {11432#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11434#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:19,539 INFO L290 TraceCheckUtils]: 34: Hoare triple {11434#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11435#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:19,539 INFO L290 TraceCheckUtils]: 35: Hoare triple {11435#(= |setClientId_#in~handle| 1)} assume true; {11435#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:19,540 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {11435#(= |setClientId_#in~handle| 1)} {11399#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #909#return; {11380#false} is VALID [2022-02-20 17:59:19,540 INFO L290 TraceCheckUtils]: 37: Hoare triple {11380#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {11380#false} is VALID [2022-02-20 17:59:19,540 INFO L272 TraceCheckUtils]: 38: Hoare triple {11380#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {11433#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:19,540 INFO L290 TraceCheckUtils]: 39: Hoare triple {11433#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11379#true} is VALID [2022-02-20 17:59:19,540 INFO L290 TraceCheckUtils]: 40: Hoare triple {11379#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11379#true} is VALID [2022-02-20 17:59:19,540 INFO L290 TraceCheckUtils]: 41: Hoare triple {11379#true} assume true; {11379#true} is VALID [2022-02-20 17:59:19,540 INFO L284 TraceCheckUtils]: 42: Hoare quadruple {11379#true} {11380#false} #911#return; {11380#false} is VALID [2022-02-20 17:59:19,540 INFO L290 TraceCheckUtils]: 43: Hoare triple {11380#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 8, 0;havoc setup_#t~nondet13#1; {11380#false} is VALID [2022-02-20 17:59:19,540 INFO L290 TraceCheckUtils]: 44: Hoare triple {11380#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {11380#false} is VALID [2022-02-20 17:59:19,541 INFO L290 TraceCheckUtils]: 45: Hoare triple {11380#false} assume !false; {11380#false} is VALID [2022-02-20 17:59:19,541 INFO L290 TraceCheckUtils]: 46: Hoare triple {11380#false} assume test_~splverifierCounter~0#1 < 4; {11380#false} is VALID [2022-02-20 17:59:19,541 INFO L290 TraceCheckUtils]: 47: Hoare triple {11380#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {11380#false} is VALID [2022-02-20 17:59:19,541 INFO L290 TraceCheckUtils]: 48: Hoare triple {11380#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet40#1 && test_#t~nondet40#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet40#1;havoc test_#t~nondet40#1; {11380#false} is VALID [2022-02-20 17:59:19,541 INFO L290 TraceCheckUtils]: 49: Hoare triple {11380#false} assume !(0 != test_~tmp___9~0#1); {11380#false} is VALID [2022-02-20 17:59:19,541 INFO L290 TraceCheckUtils]: 50: Hoare triple {11380#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet41#1 && test_#t~nondet41#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet41#1;havoc test_#t~nondet41#1; {11380#false} is VALID [2022-02-20 17:59:19,541 INFO L290 TraceCheckUtils]: 51: Hoare triple {11380#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {11380#false} is VALID [2022-02-20 17:59:19,541 INFO L290 TraceCheckUtils]: 52: Hoare triple {11380#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {11380#false} is VALID [2022-02-20 17:59:19,542 INFO L290 TraceCheckUtils]: 53: Hoare triple {11380#false} assume { :end_inline_setClientAutoResponse } true; {11380#false} is VALID [2022-02-20 17:59:19,542 INFO L290 TraceCheckUtils]: 54: Hoare triple {11380#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {11380#false} is VALID [2022-02-20 17:59:19,542 INFO L290 TraceCheckUtils]: 55: Hoare triple {11380#false} assume !false; {11380#false} is VALID [2022-02-20 17:59:19,542 INFO L290 TraceCheckUtils]: 56: Hoare triple {11380#false} assume !(test_~splverifierCounter~0#1 < 4); {11380#false} is VALID [2022-02-20 17:59:19,542 INFO L290 TraceCheckUtils]: 57: Hoare triple {11380#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret6#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret6#1 && bobToRjh_#t~ret6#1 <= 2147483647;havoc bobToRjh_#t~ret6#1; {11380#false} is VALID [2022-02-20 17:59:19,542 INFO L272 TraceCheckUtils]: 58: Hoare triple {11380#false} call sendEmail(~bob~0, ~rjh~0); {11380#false} is VALID [2022-02-20 17:59:19,542 INFO L290 TraceCheckUtils]: 59: Hoare triple {11380#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~31#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~31#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {11380#false} is VALID [2022-02-20 17:59:19,542 INFO L272 TraceCheckUtils]: 60: Hoare triple {11380#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {11436#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:19,542 INFO L290 TraceCheckUtils]: 61: Hoare triple {11436#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11379#true} is VALID [2022-02-20 17:59:19,542 INFO L290 TraceCheckUtils]: 62: Hoare triple {11379#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11379#true} is VALID [2022-02-20 17:59:19,543 INFO L290 TraceCheckUtils]: 63: Hoare triple {11379#true} assume true; {11379#true} is VALID [2022-02-20 17:59:19,543 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {11379#true} {11380#false} #895#return; {11380#false} is VALID [2022-02-20 17:59:19,543 INFO L272 TraceCheckUtils]: 65: Hoare triple {11380#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {11437#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:19,543 INFO L290 TraceCheckUtils]: 66: Hoare triple {11437#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {11379#true} is VALID [2022-02-20 17:59:19,543 INFO L290 TraceCheckUtils]: 67: Hoare triple {11379#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {11379#true} is VALID [2022-02-20 17:59:19,543 INFO L290 TraceCheckUtils]: 68: Hoare triple {11379#true} assume true; {11379#true} is VALID [2022-02-20 17:59:19,543 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {11379#true} {11380#false} #897#return; {11380#false} is VALID [2022-02-20 17:59:19,543 INFO L290 TraceCheckUtils]: 70: Hoare triple {11380#false} createEmail_~retValue_acc~31#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~31#1; {11380#false} is VALID [2022-02-20 17:59:19,543 INFO L290 TraceCheckUtils]: 71: Hoare triple {11380#false} #t~ret84#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret84#1 && #t~ret84#1 <= 2147483647;~tmp~17#1 := #t~ret84#1;havoc #t~ret84#1;~email~0#1 := ~tmp~17#1; {11380#false} is VALID [2022-02-20 17:59:19,544 INFO L272 TraceCheckUtils]: 72: Hoare triple {11380#false} call outgoing(~sender#1, ~email~0#1); {11380#false} is VALID [2022-02-20 17:59:19,544 INFO L290 TraceCheckUtils]: 73: Hoare triple {11380#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret88#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~19#1; {11380#false} is VALID [2022-02-20 17:59:19,544 INFO L272 TraceCheckUtils]: 74: Hoare triple {11380#false} call sign_#t~ret88#1 := getClientPrivateKey(sign_~client#1); {11379#true} is VALID [2022-02-20 17:59:19,544 INFO L290 TraceCheckUtils]: 75: Hoare triple {11379#true} ~handle := #in~handle;havoc ~retValue_acc~9; {11379#true} is VALID [2022-02-20 17:59:19,544 INFO L290 TraceCheckUtils]: 76: Hoare triple {11379#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {11379#true} is VALID [2022-02-20 17:59:19,544 INFO L290 TraceCheckUtils]: 77: Hoare triple {11379#true} assume true; {11379#true} is VALID [2022-02-20 17:59:19,544 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {11379#true} {11380#false} #865#return; {11380#false} is VALID [2022-02-20 17:59:19,544 INFO L290 TraceCheckUtils]: 79: Hoare triple {11380#false} assume -2147483648 <= sign_#t~ret88#1 && sign_#t~ret88#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret88#1;havoc sign_#t~ret88#1;sign_~privkey~0#1 := sign_~tmp~19#1; {11380#false} is VALID [2022-02-20 17:59:19,544 INFO L290 TraceCheckUtils]: 80: Hoare triple {11380#false} assume 0 == sign_~privkey~0#1; {11380#false} is VALID [2022-02-20 17:59:19,544 INFO L290 TraceCheckUtils]: 81: Hoare triple {11380#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret80#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__AutoResponder_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {11380#false} is VALID [2022-02-20 17:59:19,545 INFO L290 TraceCheckUtils]: 82: Hoare triple {11380#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {11380#false} is VALID [2022-02-20 17:59:19,545 INFO L290 TraceCheckUtils]: 83: Hoare triple {11380#false} outgoing__wrappee__AutoResponder_#t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret80#1 && outgoing__wrappee__AutoResponder_#t~ret80#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret80#1;havoc outgoing__wrappee__AutoResponder_#t~ret80#1; {11380#false} is VALID [2022-02-20 17:59:19,545 INFO L272 TraceCheckUtils]: 84: Hoare triple {11380#false} call setEmailFrom(outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1); {11436#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:19,545 INFO L290 TraceCheckUtils]: 85: Hoare triple {11436#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11379#true} is VALID [2022-02-20 17:59:19,545 INFO L290 TraceCheckUtils]: 86: Hoare triple {11379#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11379#true} is VALID [2022-02-20 17:59:19,545 INFO L290 TraceCheckUtils]: 87: Hoare triple {11379#true} assume true; {11379#true} is VALID [2022-02-20 17:59:19,545 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {11379#true} {11380#false} #867#return; {11380#false} is VALID [2022-02-20 17:59:19,545 INFO L290 TraceCheckUtils]: 89: Hoare triple {11380#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret75#1, __utac_acc__SignForward_spec__1_#t~ret76#1, __utac_acc__SignForward_spec__1_#t~ret77#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~12#1, __utac_acc__SignForward_spec__1_~tmp___0~5#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~12#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~5#1;call __utac_acc__SignForward_spec__1_#t~ret75#1 := puts(31, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret75#1 && __utac_acc__SignForward_spec__1_#t~ret75#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret75#1; {11380#false} is VALID [2022-02-20 17:59:19,545 INFO L272 TraceCheckUtils]: 90: Hoare triple {11380#false} call __utac_acc__SignForward_spec__1_#t~ret76#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {11379#true} is VALID [2022-02-20 17:59:19,545 INFO L290 TraceCheckUtils]: 91: Hoare triple {11379#true} ~handle := #in~handle;havoc ~retValue_acc~25; {11379#true} is VALID [2022-02-20 17:59:19,546 INFO L290 TraceCheckUtils]: 92: Hoare triple {11379#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~25; {11379#true} is VALID [2022-02-20 17:59:19,546 INFO L290 TraceCheckUtils]: 93: Hoare triple {11379#true} assume true; {11379#true} is VALID [2022-02-20 17:59:19,546 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {11379#true} {11380#false} #869#return; {11380#false} is VALID [2022-02-20 17:59:19,546 INFO L290 TraceCheckUtils]: 95: Hoare triple {11380#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret76#1 && __utac_acc__SignForward_spec__1_#t~ret76#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~5#1 := __utac_acc__SignForward_spec__1_#t~ret76#1;havoc __utac_acc__SignForward_spec__1_#t~ret76#1; {11380#false} is VALID [2022-02-20 17:59:19,546 INFO L290 TraceCheckUtils]: 96: Hoare triple {11380#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~5#1; {11380#false} is VALID [2022-02-20 17:59:19,546 INFO L272 TraceCheckUtils]: 97: Hoare triple {11380#false} call __utac_acc__SignForward_spec__1_#t~ret77#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {11379#true} is VALID [2022-02-20 17:59:19,546 INFO L290 TraceCheckUtils]: 98: Hoare triple {11379#true} ~handle := #in~handle;havoc ~retValue_acc~9; {11379#true} is VALID [2022-02-20 17:59:19,546 INFO L290 TraceCheckUtils]: 99: Hoare triple {11379#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {11379#true} is VALID [2022-02-20 17:59:19,546 INFO L290 TraceCheckUtils]: 100: Hoare triple {11379#true} assume true; {11379#true} is VALID [2022-02-20 17:59:19,546 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {11379#true} {11380#false} #871#return; {11380#false} is VALID [2022-02-20 17:59:19,547 INFO L290 TraceCheckUtils]: 102: Hoare triple {11380#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret77#1 && __utac_acc__SignForward_spec__1_#t~ret77#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~12#1 := __utac_acc__SignForward_spec__1_#t~ret77#1;havoc __utac_acc__SignForward_spec__1_#t~ret77#1; {11380#false} is VALID [2022-02-20 17:59:19,547 INFO L290 TraceCheckUtils]: 103: Hoare triple {11380#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~12#1;assume { :begin_inline___automaton_fail } true; {11380#false} is VALID [2022-02-20 17:59:19,547 INFO L290 TraceCheckUtils]: 104: Hoare triple {11380#false} assume !false; {11380#false} is VALID [2022-02-20 17:59:19,547 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 17:59:19,547 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:19,547 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [313122273] [2022-02-20 17:59:19,547 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [313122273] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:19,548 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:59:19,548 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 17:59:19,548 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2111769320] [2022-02-20 17:59:19,548 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:19,548 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 8.125) internal successors, (65), 5 states have internal predecessors, (65), 3 states have call successors, (14), 6 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 105 [2022-02-20 17:59:19,549 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:19,549 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 8.125) internal successors, (65), 5 states have internal predecessors, (65), 3 states have call successors, (14), 6 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:59:19,597 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 91 edges. 91 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:19,598 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 17:59:19,598 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:19,599 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 17:59:19,599 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:59:19,599 INFO L87 Difference]: Start difference. First operand 339 states and 521 transitions. Second operand has 9 states, 8 states have (on average 8.125) internal successors, (65), 5 states have internal predecessors, (65), 3 states have call successors, (14), 6 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:59:23,797 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:23,798 INFO L93 Difference]: Finished difference Result 759 states and 1172 transitions. [2022-02-20 17:59:23,798 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 17:59:23,798 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 8.125) internal successors, (65), 5 states have internal predecessors, (65), 3 states have call successors, (14), 6 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 105 [2022-02-20 17:59:23,798 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:23,799 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 8.125) internal successors, (65), 5 states have internal predecessors, (65), 3 states have call successors, (14), 6 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:59:23,806 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 986 transitions. [2022-02-20 17:59:23,806 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 8.125) internal successors, (65), 5 states have internal predecessors, (65), 3 states have call successors, (14), 6 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:59:23,814 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 986 transitions. [2022-02-20 17:59:23,814 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 986 transitions. [2022-02-20 17:59:24,599 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 986 edges. 986 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:24,611 INFO L225 Difference]: With dead ends: 759 [2022-02-20 17:59:24,611 INFO L226 Difference]: Without dead ends: 443 [2022-02-20 17:59:24,612 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 42 GetRequests, 27 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 31 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 17:59:24,614 INFO L933 BasicCegarLoop]: 501 mSDtfsCounter, 1008 mSDsluCounter, 815 mSDsCounter, 0 mSdLazyCounter, 1567 mSolverCounterSat, 292 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1025 SdHoareTripleChecker+Valid, 1316 SdHoareTripleChecker+Invalid, 1859 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 292 IncrementalHoareTripleChecker+Valid, 1567 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.8s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:24,614 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1025 Valid, 1316 Invalid, 1859 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [292 Valid, 1567 Invalid, 0 Unknown, 0 Unchecked, 1.8s Time] [2022-02-20 17:59:24,615 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 443 states. [2022-02-20 17:59:24,694 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 443 to 339. [2022-02-20 17:59:24,694 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:24,695 INFO L82 GeneralOperation]: Start isEquivalent. First operand 443 states. Second operand has 339 states, 268 states have (on average 1.541044776119403) internal successors, (413), 271 states have internal predecessors, (413), 51 states have call successors, (51), 17 states have call predecessors, (51), 19 states have return successors, (56), 50 states have call predecessors, (56), 50 states have call successors, (56) [2022-02-20 17:59:24,695 INFO L74 IsIncluded]: Start isIncluded. First operand 443 states. Second operand has 339 states, 268 states have (on average 1.541044776119403) internal successors, (413), 271 states have internal predecessors, (413), 51 states have call successors, (51), 17 states have call predecessors, (51), 19 states have return successors, (56), 50 states have call predecessors, (56), 50 states have call successors, (56) [2022-02-20 17:59:24,696 INFO L87 Difference]: Start difference. First operand 443 states. Second operand has 339 states, 268 states have (on average 1.541044776119403) internal successors, (413), 271 states have internal predecessors, (413), 51 states have call successors, (51), 17 states have call predecessors, (51), 19 states have return successors, (56), 50 states have call predecessors, (56), 50 states have call successors, (56) [2022-02-20 17:59:24,707 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:24,708 INFO L93 Difference]: Finished difference Result 443 states and 682 transitions. [2022-02-20 17:59:24,708 INFO L276 IsEmpty]: Start isEmpty. Operand 443 states and 682 transitions. [2022-02-20 17:59:24,709 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:24,709 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:24,710 INFO L74 IsIncluded]: Start isIncluded. First operand has 339 states, 268 states have (on average 1.541044776119403) internal successors, (413), 271 states have internal predecessors, (413), 51 states have call successors, (51), 17 states have call predecessors, (51), 19 states have return successors, (56), 50 states have call predecessors, (56), 50 states have call successors, (56) Second operand 443 states. [2022-02-20 17:59:24,711 INFO L87 Difference]: Start difference. First operand has 339 states, 268 states have (on average 1.541044776119403) internal successors, (413), 271 states have internal predecessors, (413), 51 states have call successors, (51), 17 states have call predecessors, (51), 19 states have return successors, (56), 50 states have call predecessors, (56), 50 states have call successors, (56) Second operand 443 states. [2022-02-20 17:59:24,723 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:24,723 INFO L93 Difference]: Finished difference Result 443 states and 682 transitions. [2022-02-20 17:59:24,723 INFO L276 IsEmpty]: Start isEmpty. Operand 443 states and 682 transitions. [2022-02-20 17:59:24,724 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:24,724 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:24,725 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:24,725 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:24,725 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 339 states, 268 states have (on average 1.541044776119403) internal successors, (413), 271 states have internal predecessors, (413), 51 states have call successors, (51), 17 states have call predecessors, (51), 19 states have return successors, (56), 50 states have call predecessors, (56), 50 states have call successors, (56) [2022-02-20 17:59:24,733 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 339 states to 339 states and 520 transitions. [2022-02-20 17:59:24,734 INFO L78 Accepts]: Start accepts. Automaton has 339 states and 520 transitions. Word has length 105 [2022-02-20 17:59:24,734 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:24,734 INFO L470 AbstractCegarLoop]: Abstraction has 339 states and 520 transitions. [2022-02-20 17:59:24,734 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 8.125) internal successors, (65), 5 states have internal predecessors, (65), 3 states have call successors, (14), 6 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:59:24,734 INFO L276 IsEmpty]: Start isEmpty. Operand 339 states and 520 transitions. [2022-02-20 17:59:24,735 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 107 [2022-02-20 17:59:24,735 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:24,735 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:24,736 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 17:59:24,736 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:24,736 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:24,736 INFO L85 PathProgramCache]: Analyzing trace with hash 855567918, now seen corresponding path program 2 times [2022-02-20 17:59:24,736 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:24,736 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1255180252] [2022-02-20 17:59:24,736 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:24,737 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:24,758 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:24,781 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:59:24,782 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:24,783 INFO L290 TraceCheckUtils]: 0: Hoare triple {13955#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13901#true} is VALID [2022-02-20 17:59:24,783 INFO L290 TraceCheckUtils]: 1: Hoare triple {13901#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13901#true} is VALID [2022-02-20 17:59:24,784 INFO L290 TraceCheckUtils]: 2: Hoare triple {13901#true} assume true; {13901#true} is VALID [2022-02-20 17:59:24,784 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13901#true} {13901#true} #901#return; {13901#true} is VALID [2022-02-20 17:59:24,788 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:59:24,790 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:24,791 INFO L290 TraceCheckUtils]: 0: Hoare triple {13956#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13901#true} is VALID [2022-02-20 17:59:24,791 INFO L290 TraceCheckUtils]: 1: Hoare triple {13901#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13901#true} is VALID [2022-02-20 17:59:24,792 INFO L290 TraceCheckUtils]: 2: Hoare triple {13901#true} assume true; {13901#true} is VALID [2022-02-20 17:59:24,792 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13901#true} {13901#true} #903#return; {13901#true} is VALID [2022-02-20 17:59:24,792 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:24,793 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:24,794 INFO L290 TraceCheckUtils]: 0: Hoare triple {13955#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13901#true} is VALID [2022-02-20 17:59:24,794 INFO L290 TraceCheckUtils]: 1: Hoare triple {13901#true} assume !(1 == ~handle); {13901#true} is VALID [2022-02-20 17:59:24,795 INFO L290 TraceCheckUtils]: 2: Hoare triple {13901#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {13901#true} is VALID [2022-02-20 17:59:24,795 INFO L290 TraceCheckUtils]: 3: Hoare triple {13901#true} assume true; {13901#true} is VALID [2022-02-20 17:59:24,795 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {13901#true} {13901#true} #905#return; {13901#true} is VALID [2022-02-20 17:59:24,795 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:59:24,796 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:24,797 INFO L290 TraceCheckUtils]: 0: Hoare triple {13956#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13901#true} is VALID [2022-02-20 17:59:24,797 INFO L290 TraceCheckUtils]: 1: Hoare triple {13901#true} assume !(1 == ~handle); {13901#true} is VALID [2022-02-20 17:59:24,797 INFO L290 TraceCheckUtils]: 2: Hoare triple {13901#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {13901#true} is VALID [2022-02-20 17:59:24,797 INFO L290 TraceCheckUtils]: 3: Hoare triple {13901#true} assume true; {13901#true} is VALID [2022-02-20 17:59:24,797 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {13901#true} {13901#true} #907#return; {13901#true} is VALID [2022-02-20 17:59:24,798 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:59:24,799 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:24,808 INFO L290 TraceCheckUtils]: 0: Hoare triple {13955#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13957#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:24,809 INFO L290 TraceCheckUtils]: 1: Hoare triple {13957#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {13957#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:24,809 INFO L290 TraceCheckUtils]: 2: Hoare triple {13957#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {13958#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:24,809 INFO L290 TraceCheckUtils]: 3: Hoare triple {13958#(= 2 |setClientId_#in~handle|)} assume true; {13958#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:24,810 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {13958#(= 2 |setClientId_#in~handle|)} {13921#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #909#return; {13902#false} is VALID [2022-02-20 17:59:24,810 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2022-02-20 17:59:24,811 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:24,812 INFO L290 TraceCheckUtils]: 0: Hoare triple {13956#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13901#true} is VALID [2022-02-20 17:59:24,812 INFO L290 TraceCheckUtils]: 1: Hoare triple {13901#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13901#true} is VALID [2022-02-20 17:59:24,812 INFO L290 TraceCheckUtils]: 2: Hoare triple {13901#true} assume true; {13901#true} is VALID [2022-02-20 17:59:24,812 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13901#true} {13902#false} #911#return; {13902#false} is VALID [2022-02-20 17:59:24,817 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 17:59:24,818 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:24,819 INFO L290 TraceCheckUtils]: 0: Hoare triple {13959#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13901#true} is VALID [2022-02-20 17:59:24,819 INFO L290 TraceCheckUtils]: 1: Hoare triple {13901#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13901#true} is VALID [2022-02-20 17:59:24,819 INFO L290 TraceCheckUtils]: 2: Hoare triple {13901#true} assume true; {13901#true} is VALID [2022-02-20 17:59:24,819 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13901#true} {13902#false} #895#return; {13902#false} is VALID [2022-02-20 17:59:24,824 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 17:59:24,825 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:24,826 INFO L290 TraceCheckUtils]: 0: Hoare triple {13960#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {13901#true} is VALID [2022-02-20 17:59:24,826 INFO L290 TraceCheckUtils]: 1: Hoare triple {13901#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {13901#true} is VALID [2022-02-20 17:59:24,826 INFO L290 TraceCheckUtils]: 2: Hoare triple {13901#true} assume true; {13901#true} is VALID [2022-02-20 17:59:24,826 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13901#true} {13902#false} #897#return; {13902#false} is VALID [2022-02-20 17:59:24,826 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 17:59:24,827 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:24,831 INFO L290 TraceCheckUtils]: 0: Hoare triple {13901#true} ~handle := #in~handle;havoc ~retValue_acc~9; {13901#true} is VALID [2022-02-20 17:59:24,831 INFO L290 TraceCheckUtils]: 1: Hoare triple {13901#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {13901#true} is VALID [2022-02-20 17:59:24,831 INFO L290 TraceCheckUtils]: 2: Hoare triple {13901#true} assume true; {13901#true} is VALID [2022-02-20 17:59:24,831 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13901#true} {13902#false} #865#return; {13902#false} is VALID [2022-02-20 17:59:24,831 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 17:59:24,832 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:24,834 INFO L290 TraceCheckUtils]: 0: Hoare triple {13959#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13901#true} is VALID [2022-02-20 17:59:24,834 INFO L290 TraceCheckUtils]: 1: Hoare triple {13901#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13901#true} is VALID [2022-02-20 17:59:24,834 INFO L290 TraceCheckUtils]: 2: Hoare triple {13901#true} assume true; {13901#true} is VALID [2022-02-20 17:59:24,834 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13901#true} {13902#false} #867#return; {13902#false} is VALID [2022-02-20 17:59:24,834 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91 [2022-02-20 17:59:24,835 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:24,836 INFO L290 TraceCheckUtils]: 0: Hoare triple {13901#true} ~handle := #in~handle;havoc ~retValue_acc~25; {13901#true} is VALID [2022-02-20 17:59:24,836 INFO L290 TraceCheckUtils]: 1: Hoare triple {13901#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~25; {13901#true} is VALID [2022-02-20 17:59:24,836 INFO L290 TraceCheckUtils]: 2: Hoare triple {13901#true} assume true; {13901#true} is VALID [2022-02-20 17:59:24,836 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13901#true} {13902#false} #869#return; {13902#false} is VALID [2022-02-20 17:59:24,836 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 17:59:24,837 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:24,839 INFO L290 TraceCheckUtils]: 0: Hoare triple {13901#true} ~handle := #in~handle;havoc ~retValue_acc~9; {13901#true} is VALID [2022-02-20 17:59:24,839 INFO L290 TraceCheckUtils]: 1: Hoare triple {13901#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {13901#true} is VALID [2022-02-20 17:59:24,839 INFO L290 TraceCheckUtils]: 2: Hoare triple {13901#true} assume true; {13901#true} is VALID [2022-02-20 17:59:24,839 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13901#true} {13902#false} #871#return; {13902#false} is VALID [2022-02-20 17:59:24,839 INFO L290 TraceCheckUtils]: 0: Hoare triple {13901#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(13, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(20, 34);call #Ultimate.allocInit(22, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(115, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {13901#true} is VALID [2022-02-20 17:59:24,840 INFO L290 TraceCheckUtils]: 1: Hoare triple {13901#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret14#1, main_~retValue_acc~28#1, main_~tmp~3#1;havoc main_~retValue_acc~28#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {13901#true} is VALID [2022-02-20 17:59:24,840 INFO L290 TraceCheckUtils]: 2: Hoare triple {13901#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {13901#true} is VALID [2022-02-20 17:59:24,840 INFO L290 TraceCheckUtils]: 3: Hoare triple {13901#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~36#1;havoc valid_product_~retValue_acc~36#1;valid_product_~retValue_acc~36#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~36#1; {13901#true} is VALID [2022-02-20 17:59:24,840 INFO L290 TraceCheckUtils]: 4: Hoare triple {13901#true} main_#t~ret14#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret14#1 && main_#t~ret14#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret14#1;havoc main_#t~ret14#1; {13901#true} is VALID [2022-02-20 17:59:24,840 INFO L290 TraceCheckUtils]: 5: Hoare triple {13901#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet11#1, setup_#t~nondet12#1, setup_#t~nondet13#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {13901#true} is VALID [2022-02-20 17:59:24,841 INFO L272 TraceCheckUtils]: 6: Hoare triple {13901#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {13955#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:24,841 INFO L290 TraceCheckUtils]: 7: Hoare triple {13955#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13901#true} is VALID [2022-02-20 17:59:24,841 INFO L290 TraceCheckUtils]: 8: Hoare triple {13901#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13901#true} is VALID [2022-02-20 17:59:24,841 INFO L290 TraceCheckUtils]: 9: Hoare triple {13901#true} assume true; {13901#true} is VALID [2022-02-20 17:59:24,841 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {13901#true} {13901#true} #901#return; {13901#true} is VALID [2022-02-20 17:59:24,841 INFO L290 TraceCheckUtils]: 11: Hoare triple {13901#true} assume { :end_inline_setup_bob__wrappee__Base } true; {13901#true} is VALID [2022-02-20 17:59:24,842 INFO L272 TraceCheckUtils]: 12: Hoare triple {13901#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {13956#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:24,842 INFO L290 TraceCheckUtils]: 13: Hoare triple {13956#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13901#true} is VALID [2022-02-20 17:59:24,842 INFO L290 TraceCheckUtils]: 14: Hoare triple {13901#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13901#true} is VALID [2022-02-20 17:59:24,842 INFO L290 TraceCheckUtils]: 15: Hoare triple {13901#true} assume true; {13901#true} is VALID [2022-02-20 17:59:24,842 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {13901#true} {13901#true} #903#return; {13901#true} is VALID [2022-02-20 17:59:24,842 INFO L290 TraceCheckUtils]: 17: Hoare triple {13901#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet11#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {13901#true} is VALID [2022-02-20 17:59:24,843 INFO L272 TraceCheckUtils]: 18: Hoare triple {13901#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {13955#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:24,843 INFO L290 TraceCheckUtils]: 19: Hoare triple {13955#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13901#true} is VALID [2022-02-20 17:59:24,843 INFO L290 TraceCheckUtils]: 20: Hoare triple {13901#true} assume !(1 == ~handle); {13901#true} is VALID [2022-02-20 17:59:24,843 INFO L290 TraceCheckUtils]: 21: Hoare triple {13901#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {13901#true} is VALID [2022-02-20 17:59:24,843 INFO L290 TraceCheckUtils]: 22: Hoare triple {13901#true} assume true; {13901#true} is VALID [2022-02-20 17:59:24,843 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {13901#true} {13901#true} #905#return; {13901#true} is VALID [2022-02-20 17:59:24,843 INFO L290 TraceCheckUtils]: 24: Hoare triple {13901#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {13901#true} is VALID [2022-02-20 17:59:24,844 INFO L272 TraceCheckUtils]: 25: Hoare triple {13901#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {13956#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:24,844 INFO L290 TraceCheckUtils]: 26: Hoare triple {13956#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13901#true} is VALID [2022-02-20 17:59:24,844 INFO L290 TraceCheckUtils]: 27: Hoare triple {13901#true} assume !(1 == ~handle); {13901#true} is VALID [2022-02-20 17:59:24,844 INFO L290 TraceCheckUtils]: 28: Hoare triple {13901#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {13901#true} is VALID [2022-02-20 17:59:24,844 INFO L290 TraceCheckUtils]: 29: Hoare triple {13901#true} assume true; {13901#true} is VALID [2022-02-20 17:59:24,844 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {13901#true} {13901#true} #907#return; {13901#true} is VALID [2022-02-20 17:59:24,845 INFO L290 TraceCheckUtils]: 31: Hoare triple {13901#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet12#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {13921#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:59:24,845 INFO L272 TraceCheckUtils]: 32: Hoare triple {13921#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {13955#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:24,845 INFO L290 TraceCheckUtils]: 33: Hoare triple {13955#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13957#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:24,846 INFO L290 TraceCheckUtils]: 34: Hoare triple {13957#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {13957#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:24,846 INFO L290 TraceCheckUtils]: 35: Hoare triple {13957#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {13958#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:24,846 INFO L290 TraceCheckUtils]: 36: Hoare triple {13958#(= 2 |setClientId_#in~handle|)} assume true; {13958#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:24,847 INFO L284 TraceCheckUtils]: 37: Hoare quadruple {13958#(= 2 |setClientId_#in~handle|)} {13921#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #909#return; {13902#false} is VALID [2022-02-20 17:59:24,847 INFO L290 TraceCheckUtils]: 38: Hoare triple {13902#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {13902#false} is VALID [2022-02-20 17:59:24,847 INFO L272 TraceCheckUtils]: 39: Hoare triple {13902#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {13956#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:24,847 INFO L290 TraceCheckUtils]: 40: Hoare triple {13956#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13901#true} is VALID [2022-02-20 17:59:24,847 INFO L290 TraceCheckUtils]: 41: Hoare triple {13901#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13901#true} is VALID [2022-02-20 17:59:24,847 INFO L290 TraceCheckUtils]: 42: Hoare triple {13901#true} assume true; {13901#true} is VALID [2022-02-20 17:59:24,847 INFO L284 TraceCheckUtils]: 43: Hoare quadruple {13901#true} {13902#false} #911#return; {13902#false} is VALID [2022-02-20 17:59:24,847 INFO L290 TraceCheckUtils]: 44: Hoare triple {13902#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 8, 0;havoc setup_#t~nondet13#1; {13902#false} is VALID [2022-02-20 17:59:24,847 INFO L290 TraceCheckUtils]: 45: Hoare triple {13902#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {13902#false} is VALID [2022-02-20 17:59:24,847 INFO L290 TraceCheckUtils]: 46: Hoare triple {13902#false} assume !false; {13902#false} is VALID [2022-02-20 17:59:24,848 INFO L290 TraceCheckUtils]: 47: Hoare triple {13902#false} assume test_~splverifierCounter~0#1 < 4; {13902#false} is VALID [2022-02-20 17:59:24,848 INFO L290 TraceCheckUtils]: 48: Hoare triple {13902#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {13902#false} is VALID [2022-02-20 17:59:24,848 INFO L290 TraceCheckUtils]: 49: Hoare triple {13902#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet40#1 && test_#t~nondet40#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet40#1;havoc test_#t~nondet40#1; {13902#false} is VALID [2022-02-20 17:59:24,848 INFO L290 TraceCheckUtils]: 50: Hoare triple {13902#false} assume !(0 != test_~tmp___9~0#1); {13902#false} is VALID [2022-02-20 17:59:24,848 INFO L290 TraceCheckUtils]: 51: Hoare triple {13902#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet41#1 && test_#t~nondet41#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet41#1;havoc test_#t~nondet41#1; {13902#false} is VALID [2022-02-20 17:59:24,848 INFO L290 TraceCheckUtils]: 52: Hoare triple {13902#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {13902#false} is VALID [2022-02-20 17:59:24,848 INFO L290 TraceCheckUtils]: 53: Hoare triple {13902#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {13902#false} is VALID [2022-02-20 17:59:24,848 INFO L290 TraceCheckUtils]: 54: Hoare triple {13902#false} assume { :end_inline_setClientAutoResponse } true; {13902#false} is VALID [2022-02-20 17:59:24,848 INFO L290 TraceCheckUtils]: 55: Hoare triple {13902#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {13902#false} is VALID [2022-02-20 17:59:24,848 INFO L290 TraceCheckUtils]: 56: Hoare triple {13902#false} assume !false; {13902#false} is VALID [2022-02-20 17:59:24,849 INFO L290 TraceCheckUtils]: 57: Hoare triple {13902#false} assume !(test_~splverifierCounter~0#1 < 4); {13902#false} is VALID [2022-02-20 17:59:24,849 INFO L290 TraceCheckUtils]: 58: Hoare triple {13902#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret6#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret6#1 && bobToRjh_#t~ret6#1 <= 2147483647;havoc bobToRjh_#t~ret6#1; {13902#false} is VALID [2022-02-20 17:59:24,849 INFO L272 TraceCheckUtils]: 59: Hoare triple {13902#false} call sendEmail(~bob~0, ~rjh~0); {13902#false} is VALID [2022-02-20 17:59:24,849 INFO L290 TraceCheckUtils]: 60: Hoare triple {13902#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~31#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~31#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {13902#false} is VALID [2022-02-20 17:59:24,849 INFO L272 TraceCheckUtils]: 61: Hoare triple {13902#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {13959#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:24,849 INFO L290 TraceCheckUtils]: 62: Hoare triple {13959#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13901#true} is VALID [2022-02-20 17:59:24,849 INFO L290 TraceCheckUtils]: 63: Hoare triple {13901#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13901#true} is VALID [2022-02-20 17:59:24,849 INFO L290 TraceCheckUtils]: 64: Hoare triple {13901#true} assume true; {13901#true} is VALID [2022-02-20 17:59:24,849 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {13901#true} {13902#false} #895#return; {13902#false} is VALID [2022-02-20 17:59:24,850 INFO L272 TraceCheckUtils]: 66: Hoare triple {13902#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {13960#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:24,850 INFO L290 TraceCheckUtils]: 67: Hoare triple {13960#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {13901#true} is VALID [2022-02-20 17:59:24,850 INFO L290 TraceCheckUtils]: 68: Hoare triple {13901#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {13901#true} is VALID [2022-02-20 17:59:24,850 INFO L290 TraceCheckUtils]: 69: Hoare triple {13901#true} assume true; {13901#true} is VALID [2022-02-20 17:59:24,850 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {13901#true} {13902#false} #897#return; {13902#false} is VALID [2022-02-20 17:59:24,850 INFO L290 TraceCheckUtils]: 71: Hoare triple {13902#false} createEmail_~retValue_acc~31#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~31#1; {13902#false} is VALID [2022-02-20 17:59:24,850 INFO L290 TraceCheckUtils]: 72: Hoare triple {13902#false} #t~ret84#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret84#1 && #t~ret84#1 <= 2147483647;~tmp~17#1 := #t~ret84#1;havoc #t~ret84#1;~email~0#1 := ~tmp~17#1; {13902#false} is VALID [2022-02-20 17:59:24,850 INFO L272 TraceCheckUtils]: 73: Hoare triple {13902#false} call outgoing(~sender#1, ~email~0#1); {13902#false} is VALID [2022-02-20 17:59:24,850 INFO L290 TraceCheckUtils]: 74: Hoare triple {13902#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret88#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~19#1; {13902#false} is VALID [2022-02-20 17:59:24,850 INFO L272 TraceCheckUtils]: 75: Hoare triple {13902#false} call sign_#t~ret88#1 := getClientPrivateKey(sign_~client#1); {13901#true} is VALID [2022-02-20 17:59:24,851 INFO L290 TraceCheckUtils]: 76: Hoare triple {13901#true} ~handle := #in~handle;havoc ~retValue_acc~9; {13901#true} is VALID [2022-02-20 17:59:24,851 INFO L290 TraceCheckUtils]: 77: Hoare triple {13901#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {13901#true} is VALID [2022-02-20 17:59:24,851 INFO L290 TraceCheckUtils]: 78: Hoare triple {13901#true} assume true; {13901#true} is VALID [2022-02-20 17:59:24,851 INFO L284 TraceCheckUtils]: 79: Hoare quadruple {13901#true} {13902#false} #865#return; {13902#false} is VALID [2022-02-20 17:59:24,851 INFO L290 TraceCheckUtils]: 80: Hoare triple {13902#false} assume -2147483648 <= sign_#t~ret88#1 && sign_#t~ret88#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret88#1;havoc sign_#t~ret88#1;sign_~privkey~0#1 := sign_~tmp~19#1; {13902#false} is VALID [2022-02-20 17:59:24,851 INFO L290 TraceCheckUtils]: 81: Hoare triple {13902#false} assume 0 == sign_~privkey~0#1; {13902#false} is VALID [2022-02-20 17:59:24,851 INFO L290 TraceCheckUtils]: 82: Hoare triple {13902#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret80#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__AutoResponder_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {13902#false} is VALID [2022-02-20 17:59:24,851 INFO L290 TraceCheckUtils]: 83: Hoare triple {13902#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {13902#false} is VALID [2022-02-20 17:59:24,851 INFO L290 TraceCheckUtils]: 84: Hoare triple {13902#false} outgoing__wrappee__AutoResponder_#t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret80#1 && outgoing__wrappee__AutoResponder_#t~ret80#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret80#1;havoc outgoing__wrappee__AutoResponder_#t~ret80#1; {13902#false} is VALID [2022-02-20 17:59:24,851 INFO L272 TraceCheckUtils]: 85: Hoare triple {13902#false} call setEmailFrom(outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1); {13959#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:24,852 INFO L290 TraceCheckUtils]: 86: Hoare triple {13959#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13901#true} is VALID [2022-02-20 17:59:24,852 INFO L290 TraceCheckUtils]: 87: Hoare triple {13901#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13901#true} is VALID [2022-02-20 17:59:24,852 INFO L290 TraceCheckUtils]: 88: Hoare triple {13901#true} assume true; {13901#true} is VALID [2022-02-20 17:59:24,852 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {13901#true} {13902#false} #867#return; {13902#false} is VALID [2022-02-20 17:59:24,852 INFO L290 TraceCheckUtils]: 90: Hoare triple {13902#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret75#1, __utac_acc__SignForward_spec__1_#t~ret76#1, __utac_acc__SignForward_spec__1_#t~ret77#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~12#1, __utac_acc__SignForward_spec__1_~tmp___0~5#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~12#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~5#1;call __utac_acc__SignForward_spec__1_#t~ret75#1 := puts(31, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret75#1 && __utac_acc__SignForward_spec__1_#t~ret75#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret75#1; {13902#false} is VALID [2022-02-20 17:59:24,852 INFO L272 TraceCheckUtils]: 91: Hoare triple {13902#false} call __utac_acc__SignForward_spec__1_#t~ret76#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {13901#true} is VALID [2022-02-20 17:59:24,852 INFO L290 TraceCheckUtils]: 92: Hoare triple {13901#true} ~handle := #in~handle;havoc ~retValue_acc~25; {13901#true} is VALID [2022-02-20 17:59:24,852 INFO L290 TraceCheckUtils]: 93: Hoare triple {13901#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~25; {13901#true} is VALID [2022-02-20 17:59:24,852 INFO L290 TraceCheckUtils]: 94: Hoare triple {13901#true} assume true; {13901#true} is VALID [2022-02-20 17:59:24,853 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {13901#true} {13902#false} #869#return; {13902#false} is VALID [2022-02-20 17:59:24,853 INFO L290 TraceCheckUtils]: 96: Hoare triple {13902#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret76#1 && __utac_acc__SignForward_spec__1_#t~ret76#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~5#1 := __utac_acc__SignForward_spec__1_#t~ret76#1;havoc __utac_acc__SignForward_spec__1_#t~ret76#1; {13902#false} is VALID [2022-02-20 17:59:24,853 INFO L290 TraceCheckUtils]: 97: Hoare triple {13902#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~5#1; {13902#false} is VALID [2022-02-20 17:59:24,853 INFO L272 TraceCheckUtils]: 98: Hoare triple {13902#false} call __utac_acc__SignForward_spec__1_#t~ret77#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {13901#true} is VALID [2022-02-20 17:59:24,853 INFO L290 TraceCheckUtils]: 99: Hoare triple {13901#true} ~handle := #in~handle;havoc ~retValue_acc~9; {13901#true} is VALID [2022-02-20 17:59:24,853 INFO L290 TraceCheckUtils]: 100: Hoare triple {13901#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {13901#true} is VALID [2022-02-20 17:59:24,853 INFO L290 TraceCheckUtils]: 101: Hoare triple {13901#true} assume true; {13901#true} is VALID [2022-02-20 17:59:24,853 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {13901#true} {13902#false} #871#return; {13902#false} is VALID [2022-02-20 17:59:24,853 INFO L290 TraceCheckUtils]: 103: Hoare triple {13902#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret77#1 && __utac_acc__SignForward_spec__1_#t~ret77#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~12#1 := __utac_acc__SignForward_spec__1_#t~ret77#1;havoc __utac_acc__SignForward_spec__1_#t~ret77#1; {13902#false} is VALID [2022-02-20 17:59:24,853 INFO L290 TraceCheckUtils]: 104: Hoare triple {13902#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~12#1;assume { :begin_inline___automaton_fail } true; {13902#false} is VALID [2022-02-20 17:59:24,854 INFO L290 TraceCheckUtils]: 105: Hoare triple {13902#false} assume !false; {13902#false} is VALID [2022-02-20 17:59:24,854 INFO L134 CoverageAnalysis]: Checked inductivity of 35 backedges. 7 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 17:59:24,854 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:24,854 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1255180252] [2022-02-20 17:59:24,854 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1255180252] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:24,854 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:59:24,854 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 17:59:24,854 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2134984885] [2022-02-20 17:59:24,855 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:24,855 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 8.25) internal successors, (66), 5 states have internal predecessors, (66), 3 states have call successors, (14), 6 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 106 [2022-02-20 17:59:24,855 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:24,856 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 8.25) internal successors, (66), 5 states have internal predecessors, (66), 3 states have call successors, (14), 6 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:59:24,906 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 92 edges. 92 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:24,907 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 17:59:24,907 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:24,907 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 17:59:24,907 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:59:24,908 INFO L87 Difference]: Start difference. First operand 339 states and 520 transitions. Second operand has 9 states, 8 states have (on average 8.25) internal successors, (66), 5 states have internal predecessors, (66), 3 states have call successors, (14), 6 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:59:28,874 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:28,874 INFO L93 Difference]: Finished difference Result 761 states and 1175 transitions. [2022-02-20 17:59:28,874 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 17:59:28,874 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 8.25) internal successors, (66), 5 states have internal predecessors, (66), 3 states have call successors, (14), 6 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 106 [2022-02-20 17:59:28,875 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:28,876 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 8.25) internal successors, (66), 5 states have internal predecessors, (66), 3 states have call successors, (14), 6 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:59:28,882 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 987 transitions. [2022-02-20 17:59:28,883 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 8.25) internal successors, (66), 5 states have internal predecessors, (66), 3 states have call successors, (14), 6 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:59:28,889 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 987 transitions. [2022-02-20 17:59:28,890 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 987 transitions. [2022-02-20 17:59:29,667 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 987 edges. 987 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:29,678 INFO L225 Difference]: With dead ends: 761 [2022-02-20 17:59:29,679 INFO L226 Difference]: Without dead ends: 445 [2022-02-20 17:59:29,679 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 42 GetRequests, 27 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 30 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 17:59:29,681 INFO L933 BasicCegarLoop]: 504 mSDtfsCounter, 1002 mSDsluCounter, 815 mSDsCounter, 0 mSdLazyCounter, 1576 mSolverCounterSat, 301 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1019 SdHoareTripleChecker+Valid, 1319 SdHoareTripleChecker+Invalid, 1877 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 301 IncrementalHoareTripleChecker+Valid, 1576 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.6s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:29,681 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1019 Valid, 1319 Invalid, 1877 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [301 Valid, 1576 Invalid, 0 Unknown, 0 Unchecked, 1.6s Time] [2022-02-20 17:59:29,682 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 445 states. [2022-02-20 17:59:29,749 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 445 to 341. [2022-02-20 17:59:29,750 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:29,750 INFO L82 GeneralOperation]: Start isEquivalent. First operand 445 states. Second operand has 341 states, 269 states have (on average 1.5390334572490707) internal successors, (414), 273 states have internal predecessors, (414), 51 states have call successors, (51), 17 states have call predecessors, (51), 20 states have return successors, (58), 50 states have call predecessors, (58), 50 states have call successors, (58) [2022-02-20 17:59:29,751 INFO L74 IsIncluded]: Start isIncluded. First operand 445 states. Second operand has 341 states, 269 states have (on average 1.5390334572490707) internal successors, (414), 273 states have internal predecessors, (414), 51 states have call successors, (51), 17 states have call predecessors, (51), 20 states have return successors, (58), 50 states have call predecessors, (58), 50 states have call successors, (58) [2022-02-20 17:59:29,752 INFO L87 Difference]: Start difference. First operand 445 states. Second operand has 341 states, 269 states have (on average 1.5390334572490707) internal successors, (414), 273 states have internal predecessors, (414), 51 states have call successors, (51), 17 states have call predecessors, (51), 20 states have return successors, (58), 50 states have call predecessors, (58), 50 states have call successors, (58) [2022-02-20 17:59:29,763 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:29,763 INFO L93 Difference]: Finished difference Result 445 states and 685 transitions. [2022-02-20 17:59:29,763 INFO L276 IsEmpty]: Start isEmpty. Operand 445 states and 685 transitions. [2022-02-20 17:59:29,766 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:29,766 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:29,767 INFO L74 IsIncluded]: Start isIncluded. First operand has 341 states, 269 states have (on average 1.5390334572490707) internal successors, (414), 273 states have internal predecessors, (414), 51 states have call successors, (51), 17 states have call predecessors, (51), 20 states have return successors, (58), 50 states have call predecessors, (58), 50 states have call successors, (58) Second operand 445 states. [2022-02-20 17:59:29,767 INFO L87 Difference]: Start difference. First operand has 341 states, 269 states have (on average 1.5390334572490707) internal successors, (414), 273 states have internal predecessors, (414), 51 states have call successors, (51), 17 states have call predecessors, (51), 20 states have return successors, (58), 50 states have call predecessors, (58), 50 states have call successors, (58) Second operand 445 states. [2022-02-20 17:59:29,795 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:29,795 INFO L93 Difference]: Finished difference Result 445 states and 685 transitions. [2022-02-20 17:59:29,795 INFO L276 IsEmpty]: Start isEmpty. Operand 445 states and 685 transitions. [2022-02-20 17:59:29,796 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:29,796 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:29,797 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:29,797 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:29,797 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 341 states, 269 states have (on average 1.5390334572490707) internal successors, (414), 273 states have internal predecessors, (414), 51 states have call successors, (51), 17 states have call predecessors, (51), 20 states have return successors, (58), 50 states have call predecessors, (58), 50 states have call successors, (58) [2022-02-20 17:59:29,806 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 341 states to 341 states and 523 transitions. [2022-02-20 17:59:29,807 INFO L78 Accepts]: Start accepts. Automaton has 341 states and 523 transitions. Word has length 106 [2022-02-20 17:59:29,807 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:29,807 INFO L470 AbstractCegarLoop]: Abstraction has 341 states and 523 transitions. [2022-02-20 17:59:29,807 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 8.25) internal successors, (66), 5 states have internal predecessors, (66), 3 states have call successors, (14), 6 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:59:29,807 INFO L276 IsEmpty]: Start isEmpty. Operand 341 states and 523 transitions. [2022-02-20 17:59:29,808 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 108 [2022-02-20 17:59:29,808 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:29,808 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:29,808 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-20 17:59:29,809 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:29,809 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:29,809 INFO L85 PathProgramCache]: Analyzing trace with hash -189507835, now seen corresponding path program 1 times [2022-02-20 17:59:29,810 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:29,810 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [853623754] [2022-02-20 17:59:29,810 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:29,810 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:29,829 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:29,852 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:59:29,853 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:29,854 INFO L290 TraceCheckUtils]: 0: Hoare triple {16488#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16432#true} is VALID [2022-02-20 17:59:29,854 INFO L290 TraceCheckUtils]: 1: Hoare triple {16432#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {16432#true} is VALID [2022-02-20 17:59:29,854 INFO L290 TraceCheckUtils]: 2: Hoare triple {16432#true} assume true; {16432#true} is VALID [2022-02-20 17:59:29,854 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16432#true} {16432#true} #901#return; {16432#true} is VALID [2022-02-20 17:59:29,859 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:59:29,860 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:29,862 INFO L290 TraceCheckUtils]: 0: Hoare triple {16489#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16432#true} is VALID [2022-02-20 17:59:29,862 INFO L290 TraceCheckUtils]: 1: Hoare triple {16432#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {16432#true} is VALID [2022-02-20 17:59:29,862 INFO L290 TraceCheckUtils]: 2: Hoare triple {16432#true} assume true; {16432#true} is VALID [2022-02-20 17:59:29,862 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16432#true} {16432#true} #903#return; {16432#true} is VALID [2022-02-20 17:59:29,863 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:29,866 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:29,867 INFO L290 TraceCheckUtils]: 0: Hoare triple {16488#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16432#true} is VALID [2022-02-20 17:59:29,867 INFO L290 TraceCheckUtils]: 1: Hoare triple {16432#true} assume !(1 == ~handle); {16432#true} is VALID [2022-02-20 17:59:29,867 INFO L290 TraceCheckUtils]: 2: Hoare triple {16432#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {16432#true} is VALID [2022-02-20 17:59:29,867 INFO L290 TraceCheckUtils]: 3: Hoare triple {16432#true} assume true; {16432#true} is VALID [2022-02-20 17:59:29,868 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {16432#true} {16432#true} #905#return; {16432#true} is VALID [2022-02-20 17:59:29,868 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:59:29,868 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:29,870 INFO L290 TraceCheckUtils]: 0: Hoare triple {16489#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16432#true} is VALID [2022-02-20 17:59:29,870 INFO L290 TraceCheckUtils]: 1: Hoare triple {16432#true} assume !(1 == ~handle); {16432#true} is VALID [2022-02-20 17:59:29,870 INFO L290 TraceCheckUtils]: 2: Hoare triple {16432#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {16432#true} is VALID [2022-02-20 17:59:29,870 INFO L290 TraceCheckUtils]: 3: Hoare triple {16432#true} assume true; {16432#true} is VALID [2022-02-20 17:59:29,870 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {16432#true} {16432#true} #907#return; {16432#true} is VALID [2022-02-20 17:59:29,870 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:59:29,872 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:29,884 INFO L290 TraceCheckUtils]: 0: Hoare triple {16488#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16490#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:29,885 INFO L290 TraceCheckUtils]: 1: Hoare triple {16490#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {16490#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:29,885 INFO L290 TraceCheckUtils]: 2: Hoare triple {16490#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {16490#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:29,885 INFO L290 TraceCheckUtils]: 3: Hoare triple {16490#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {16491#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:29,886 INFO L290 TraceCheckUtils]: 4: Hoare triple {16491#(= 3 |setClientId_#in~handle|)} assume true; {16491#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:29,886 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {16491#(= 3 |setClientId_#in~handle|)} {16452#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #909#return; {16459#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 17:59:29,886 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 17:59:29,887 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:29,906 INFO L290 TraceCheckUtils]: 0: Hoare triple {16489#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16492#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:29,907 INFO L290 TraceCheckUtils]: 1: Hoare triple {16492#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {16493#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:59:29,907 INFO L290 TraceCheckUtils]: 2: Hoare triple {16493#(= |setClientPrivateKey_#in~handle| 1)} assume true; {16493#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:59:29,907 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16493#(= |setClientPrivateKey_#in~handle| 1)} {16459#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #911#return; {16433#false} is VALID [2022-02-20 17:59:29,913 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 17:59:29,914 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:29,915 INFO L290 TraceCheckUtils]: 0: Hoare triple {16494#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {16432#true} is VALID [2022-02-20 17:59:29,915 INFO L290 TraceCheckUtils]: 1: Hoare triple {16432#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {16432#true} is VALID [2022-02-20 17:59:29,915 INFO L290 TraceCheckUtils]: 2: Hoare triple {16432#true} assume true; {16432#true} is VALID [2022-02-20 17:59:29,915 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16432#true} {16433#false} #895#return; {16433#false} is VALID [2022-02-20 17:59:29,922 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 17:59:29,922 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:29,924 INFO L290 TraceCheckUtils]: 0: Hoare triple {16495#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {16432#true} is VALID [2022-02-20 17:59:29,924 INFO L290 TraceCheckUtils]: 1: Hoare triple {16432#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {16432#true} is VALID [2022-02-20 17:59:29,924 INFO L290 TraceCheckUtils]: 2: Hoare triple {16432#true} assume true; {16432#true} is VALID [2022-02-20 17:59:29,924 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16432#true} {16433#false} #897#return; {16433#false} is VALID [2022-02-20 17:59:29,924 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 76 [2022-02-20 17:59:29,925 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:29,926 INFO L290 TraceCheckUtils]: 0: Hoare triple {16432#true} ~handle := #in~handle;havoc ~retValue_acc~9; {16432#true} is VALID [2022-02-20 17:59:29,926 INFO L290 TraceCheckUtils]: 1: Hoare triple {16432#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {16432#true} is VALID [2022-02-20 17:59:29,926 INFO L290 TraceCheckUtils]: 2: Hoare triple {16432#true} assume true; {16432#true} is VALID [2022-02-20 17:59:29,926 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16432#true} {16433#false} #865#return; {16433#false} is VALID [2022-02-20 17:59:29,926 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 17:59:29,927 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:29,928 INFO L290 TraceCheckUtils]: 0: Hoare triple {16494#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {16432#true} is VALID [2022-02-20 17:59:29,928 INFO L290 TraceCheckUtils]: 1: Hoare triple {16432#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {16432#true} is VALID [2022-02-20 17:59:29,928 INFO L290 TraceCheckUtils]: 2: Hoare triple {16432#true} assume true; {16432#true} is VALID [2022-02-20 17:59:29,928 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16432#true} {16433#false} #867#return; {16433#false} is VALID [2022-02-20 17:59:29,928 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 17:59:29,929 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:29,930 INFO L290 TraceCheckUtils]: 0: Hoare triple {16432#true} ~handle := #in~handle;havoc ~retValue_acc~25; {16432#true} is VALID [2022-02-20 17:59:29,930 INFO L290 TraceCheckUtils]: 1: Hoare triple {16432#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~25; {16432#true} is VALID [2022-02-20 17:59:29,930 INFO L290 TraceCheckUtils]: 2: Hoare triple {16432#true} assume true; {16432#true} is VALID [2022-02-20 17:59:29,930 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16432#true} {16433#false} #869#return; {16433#false} is VALID [2022-02-20 17:59:29,930 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99 [2022-02-20 17:59:29,931 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:29,932 INFO L290 TraceCheckUtils]: 0: Hoare triple {16432#true} ~handle := #in~handle;havoc ~retValue_acc~9; {16432#true} is VALID [2022-02-20 17:59:29,932 INFO L290 TraceCheckUtils]: 1: Hoare triple {16432#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {16432#true} is VALID [2022-02-20 17:59:29,932 INFO L290 TraceCheckUtils]: 2: Hoare triple {16432#true} assume true; {16432#true} is VALID [2022-02-20 17:59:29,933 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16432#true} {16433#false} #871#return; {16433#false} is VALID [2022-02-20 17:59:29,933 INFO L290 TraceCheckUtils]: 0: Hoare triple {16432#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(13, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(20, 34);call #Ultimate.allocInit(22, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(115, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {16432#true} is VALID [2022-02-20 17:59:29,933 INFO L290 TraceCheckUtils]: 1: Hoare triple {16432#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret14#1, main_~retValue_acc~28#1, main_~tmp~3#1;havoc main_~retValue_acc~28#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {16432#true} is VALID [2022-02-20 17:59:29,933 INFO L290 TraceCheckUtils]: 2: Hoare triple {16432#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {16432#true} is VALID [2022-02-20 17:59:29,933 INFO L290 TraceCheckUtils]: 3: Hoare triple {16432#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~36#1;havoc valid_product_~retValue_acc~36#1;valid_product_~retValue_acc~36#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~36#1; {16432#true} is VALID [2022-02-20 17:59:29,933 INFO L290 TraceCheckUtils]: 4: Hoare triple {16432#true} main_#t~ret14#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret14#1 && main_#t~ret14#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret14#1;havoc main_#t~ret14#1; {16432#true} is VALID [2022-02-20 17:59:29,933 INFO L290 TraceCheckUtils]: 5: Hoare triple {16432#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet11#1, setup_#t~nondet12#1, setup_#t~nondet13#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {16432#true} is VALID [2022-02-20 17:59:29,934 INFO L272 TraceCheckUtils]: 6: Hoare triple {16432#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {16488#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:29,934 INFO L290 TraceCheckUtils]: 7: Hoare triple {16488#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16432#true} is VALID [2022-02-20 17:59:29,934 INFO L290 TraceCheckUtils]: 8: Hoare triple {16432#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {16432#true} is VALID [2022-02-20 17:59:29,934 INFO L290 TraceCheckUtils]: 9: Hoare triple {16432#true} assume true; {16432#true} is VALID [2022-02-20 17:59:29,934 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {16432#true} {16432#true} #901#return; {16432#true} is VALID [2022-02-20 17:59:29,934 INFO L290 TraceCheckUtils]: 11: Hoare triple {16432#true} assume { :end_inline_setup_bob__wrappee__Base } true; {16432#true} is VALID [2022-02-20 17:59:29,935 INFO L272 TraceCheckUtils]: 12: Hoare triple {16432#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {16489#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:29,935 INFO L290 TraceCheckUtils]: 13: Hoare triple {16489#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16432#true} is VALID [2022-02-20 17:59:29,935 INFO L290 TraceCheckUtils]: 14: Hoare triple {16432#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {16432#true} is VALID [2022-02-20 17:59:29,935 INFO L290 TraceCheckUtils]: 15: Hoare triple {16432#true} assume true; {16432#true} is VALID [2022-02-20 17:59:29,935 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {16432#true} {16432#true} #903#return; {16432#true} is VALID [2022-02-20 17:59:29,935 INFO L290 TraceCheckUtils]: 17: Hoare triple {16432#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet11#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {16432#true} is VALID [2022-02-20 17:59:29,936 INFO L272 TraceCheckUtils]: 18: Hoare triple {16432#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {16488#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:29,936 INFO L290 TraceCheckUtils]: 19: Hoare triple {16488#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16432#true} is VALID [2022-02-20 17:59:29,936 INFO L290 TraceCheckUtils]: 20: Hoare triple {16432#true} assume !(1 == ~handle); {16432#true} is VALID [2022-02-20 17:59:29,936 INFO L290 TraceCheckUtils]: 21: Hoare triple {16432#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {16432#true} is VALID [2022-02-20 17:59:29,936 INFO L290 TraceCheckUtils]: 22: Hoare triple {16432#true} assume true; {16432#true} is VALID [2022-02-20 17:59:29,936 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {16432#true} {16432#true} #905#return; {16432#true} is VALID [2022-02-20 17:59:29,936 INFO L290 TraceCheckUtils]: 24: Hoare triple {16432#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {16432#true} is VALID [2022-02-20 17:59:29,937 INFO L272 TraceCheckUtils]: 25: Hoare triple {16432#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {16489#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:29,937 INFO L290 TraceCheckUtils]: 26: Hoare triple {16489#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16432#true} is VALID [2022-02-20 17:59:29,937 INFO L290 TraceCheckUtils]: 27: Hoare triple {16432#true} assume !(1 == ~handle); {16432#true} is VALID [2022-02-20 17:59:29,937 INFO L290 TraceCheckUtils]: 28: Hoare triple {16432#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {16432#true} is VALID [2022-02-20 17:59:29,937 INFO L290 TraceCheckUtils]: 29: Hoare triple {16432#true} assume true; {16432#true} is VALID [2022-02-20 17:59:29,937 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {16432#true} {16432#true} #907#return; {16432#true} is VALID [2022-02-20 17:59:29,938 INFO L290 TraceCheckUtils]: 31: Hoare triple {16432#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet12#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {16452#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:59:29,938 INFO L272 TraceCheckUtils]: 32: Hoare triple {16452#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {16488#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:29,939 INFO L290 TraceCheckUtils]: 33: Hoare triple {16488#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16490#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:29,939 INFO L290 TraceCheckUtils]: 34: Hoare triple {16490#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {16490#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:29,939 INFO L290 TraceCheckUtils]: 35: Hoare triple {16490#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {16490#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:29,939 INFO L290 TraceCheckUtils]: 36: Hoare triple {16490#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {16491#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:29,940 INFO L290 TraceCheckUtils]: 37: Hoare triple {16491#(= 3 |setClientId_#in~handle|)} assume true; {16491#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:29,940 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {16491#(= 3 |setClientId_#in~handle|)} {16452#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #909#return; {16459#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 17:59:29,940 INFO L290 TraceCheckUtils]: 39: Hoare triple {16459#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {16459#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 17:59:29,941 INFO L272 TraceCheckUtils]: 40: Hoare triple {16459#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {16489#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:29,941 INFO L290 TraceCheckUtils]: 41: Hoare triple {16489#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16492#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:29,941 INFO L290 TraceCheckUtils]: 42: Hoare triple {16492#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {16493#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:59:29,942 INFO L290 TraceCheckUtils]: 43: Hoare triple {16493#(= |setClientPrivateKey_#in~handle| 1)} assume true; {16493#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:59:29,942 INFO L284 TraceCheckUtils]: 44: Hoare quadruple {16493#(= |setClientPrivateKey_#in~handle| 1)} {16459#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #911#return; {16433#false} is VALID [2022-02-20 17:59:29,942 INFO L290 TraceCheckUtils]: 45: Hoare triple {16433#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 8, 0;havoc setup_#t~nondet13#1; {16433#false} is VALID [2022-02-20 17:59:29,942 INFO L290 TraceCheckUtils]: 46: Hoare triple {16433#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {16433#false} is VALID [2022-02-20 17:59:29,942 INFO L290 TraceCheckUtils]: 47: Hoare triple {16433#false} assume !false; {16433#false} is VALID [2022-02-20 17:59:29,942 INFO L290 TraceCheckUtils]: 48: Hoare triple {16433#false} assume test_~splverifierCounter~0#1 < 4; {16433#false} is VALID [2022-02-20 17:59:29,943 INFO L290 TraceCheckUtils]: 49: Hoare triple {16433#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {16433#false} is VALID [2022-02-20 17:59:29,943 INFO L290 TraceCheckUtils]: 50: Hoare triple {16433#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet40#1 && test_#t~nondet40#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet40#1;havoc test_#t~nondet40#1; {16433#false} is VALID [2022-02-20 17:59:29,943 INFO L290 TraceCheckUtils]: 51: Hoare triple {16433#false} assume !(0 != test_~tmp___9~0#1); {16433#false} is VALID [2022-02-20 17:59:29,943 INFO L290 TraceCheckUtils]: 52: Hoare triple {16433#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet41#1 && test_#t~nondet41#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet41#1;havoc test_#t~nondet41#1; {16433#false} is VALID [2022-02-20 17:59:29,943 INFO L290 TraceCheckUtils]: 53: Hoare triple {16433#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {16433#false} is VALID [2022-02-20 17:59:29,943 INFO L290 TraceCheckUtils]: 54: Hoare triple {16433#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {16433#false} is VALID [2022-02-20 17:59:29,943 INFO L290 TraceCheckUtils]: 55: Hoare triple {16433#false} assume { :end_inline_setClientAutoResponse } true; {16433#false} is VALID [2022-02-20 17:59:29,943 INFO L290 TraceCheckUtils]: 56: Hoare triple {16433#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {16433#false} is VALID [2022-02-20 17:59:29,943 INFO L290 TraceCheckUtils]: 57: Hoare triple {16433#false} assume !false; {16433#false} is VALID [2022-02-20 17:59:29,943 INFO L290 TraceCheckUtils]: 58: Hoare triple {16433#false} assume !(test_~splverifierCounter~0#1 < 4); {16433#false} is VALID [2022-02-20 17:59:29,944 INFO L290 TraceCheckUtils]: 59: Hoare triple {16433#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret6#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret6#1 && bobToRjh_#t~ret6#1 <= 2147483647;havoc bobToRjh_#t~ret6#1; {16433#false} is VALID [2022-02-20 17:59:29,944 INFO L272 TraceCheckUtils]: 60: Hoare triple {16433#false} call sendEmail(~bob~0, ~rjh~0); {16433#false} is VALID [2022-02-20 17:59:29,944 INFO L290 TraceCheckUtils]: 61: Hoare triple {16433#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~31#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~31#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {16433#false} is VALID [2022-02-20 17:59:29,944 INFO L272 TraceCheckUtils]: 62: Hoare triple {16433#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {16494#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:29,944 INFO L290 TraceCheckUtils]: 63: Hoare triple {16494#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {16432#true} is VALID [2022-02-20 17:59:29,944 INFO L290 TraceCheckUtils]: 64: Hoare triple {16432#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {16432#true} is VALID [2022-02-20 17:59:29,944 INFO L290 TraceCheckUtils]: 65: Hoare triple {16432#true} assume true; {16432#true} is VALID [2022-02-20 17:59:29,944 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {16432#true} {16433#false} #895#return; {16433#false} is VALID [2022-02-20 17:59:29,944 INFO L272 TraceCheckUtils]: 67: Hoare triple {16433#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {16495#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:29,945 INFO L290 TraceCheckUtils]: 68: Hoare triple {16495#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {16432#true} is VALID [2022-02-20 17:59:29,945 INFO L290 TraceCheckUtils]: 69: Hoare triple {16432#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {16432#true} is VALID [2022-02-20 17:59:29,945 INFO L290 TraceCheckUtils]: 70: Hoare triple {16432#true} assume true; {16432#true} is VALID [2022-02-20 17:59:29,945 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {16432#true} {16433#false} #897#return; {16433#false} is VALID [2022-02-20 17:59:29,945 INFO L290 TraceCheckUtils]: 72: Hoare triple {16433#false} createEmail_~retValue_acc~31#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~31#1; {16433#false} is VALID [2022-02-20 17:59:29,945 INFO L290 TraceCheckUtils]: 73: Hoare triple {16433#false} #t~ret84#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret84#1 && #t~ret84#1 <= 2147483647;~tmp~17#1 := #t~ret84#1;havoc #t~ret84#1;~email~0#1 := ~tmp~17#1; {16433#false} is VALID [2022-02-20 17:59:29,945 INFO L272 TraceCheckUtils]: 74: Hoare triple {16433#false} call outgoing(~sender#1, ~email~0#1); {16433#false} is VALID [2022-02-20 17:59:29,945 INFO L290 TraceCheckUtils]: 75: Hoare triple {16433#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret88#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~19#1; {16433#false} is VALID [2022-02-20 17:59:29,945 INFO L272 TraceCheckUtils]: 76: Hoare triple {16433#false} call sign_#t~ret88#1 := getClientPrivateKey(sign_~client#1); {16432#true} is VALID [2022-02-20 17:59:29,945 INFO L290 TraceCheckUtils]: 77: Hoare triple {16432#true} ~handle := #in~handle;havoc ~retValue_acc~9; {16432#true} is VALID [2022-02-20 17:59:29,946 INFO L290 TraceCheckUtils]: 78: Hoare triple {16432#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {16432#true} is VALID [2022-02-20 17:59:29,946 INFO L290 TraceCheckUtils]: 79: Hoare triple {16432#true} assume true; {16432#true} is VALID [2022-02-20 17:59:29,946 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {16432#true} {16433#false} #865#return; {16433#false} is VALID [2022-02-20 17:59:29,946 INFO L290 TraceCheckUtils]: 81: Hoare triple {16433#false} assume -2147483648 <= sign_#t~ret88#1 && sign_#t~ret88#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret88#1;havoc sign_#t~ret88#1;sign_~privkey~0#1 := sign_~tmp~19#1; {16433#false} is VALID [2022-02-20 17:59:29,946 INFO L290 TraceCheckUtils]: 82: Hoare triple {16433#false} assume 0 == sign_~privkey~0#1; {16433#false} is VALID [2022-02-20 17:59:29,946 INFO L290 TraceCheckUtils]: 83: Hoare triple {16433#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret80#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__AutoResponder_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {16433#false} is VALID [2022-02-20 17:59:29,946 INFO L290 TraceCheckUtils]: 84: Hoare triple {16433#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {16433#false} is VALID [2022-02-20 17:59:29,946 INFO L290 TraceCheckUtils]: 85: Hoare triple {16433#false} outgoing__wrappee__AutoResponder_#t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret80#1 && outgoing__wrappee__AutoResponder_#t~ret80#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret80#1;havoc outgoing__wrappee__AutoResponder_#t~ret80#1; {16433#false} is VALID [2022-02-20 17:59:29,946 INFO L272 TraceCheckUtils]: 86: Hoare triple {16433#false} call setEmailFrom(outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1); {16494#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:29,947 INFO L290 TraceCheckUtils]: 87: Hoare triple {16494#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {16432#true} is VALID [2022-02-20 17:59:29,947 INFO L290 TraceCheckUtils]: 88: Hoare triple {16432#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {16432#true} is VALID [2022-02-20 17:59:29,947 INFO L290 TraceCheckUtils]: 89: Hoare triple {16432#true} assume true; {16432#true} is VALID [2022-02-20 17:59:29,947 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {16432#true} {16433#false} #867#return; {16433#false} is VALID [2022-02-20 17:59:29,947 INFO L290 TraceCheckUtils]: 91: Hoare triple {16433#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret75#1, __utac_acc__SignForward_spec__1_#t~ret76#1, __utac_acc__SignForward_spec__1_#t~ret77#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~12#1, __utac_acc__SignForward_spec__1_~tmp___0~5#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~12#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~5#1;call __utac_acc__SignForward_spec__1_#t~ret75#1 := puts(31, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret75#1 && __utac_acc__SignForward_spec__1_#t~ret75#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret75#1; {16433#false} is VALID [2022-02-20 17:59:29,947 INFO L272 TraceCheckUtils]: 92: Hoare triple {16433#false} call __utac_acc__SignForward_spec__1_#t~ret76#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {16432#true} is VALID [2022-02-20 17:59:29,947 INFO L290 TraceCheckUtils]: 93: Hoare triple {16432#true} ~handle := #in~handle;havoc ~retValue_acc~25; {16432#true} is VALID [2022-02-20 17:59:29,947 INFO L290 TraceCheckUtils]: 94: Hoare triple {16432#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~25; {16432#true} is VALID [2022-02-20 17:59:29,947 INFO L290 TraceCheckUtils]: 95: Hoare triple {16432#true} assume true; {16432#true} is VALID [2022-02-20 17:59:29,948 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {16432#true} {16433#false} #869#return; {16433#false} is VALID [2022-02-20 17:59:29,948 INFO L290 TraceCheckUtils]: 97: Hoare triple {16433#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret76#1 && __utac_acc__SignForward_spec__1_#t~ret76#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~5#1 := __utac_acc__SignForward_spec__1_#t~ret76#1;havoc __utac_acc__SignForward_spec__1_#t~ret76#1; {16433#false} is VALID [2022-02-20 17:59:29,948 INFO L290 TraceCheckUtils]: 98: Hoare triple {16433#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~5#1; {16433#false} is VALID [2022-02-20 17:59:29,948 INFO L272 TraceCheckUtils]: 99: Hoare triple {16433#false} call __utac_acc__SignForward_spec__1_#t~ret77#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {16432#true} is VALID [2022-02-20 17:59:29,948 INFO L290 TraceCheckUtils]: 100: Hoare triple {16432#true} ~handle := #in~handle;havoc ~retValue_acc~9; {16432#true} is VALID [2022-02-20 17:59:29,948 INFO L290 TraceCheckUtils]: 101: Hoare triple {16432#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {16432#true} is VALID [2022-02-20 17:59:29,948 INFO L290 TraceCheckUtils]: 102: Hoare triple {16432#true} assume true; {16432#true} is VALID [2022-02-20 17:59:29,948 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {16432#true} {16433#false} #871#return; {16433#false} is VALID [2022-02-20 17:59:29,948 INFO L290 TraceCheckUtils]: 104: Hoare triple {16433#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret77#1 && __utac_acc__SignForward_spec__1_#t~ret77#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~12#1 := __utac_acc__SignForward_spec__1_#t~ret77#1;havoc __utac_acc__SignForward_spec__1_#t~ret77#1; {16433#false} is VALID [2022-02-20 17:59:29,948 INFO L290 TraceCheckUtils]: 105: Hoare triple {16433#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~12#1;assume { :begin_inline___automaton_fail } true; {16433#false} is VALID [2022-02-20 17:59:29,949 INFO L290 TraceCheckUtils]: 106: Hoare triple {16433#false} assume !false; {16433#false} is VALID [2022-02-20 17:59:29,949 INFO L134 CoverageAnalysis]: Checked inductivity of 35 backedges. 13 proven. 0 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 17:59:29,949 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:29,949 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [853623754] [2022-02-20 17:59:29,949 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [853623754] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:29,949 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:59:29,949 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 17:59:29,949 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1439352467] [2022-02-20 17:59:29,950 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:29,950 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 6.363636363636363) internal successors, (70), 8 states have internal predecessors, (70), 4 states have call successors, (14), 6 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) Word has length 107 [2022-02-20 17:59:29,950 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:29,950 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 6.363636363636363) internal successors, (70), 8 states have internal predecessors, (70), 4 states have call successors, (14), 6 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 17:59:30,008 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 96 edges. 96 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:30,008 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 17:59:30,008 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:30,009 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 17:59:30,009 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:59:30,009 INFO L87 Difference]: Start difference. First operand 341 states and 523 transitions. Second operand has 12 states, 11 states have (on average 6.363636363636363) internal successors, (70), 8 states have internal predecessors, (70), 4 states have call successors, (14), 6 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 17:59:36,359 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:36,359 INFO L93 Difference]: Finished difference Result 759 states and 1170 transitions. [2022-02-20 17:59:36,359 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2022-02-20 17:59:36,359 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 6.363636363636363) internal successors, (70), 8 states have internal predecessors, (70), 4 states have call successors, (14), 6 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) Word has length 107 [2022-02-20 17:59:36,360 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:36,360 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 6.363636363636363) internal successors, (70), 8 states have internal predecessors, (70), 4 states have call successors, (14), 6 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 17:59:36,366 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 988 transitions. [2022-02-20 17:59:36,366 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 6.363636363636363) internal successors, (70), 8 states have internal predecessors, (70), 4 states have call successors, (14), 6 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 17:59:36,372 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 988 transitions. [2022-02-20 17:59:36,372 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 988 transitions. [2022-02-20 17:59:37,144 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 988 edges. 988 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:37,155 INFO L225 Difference]: With dead ends: 759 [2022-02-20 17:59:37,155 INFO L226 Difference]: Without dead ends: 445 [2022-02-20 17:59:37,156 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 49 GetRequests, 27 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 71 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=112, Invalid=440, Unknown=0, NotChecked=0, Total=552 [2022-02-20 17:59:37,157 INFO L933 BasicCegarLoop]: 488 mSDtfsCounter, 1115 mSDsluCounter, 1132 mSDsCounter, 0 mSdLazyCounter, 2833 mSolverCounterSat, 344 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1115 SdHoareTripleChecker+Valid, 1620 SdHoareTripleChecker+Invalid, 3177 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 344 IncrementalHoareTripleChecker+Valid, 2833 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.9s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:37,157 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1115 Valid, 1620 Invalid, 3177 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [344 Valid, 2833 Invalid, 0 Unknown, 0 Unchecked, 2.9s Time] [2022-02-20 17:59:37,157 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 445 states. [2022-02-20 17:59:37,243 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 445 to 341. [2022-02-20 17:59:37,243 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:37,244 INFO L82 GeneralOperation]: Start isEquivalent. First operand 445 states. Second operand has 341 states, 269 states have (on average 1.5390334572490707) internal successors, (414), 273 states have internal predecessors, (414), 51 states have call successors, (51), 17 states have call predecessors, (51), 20 states have return successors, (57), 50 states have call predecessors, (57), 50 states have call successors, (57) [2022-02-20 17:59:37,245 INFO L74 IsIncluded]: Start isIncluded. First operand 445 states. Second operand has 341 states, 269 states have (on average 1.5390334572490707) internal successors, (414), 273 states have internal predecessors, (414), 51 states have call successors, (51), 17 states have call predecessors, (51), 20 states have return successors, (57), 50 states have call predecessors, (57), 50 states have call successors, (57) [2022-02-20 17:59:37,245 INFO L87 Difference]: Start difference. First operand 445 states. Second operand has 341 states, 269 states have (on average 1.5390334572490707) internal successors, (414), 273 states have internal predecessors, (414), 51 states have call successors, (51), 17 states have call predecessors, (51), 20 states have return successors, (57), 50 states have call predecessors, (57), 50 states have call successors, (57) [2022-02-20 17:59:37,255 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:37,256 INFO L93 Difference]: Finished difference Result 445 states and 684 transitions. [2022-02-20 17:59:37,256 INFO L276 IsEmpty]: Start isEmpty. Operand 445 states and 684 transitions. [2022-02-20 17:59:37,257 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:37,257 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:37,259 INFO L74 IsIncluded]: Start isIncluded. First operand has 341 states, 269 states have (on average 1.5390334572490707) internal successors, (414), 273 states have internal predecessors, (414), 51 states have call successors, (51), 17 states have call predecessors, (51), 20 states have return successors, (57), 50 states have call predecessors, (57), 50 states have call successors, (57) Second operand 445 states. [2022-02-20 17:59:37,259 INFO L87 Difference]: Start difference. First operand has 341 states, 269 states have (on average 1.5390334572490707) internal successors, (414), 273 states have internal predecessors, (414), 51 states have call successors, (51), 17 states have call predecessors, (51), 20 states have return successors, (57), 50 states have call predecessors, (57), 50 states have call successors, (57) Second operand 445 states. [2022-02-20 17:59:37,269 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:37,270 INFO L93 Difference]: Finished difference Result 445 states and 684 transitions. [2022-02-20 17:59:37,270 INFO L276 IsEmpty]: Start isEmpty. Operand 445 states and 684 transitions. [2022-02-20 17:59:37,271 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:37,271 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:37,271 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:37,271 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:37,272 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 341 states, 269 states have (on average 1.5390334572490707) internal successors, (414), 273 states have internal predecessors, (414), 51 states have call successors, (51), 17 states have call predecessors, (51), 20 states have return successors, (57), 50 states have call predecessors, (57), 50 states have call successors, (57) [2022-02-20 17:59:37,279 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 341 states to 341 states and 522 transitions. [2022-02-20 17:59:37,280 INFO L78 Accepts]: Start accepts. Automaton has 341 states and 522 transitions. Word has length 107 [2022-02-20 17:59:37,280 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:37,280 INFO L470 AbstractCegarLoop]: Abstraction has 341 states and 522 transitions. [2022-02-20 17:59:37,280 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 12 states, 11 states have (on average 6.363636363636363) internal successors, (70), 8 states have internal predecessors, (70), 4 states have call successors, (14), 6 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 17:59:37,280 INFO L276 IsEmpty]: Start isEmpty. Operand 341 states and 522 transitions. [2022-02-20 17:59:37,281 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 109 [2022-02-20 17:59:37,281 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:37,281 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:37,282 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-02-20 17:59:37,282 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:37,282 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:37,282 INFO L85 PathProgramCache]: Analyzing trace with hash 1159401631, now seen corresponding path program 2 times [2022-02-20 17:59:37,282 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:37,282 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [146025578] [2022-02-20 17:59:37,282 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:37,283 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:37,302 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:37,345 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:59:37,346 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:37,353 INFO L290 TraceCheckUtils]: 0: Hoare triple {19029#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18972#true} is VALID [2022-02-20 17:59:37,353 INFO L290 TraceCheckUtils]: 1: Hoare triple {18972#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {18972#true} is VALID [2022-02-20 17:59:37,353 INFO L290 TraceCheckUtils]: 2: Hoare triple {18972#true} assume true; {18972#true} is VALID [2022-02-20 17:59:37,353 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18972#true} {18972#true} #901#return; {18972#true} is VALID [2022-02-20 17:59:37,358 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:59:37,359 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:37,361 INFO L290 TraceCheckUtils]: 0: Hoare triple {19030#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18972#true} is VALID [2022-02-20 17:59:37,361 INFO L290 TraceCheckUtils]: 1: Hoare triple {18972#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18972#true} is VALID [2022-02-20 17:59:37,361 INFO L290 TraceCheckUtils]: 2: Hoare triple {18972#true} assume true; {18972#true} is VALID [2022-02-20 17:59:37,361 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18972#true} {18972#true} #903#return; {18972#true} is VALID [2022-02-20 17:59:37,362 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:37,363 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:37,373 INFO L290 TraceCheckUtils]: 0: Hoare triple {19029#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18972#true} is VALID [2022-02-20 17:59:37,373 INFO L290 TraceCheckUtils]: 1: Hoare triple {18972#true} assume !(1 == ~handle); {18972#true} is VALID [2022-02-20 17:59:37,373 INFO L290 TraceCheckUtils]: 2: Hoare triple {18972#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18972#true} is VALID [2022-02-20 17:59:37,373 INFO L290 TraceCheckUtils]: 3: Hoare triple {18972#true} assume true; {18972#true} is VALID [2022-02-20 17:59:37,373 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {18972#true} {18972#true} #905#return; {18972#true} is VALID [2022-02-20 17:59:37,374 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:59:37,375 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:37,377 INFO L290 TraceCheckUtils]: 0: Hoare triple {19030#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18972#true} is VALID [2022-02-20 17:59:37,377 INFO L290 TraceCheckUtils]: 1: Hoare triple {18972#true} assume !(1 == ~handle); {18972#true} is VALID [2022-02-20 17:59:37,377 INFO L290 TraceCheckUtils]: 2: Hoare triple {18972#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {18972#true} is VALID [2022-02-20 17:59:37,377 INFO L290 TraceCheckUtils]: 3: Hoare triple {18972#true} assume true; {18972#true} is VALID [2022-02-20 17:59:37,378 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {18972#true} {18972#true} #907#return; {18972#true} is VALID [2022-02-20 17:59:37,378 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:59:37,379 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:37,393 INFO L290 TraceCheckUtils]: 0: Hoare triple {19029#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19031#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:37,394 INFO L290 TraceCheckUtils]: 1: Hoare triple {19031#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {19031#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:37,394 INFO L290 TraceCheckUtils]: 2: Hoare triple {19031#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {19031#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:37,394 INFO L290 TraceCheckUtils]: 3: Hoare triple {19031#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {19032#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:37,395 INFO L290 TraceCheckUtils]: 4: Hoare triple {19032#(= 3 |setClientId_#in~handle|)} assume true; {19032#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:37,395 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {19032#(= 3 |setClientId_#in~handle|)} {18992#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #909#return; {18999#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 17:59:37,396 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 17:59:37,397 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:37,412 INFO L290 TraceCheckUtils]: 0: Hoare triple {19030#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19033#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:37,412 INFO L290 TraceCheckUtils]: 1: Hoare triple {19033#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {19033#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:37,412 INFO L290 TraceCheckUtils]: 2: Hoare triple {19033#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {19034#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:37,413 INFO L290 TraceCheckUtils]: 3: Hoare triple {19034#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {19034#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:37,413 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {19034#(= 2 |setClientPrivateKey_#in~handle|)} {18999#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #911#return; {18973#false} is VALID [2022-02-20 17:59:37,421 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63 [2022-02-20 17:59:37,422 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:37,423 INFO L290 TraceCheckUtils]: 0: Hoare triple {19035#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18972#true} is VALID [2022-02-20 17:59:37,423 INFO L290 TraceCheckUtils]: 1: Hoare triple {18972#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18972#true} is VALID [2022-02-20 17:59:37,423 INFO L290 TraceCheckUtils]: 2: Hoare triple {18972#true} assume true; {18972#true} is VALID [2022-02-20 17:59:37,424 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18972#true} {18973#false} #895#return; {18973#false} is VALID [2022-02-20 17:59:37,431 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 17:59:37,432 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:37,434 INFO L290 TraceCheckUtils]: 0: Hoare triple {19036#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {18972#true} is VALID [2022-02-20 17:59:37,434 INFO L290 TraceCheckUtils]: 1: Hoare triple {18972#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {18972#true} is VALID [2022-02-20 17:59:37,434 INFO L290 TraceCheckUtils]: 2: Hoare triple {18972#true} assume true; {18972#true} is VALID [2022-02-20 17:59:37,434 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18972#true} {18973#false} #897#return; {18973#false} is VALID [2022-02-20 17:59:37,434 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 17:59:37,435 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:37,436 INFO L290 TraceCheckUtils]: 0: Hoare triple {18972#true} ~handle := #in~handle;havoc ~retValue_acc~9; {18972#true} is VALID [2022-02-20 17:59:37,436 INFO L290 TraceCheckUtils]: 1: Hoare triple {18972#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {18972#true} is VALID [2022-02-20 17:59:37,436 INFO L290 TraceCheckUtils]: 2: Hoare triple {18972#true} assume true; {18972#true} is VALID [2022-02-20 17:59:37,436 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18972#true} {18973#false} #865#return; {18973#false} is VALID [2022-02-20 17:59:37,437 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 17:59:37,437 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:37,439 INFO L290 TraceCheckUtils]: 0: Hoare triple {19035#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18972#true} is VALID [2022-02-20 17:59:37,440 INFO L290 TraceCheckUtils]: 1: Hoare triple {18972#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18972#true} is VALID [2022-02-20 17:59:37,440 INFO L290 TraceCheckUtils]: 2: Hoare triple {18972#true} assume true; {18972#true} is VALID [2022-02-20 17:59:37,440 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18972#true} {18973#false} #867#return; {18973#false} is VALID [2022-02-20 17:59:37,440 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 17:59:37,441 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:37,443 INFO L290 TraceCheckUtils]: 0: Hoare triple {18972#true} ~handle := #in~handle;havoc ~retValue_acc~25; {18972#true} is VALID [2022-02-20 17:59:37,444 INFO L290 TraceCheckUtils]: 1: Hoare triple {18972#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~25; {18972#true} is VALID [2022-02-20 17:59:37,444 INFO L290 TraceCheckUtils]: 2: Hoare triple {18972#true} assume true; {18972#true} is VALID [2022-02-20 17:59:37,444 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18972#true} {18973#false} #869#return; {18973#false} is VALID [2022-02-20 17:59:37,444 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2022-02-20 17:59:37,445 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:37,447 INFO L290 TraceCheckUtils]: 0: Hoare triple {18972#true} ~handle := #in~handle;havoc ~retValue_acc~9; {18972#true} is VALID [2022-02-20 17:59:37,447 INFO L290 TraceCheckUtils]: 1: Hoare triple {18972#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {18972#true} is VALID [2022-02-20 17:59:37,447 INFO L290 TraceCheckUtils]: 2: Hoare triple {18972#true} assume true; {18972#true} is VALID [2022-02-20 17:59:37,447 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18972#true} {18973#false} #871#return; {18973#false} is VALID [2022-02-20 17:59:37,447 INFO L290 TraceCheckUtils]: 0: Hoare triple {18972#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(13, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(20, 34);call #Ultimate.allocInit(22, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(115, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {18972#true} is VALID [2022-02-20 17:59:37,447 INFO L290 TraceCheckUtils]: 1: Hoare triple {18972#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret14#1, main_~retValue_acc~28#1, main_~tmp~3#1;havoc main_~retValue_acc~28#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {18972#true} is VALID [2022-02-20 17:59:37,448 INFO L290 TraceCheckUtils]: 2: Hoare triple {18972#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {18972#true} is VALID [2022-02-20 17:59:37,448 INFO L290 TraceCheckUtils]: 3: Hoare triple {18972#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~36#1;havoc valid_product_~retValue_acc~36#1;valid_product_~retValue_acc~36#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~36#1; {18972#true} is VALID [2022-02-20 17:59:37,448 INFO L290 TraceCheckUtils]: 4: Hoare triple {18972#true} main_#t~ret14#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret14#1 && main_#t~ret14#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret14#1;havoc main_#t~ret14#1; {18972#true} is VALID [2022-02-20 17:59:37,448 INFO L290 TraceCheckUtils]: 5: Hoare triple {18972#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet11#1, setup_#t~nondet12#1, setup_#t~nondet13#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {18972#true} is VALID [2022-02-20 17:59:37,449 INFO L272 TraceCheckUtils]: 6: Hoare triple {18972#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {19029#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:37,449 INFO L290 TraceCheckUtils]: 7: Hoare triple {19029#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18972#true} is VALID [2022-02-20 17:59:37,449 INFO L290 TraceCheckUtils]: 8: Hoare triple {18972#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {18972#true} is VALID [2022-02-20 17:59:37,449 INFO L290 TraceCheckUtils]: 9: Hoare triple {18972#true} assume true; {18972#true} is VALID [2022-02-20 17:59:37,449 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {18972#true} {18972#true} #901#return; {18972#true} is VALID [2022-02-20 17:59:37,449 INFO L290 TraceCheckUtils]: 11: Hoare triple {18972#true} assume { :end_inline_setup_bob__wrappee__Base } true; {18972#true} is VALID [2022-02-20 17:59:37,450 INFO L272 TraceCheckUtils]: 12: Hoare triple {18972#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {19030#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:37,450 INFO L290 TraceCheckUtils]: 13: Hoare triple {19030#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18972#true} is VALID [2022-02-20 17:59:37,450 INFO L290 TraceCheckUtils]: 14: Hoare triple {18972#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18972#true} is VALID [2022-02-20 17:59:37,450 INFO L290 TraceCheckUtils]: 15: Hoare triple {18972#true} assume true; {18972#true} is VALID [2022-02-20 17:59:37,450 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {18972#true} {18972#true} #903#return; {18972#true} is VALID [2022-02-20 17:59:37,450 INFO L290 TraceCheckUtils]: 17: Hoare triple {18972#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet11#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {18972#true} is VALID [2022-02-20 17:59:37,451 INFO L272 TraceCheckUtils]: 18: Hoare triple {18972#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {19029#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:37,451 INFO L290 TraceCheckUtils]: 19: Hoare triple {19029#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18972#true} is VALID [2022-02-20 17:59:37,451 INFO L290 TraceCheckUtils]: 20: Hoare triple {18972#true} assume !(1 == ~handle); {18972#true} is VALID [2022-02-20 17:59:37,451 INFO L290 TraceCheckUtils]: 21: Hoare triple {18972#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18972#true} is VALID [2022-02-20 17:59:37,452 INFO L290 TraceCheckUtils]: 22: Hoare triple {18972#true} assume true; {18972#true} is VALID [2022-02-20 17:59:37,452 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {18972#true} {18972#true} #905#return; {18972#true} is VALID [2022-02-20 17:59:37,452 INFO L290 TraceCheckUtils]: 24: Hoare triple {18972#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {18972#true} is VALID [2022-02-20 17:59:37,452 INFO L272 TraceCheckUtils]: 25: Hoare triple {18972#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {19030#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:37,453 INFO L290 TraceCheckUtils]: 26: Hoare triple {19030#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18972#true} is VALID [2022-02-20 17:59:37,453 INFO L290 TraceCheckUtils]: 27: Hoare triple {18972#true} assume !(1 == ~handle); {18972#true} is VALID [2022-02-20 17:59:37,453 INFO L290 TraceCheckUtils]: 28: Hoare triple {18972#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {18972#true} is VALID [2022-02-20 17:59:37,453 INFO L290 TraceCheckUtils]: 29: Hoare triple {18972#true} assume true; {18972#true} is VALID [2022-02-20 17:59:37,453 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {18972#true} {18972#true} #907#return; {18972#true} is VALID [2022-02-20 17:59:37,453 INFO L290 TraceCheckUtils]: 31: Hoare triple {18972#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet12#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {18992#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:59:37,454 INFO L272 TraceCheckUtils]: 32: Hoare triple {18992#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {19029#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:37,454 INFO L290 TraceCheckUtils]: 33: Hoare triple {19029#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19031#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:37,455 INFO L290 TraceCheckUtils]: 34: Hoare triple {19031#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {19031#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:37,455 INFO L290 TraceCheckUtils]: 35: Hoare triple {19031#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {19031#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:37,455 INFO L290 TraceCheckUtils]: 36: Hoare triple {19031#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {19032#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:37,456 INFO L290 TraceCheckUtils]: 37: Hoare triple {19032#(= 3 |setClientId_#in~handle|)} assume true; {19032#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:37,456 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {19032#(= 3 |setClientId_#in~handle|)} {18992#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #909#return; {18999#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 17:59:37,457 INFO L290 TraceCheckUtils]: 39: Hoare triple {18999#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} assume { :end_inline_setup_chuck__wrappee__Base } true; {18999#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 17:59:37,457 INFO L272 TraceCheckUtils]: 40: Hoare triple {18999#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {19030#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:37,457 INFO L290 TraceCheckUtils]: 41: Hoare triple {19030#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19033#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:37,458 INFO L290 TraceCheckUtils]: 42: Hoare triple {19033#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {19033#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:37,458 INFO L290 TraceCheckUtils]: 43: Hoare triple {19033#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {19034#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:37,458 INFO L290 TraceCheckUtils]: 44: Hoare triple {19034#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {19034#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:37,459 INFO L284 TraceCheckUtils]: 45: Hoare quadruple {19034#(= 2 |setClientPrivateKey_#in~handle|)} {18999#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #911#return; {18973#false} is VALID [2022-02-20 17:59:37,459 INFO L290 TraceCheckUtils]: 46: Hoare triple {18973#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 8, 0;havoc setup_#t~nondet13#1; {18973#false} is VALID [2022-02-20 17:59:37,459 INFO L290 TraceCheckUtils]: 47: Hoare triple {18973#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {18973#false} is VALID [2022-02-20 17:59:37,459 INFO L290 TraceCheckUtils]: 48: Hoare triple {18973#false} assume !false; {18973#false} is VALID [2022-02-20 17:59:37,459 INFO L290 TraceCheckUtils]: 49: Hoare triple {18973#false} assume test_~splverifierCounter~0#1 < 4; {18973#false} is VALID [2022-02-20 17:59:37,460 INFO L290 TraceCheckUtils]: 50: Hoare triple {18973#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {18973#false} is VALID [2022-02-20 17:59:37,460 INFO L290 TraceCheckUtils]: 51: Hoare triple {18973#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet40#1 && test_#t~nondet40#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet40#1;havoc test_#t~nondet40#1; {18973#false} is VALID [2022-02-20 17:59:37,460 INFO L290 TraceCheckUtils]: 52: Hoare triple {18973#false} assume !(0 != test_~tmp___9~0#1); {18973#false} is VALID [2022-02-20 17:59:37,460 INFO L290 TraceCheckUtils]: 53: Hoare triple {18973#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet41#1 && test_#t~nondet41#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet41#1;havoc test_#t~nondet41#1; {18973#false} is VALID [2022-02-20 17:59:37,460 INFO L290 TraceCheckUtils]: 54: Hoare triple {18973#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {18973#false} is VALID [2022-02-20 17:59:37,460 INFO L290 TraceCheckUtils]: 55: Hoare triple {18973#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {18973#false} is VALID [2022-02-20 17:59:37,460 INFO L290 TraceCheckUtils]: 56: Hoare triple {18973#false} assume { :end_inline_setClientAutoResponse } true; {18973#false} is VALID [2022-02-20 17:59:37,460 INFO L290 TraceCheckUtils]: 57: Hoare triple {18973#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {18973#false} is VALID [2022-02-20 17:59:37,461 INFO L290 TraceCheckUtils]: 58: Hoare triple {18973#false} assume !false; {18973#false} is VALID [2022-02-20 17:59:37,461 INFO L290 TraceCheckUtils]: 59: Hoare triple {18973#false} assume !(test_~splverifierCounter~0#1 < 4); {18973#false} is VALID [2022-02-20 17:59:37,461 INFO L290 TraceCheckUtils]: 60: Hoare triple {18973#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret6#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret6#1 && bobToRjh_#t~ret6#1 <= 2147483647;havoc bobToRjh_#t~ret6#1; {18973#false} is VALID [2022-02-20 17:59:37,461 INFO L272 TraceCheckUtils]: 61: Hoare triple {18973#false} call sendEmail(~bob~0, ~rjh~0); {18973#false} is VALID [2022-02-20 17:59:37,461 INFO L290 TraceCheckUtils]: 62: Hoare triple {18973#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~31#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~31#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {18973#false} is VALID [2022-02-20 17:59:37,461 INFO L272 TraceCheckUtils]: 63: Hoare triple {18973#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {19035#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:37,461 INFO L290 TraceCheckUtils]: 64: Hoare triple {19035#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18972#true} is VALID [2022-02-20 17:59:37,461 INFO L290 TraceCheckUtils]: 65: Hoare triple {18972#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18972#true} is VALID [2022-02-20 17:59:37,462 INFO L290 TraceCheckUtils]: 66: Hoare triple {18972#true} assume true; {18972#true} is VALID [2022-02-20 17:59:37,462 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {18972#true} {18973#false} #895#return; {18973#false} is VALID [2022-02-20 17:59:37,462 INFO L272 TraceCheckUtils]: 68: Hoare triple {18973#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {19036#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:37,462 INFO L290 TraceCheckUtils]: 69: Hoare triple {19036#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {18972#true} is VALID [2022-02-20 17:59:37,462 INFO L290 TraceCheckUtils]: 70: Hoare triple {18972#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {18972#true} is VALID [2022-02-20 17:59:37,462 INFO L290 TraceCheckUtils]: 71: Hoare triple {18972#true} assume true; {18972#true} is VALID [2022-02-20 17:59:37,462 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {18972#true} {18973#false} #897#return; {18973#false} is VALID [2022-02-20 17:59:37,462 INFO L290 TraceCheckUtils]: 73: Hoare triple {18973#false} createEmail_~retValue_acc~31#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~31#1; {18973#false} is VALID [2022-02-20 17:59:37,463 INFO L290 TraceCheckUtils]: 74: Hoare triple {18973#false} #t~ret84#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret84#1 && #t~ret84#1 <= 2147483647;~tmp~17#1 := #t~ret84#1;havoc #t~ret84#1;~email~0#1 := ~tmp~17#1; {18973#false} is VALID [2022-02-20 17:59:37,463 INFO L272 TraceCheckUtils]: 75: Hoare triple {18973#false} call outgoing(~sender#1, ~email~0#1); {18973#false} is VALID [2022-02-20 17:59:37,463 INFO L290 TraceCheckUtils]: 76: Hoare triple {18973#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret88#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~19#1; {18973#false} is VALID [2022-02-20 17:59:37,463 INFO L272 TraceCheckUtils]: 77: Hoare triple {18973#false} call sign_#t~ret88#1 := getClientPrivateKey(sign_~client#1); {18972#true} is VALID [2022-02-20 17:59:37,463 INFO L290 TraceCheckUtils]: 78: Hoare triple {18972#true} ~handle := #in~handle;havoc ~retValue_acc~9; {18972#true} is VALID [2022-02-20 17:59:37,463 INFO L290 TraceCheckUtils]: 79: Hoare triple {18972#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {18972#true} is VALID [2022-02-20 17:59:37,463 INFO L290 TraceCheckUtils]: 80: Hoare triple {18972#true} assume true; {18972#true} is VALID [2022-02-20 17:59:37,463 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {18972#true} {18973#false} #865#return; {18973#false} is VALID [2022-02-20 17:59:37,464 INFO L290 TraceCheckUtils]: 82: Hoare triple {18973#false} assume -2147483648 <= sign_#t~ret88#1 && sign_#t~ret88#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret88#1;havoc sign_#t~ret88#1;sign_~privkey~0#1 := sign_~tmp~19#1; {18973#false} is VALID [2022-02-20 17:59:37,464 INFO L290 TraceCheckUtils]: 83: Hoare triple {18973#false} assume 0 == sign_~privkey~0#1; {18973#false} is VALID [2022-02-20 17:59:37,464 INFO L290 TraceCheckUtils]: 84: Hoare triple {18973#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret80#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__AutoResponder_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {18973#false} is VALID [2022-02-20 17:59:37,464 INFO L290 TraceCheckUtils]: 85: Hoare triple {18973#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {18973#false} is VALID [2022-02-20 17:59:37,464 INFO L290 TraceCheckUtils]: 86: Hoare triple {18973#false} outgoing__wrappee__AutoResponder_#t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret80#1 && outgoing__wrappee__AutoResponder_#t~ret80#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret80#1;havoc outgoing__wrappee__AutoResponder_#t~ret80#1; {18973#false} is VALID [2022-02-20 17:59:37,464 INFO L272 TraceCheckUtils]: 87: Hoare triple {18973#false} call setEmailFrom(outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1); {19035#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:37,464 INFO L290 TraceCheckUtils]: 88: Hoare triple {19035#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18972#true} is VALID [2022-02-20 17:59:37,464 INFO L290 TraceCheckUtils]: 89: Hoare triple {18972#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18972#true} is VALID [2022-02-20 17:59:37,465 INFO L290 TraceCheckUtils]: 90: Hoare triple {18972#true} assume true; {18972#true} is VALID [2022-02-20 17:59:37,465 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {18972#true} {18973#false} #867#return; {18973#false} is VALID [2022-02-20 17:59:37,465 INFO L290 TraceCheckUtils]: 92: Hoare triple {18973#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret75#1, __utac_acc__SignForward_spec__1_#t~ret76#1, __utac_acc__SignForward_spec__1_#t~ret77#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~12#1, __utac_acc__SignForward_spec__1_~tmp___0~5#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~12#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~5#1;call __utac_acc__SignForward_spec__1_#t~ret75#1 := puts(31, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret75#1 && __utac_acc__SignForward_spec__1_#t~ret75#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret75#1; {18973#false} is VALID [2022-02-20 17:59:37,465 INFO L272 TraceCheckUtils]: 93: Hoare triple {18973#false} call __utac_acc__SignForward_spec__1_#t~ret76#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {18972#true} is VALID [2022-02-20 17:59:37,465 INFO L290 TraceCheckUtils]: 94: Hoare triple {18972#true} ~handle := #in~handle;havoc ~retValue_acc~25; {18972#true} is VALID [2022-02-20 17:59:37,465 INFO L290 TraceCheckUtils]: 95: Hoare triple {18972#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~25; {18972#true} is VALID [2022-02-20 17:59:37,465 INFO L290 TraceCheckUtils]: 96: Hoare triple {18972#true} assume true; {18972#true} is VALID [2022-02-20 17:59:37,465 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {18972#true} {18973#false} #869#return; {18973#false} is VALID [2022-02-20 17:59:37,466 INFO L290 TraceCheckUtils]: 98: Hoare triple {18973#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret76#1 && __utac_acc__SignForward_spec__1_#t~ret76#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~5#1 := __utac_acc__SignForward_spec__1_#t~ret76#1;havoc __utac_acc__SignForward_spec__1_#t~ret76#1; {18973#false} is VALID [2022-02-20 17:59:37,466 INFO L290 TraceCheckUtils]: 99: Hoare triple {18973#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~5#1; {18973#false} is VALID [2022-02-20 17:59:37,466 INFO L272 TraceCheckUtils]: 100: Hoare triple {18973#false} call __utac_acc__SignForward_spec__1_#t~ret77#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {18972#true} is VALID [2022-02-20 17:59:37,466 INFO L290 TraceCheckUtils]: 101: Hoare triple {18972#true} ~handle := #in~handle;havoc ~retValue_acc~9; {18972#true} is VALID [2022-02-20 17:59:37,466 INFO L290 TraceCheckUtils]: 102: Hoare triple {18972#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {18972#true} is VALID [2022-02-20 17:59:37,466 INFO L290 TraceCheckUtils]: 103: Hoare triple {18972#true} assume true; {18972#true} is VALID [2022-02-20 17:59:37,466 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {18972#true} {18973#false} #871#return; {18973#false} is VALID [2022-02-20 17:59:37,466 INFO L290 TraceCheckUtils]: 105: Hoare triple {18973#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret77#1 && __utac_acc__SignForward_spec__1_#t~ret77#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~12#1 := __utac_acc__SignForward_spec__1_#t~ret77#1;havoc __utac_acc__SignForward_spec__1_#t~ret77#1; {18973#false} is VALID [2022-02-20 17:59:37,467 INFO L290 TraceCheckUtils]: 106: Hoare triple {18973#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~12#1;assume { :begin_inline___automaton_fail } true; {18973#false} is VALID [2022-02-20 17:59:37,467 INFO L290 TraceCheckUtils]: 107: Hoare triple {18973#false} assume !false; {18973#false} is VALID [2022-02-20 17:59:37,467 INFO L134 CoverageAnalysis]: Checked inductivity of 36 backedges. 14 proven. 0 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 17:59:37,467 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:37,467 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [146025578] [2022-02-20 17:59:37,467 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [146025578] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:37,468 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:59:37,468 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 17:59:37,468 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1968264348] [2022-02-20 17:59:37,468 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:37,468 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 6.454545454545454) internal successors, (71), 8 states have internal predecessors, (71), 4 states have call successors, (14), 6 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) Word has length 108 [2022-02-20 17:59:37,469 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:37,469 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 6.454545454545454) internal successors, (71), 8 states have internal predecessors, (71), 4 states have call successors, (14), 6 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 17:59:37,534 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 97 edges. 97 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:37,534 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 17:59:37,534 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:37,535 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 17:59:37,535 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:59:37,535 INFO L87 Difference]: Start difference. First operand 341 states and 522 transitions. Second operand has 12 states, 11 states have (on average 6.454545454545454) internal successors, (71), 8 states have internal predecessors, (71), 4 states have call successors, (14), 6 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 17:59:44,685 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:44,685 INFO L93 Difference]: Finished difference Result 761 states and 1176 transitions. [2022-02-20 17:59:44,685 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2022-02-20 17:59:44,685 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 6.454545454545454) internal successors, (71), 8 states have internal predecessors, (71), 4 states have call successors, (14), 6 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) Word has length 108 [2022-02-20 17:59:44,686 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:44,686 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 6.454545454545454) internal successors, (71), 8 states have internal predecessors, (71), 4 states have call successors, (14), 6 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 17:59:44,692 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 989 transitions. [2022-02-20 17:59:44,692 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 6.454545454545454) internal successors, (71), 8 states have internal predecessors, (71), 4 states have call successors, (14), 6 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 17:59:44,698 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 989 transitions. [2022-02-20 17:59:44,698 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 989 transitions. [2022-02-20 17:59:45,442 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 989 edges. 989 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:45,453 INFO L225 Difference]: With dead ends: 761 [2022-02-20 17:59:45,453 INFO L226 Difference]: Without dead ends: 447 [2022-02-20 17:59:45,454 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 49 GetRequests, 27 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 71 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=112, Invalid=440, Unknown=0, NotChecked=0, Total=552 [2022-02-20 17:59:45,456 INFO L933 BasicCegarLoop]: 491 mSDtfsCounter, 1109 mSDsluCounter, 1132 mSDsCounter, 0 mSdLazyCounter, 2880 mSolverCounterSat, 339 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1109 SdHoareTripleChecker+Valid, 1623 SdHoareTripleChecker+Invalid, 3219 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 339 IncrementalHoareTripleChecker+Valid, 2880 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.2s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:45,456 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1109 Valid, 1623 Invalid, 3219 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [339 Valid, 2880 Invalid, 0 Unknown, 0 Unchecked, 3.2s Time] [2022-02-20 17:59:45,456 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 447 states. [2022-02-20 17:59:45,545 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 447 to 343. [2022-02-20 17:59:45,545 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:45,545 INFO L82 GeneralOperation]: Start isEquivalent. First operand 447 states. Second operand has 343 states, 270 states have (on average 1.537037037037037) internal successors, (415), 275 states have internal predecessors, (415), 51 states have call successors, (51), 17 states have call predecessors, (51), 21 states have return successors, (62), 50 states have call predecessors, (62), 50 states have call successors, (62) [2022-02-20 17:59:45,546 INFO L74 IsIncluded]: Start isIncluded. First operand 447 states. Second operand has 343 states, 270 states have (on average 1.537037037037037) internal successors, (415), 275 states have internal predecessors, (415), 51 states have call successors, (51), 17 states have call predecessors, (51), 21 states have return successors, (62), 50 states have call predecessors, (62), 50 states have call successors, (62) [2022-02-20 17:59:45,547 INFO L87 Difference]: Start difference. First operand 447 states. Second operand has 343 states, 270 states have (on average 1.537037037037037) internal successors, (415), 275 states have internal predecessors, (415), 51 states have call successors, (51), 17 states have call predecessors, (51), 21 states have return successors, (62), 50 states have call predecessors, (62), 50 states have call successors, (62) [2022-02-20 17:59:45,558 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:45,558 INFO L93 Difference]: Finished difference Result 447 states and 690 transitions. [2022-02-20 17:59:45,558 INFO L276 IsEmpty]: Start isEmpty. Operand 447 states and 690 transitions. [2022-02-20 17:59:45,559 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:45,559 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:45,560 INFO L74 IsIncluded]: Start isIncluded. First operand has 343 states, 270 states have (on average 1.537037037037037) internal successors, (415), 275 states have internal predecessors, (415), 51 states have call successors, (51), 17 states have call predecessors, (51), 21 states have return successors, (62), 50 states have call predecessors, (62), 50 states have call successors, (62) Second operand 447 states. [2022-02-20 17:59:45,560 INFO L87 Difference]: Start difference. First operand has 343 states, 270 states have (on average 1.537037037037037) internal successors, (415), 275 states have internal predecessors, (415), 51 states have call successors, (51), 17 states have call predecessors, (51), 21 states have return successors, (62), 50 states have call predecessors, (62), 50 states have call successors, (62) Second operand 447 states. [2022-02-20 17:59:45,589 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:45,590 INFO L93 Difference]: Finished difference Result 447 states and 690 transitions. [2022-02-20 17:59:45,590 INFO L276 IsEmpty]: Start isEmpty. Operand 447 states and 690 transitions. [2022-02-20 17:59:45,591 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:45,591 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:45,591 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:45,592 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:45,592 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 343 states, 270 states have (on average 1.537037037037037) internal successors, (415), 275 states have internal predecessors, (415), 51 states have call successors, (51), 17 states have call predecessors, (51), 21 states have return successors, (62), 50 states have call predecessors, (62), 50 states have call successors, (62) [2022-02-20 17:59:45,599 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 343 states to 343 states and 528 transitions. [2022-02-20 17:59:45,599 INFO L78 Accepts]: Start accepts. Automaton has 343 states and 528 transitions. Word has length 108 [2022-02-20 17:59:45,600 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:45,600 INFO L470 AbstractCegarLoop]: Abstraction has 343 states and 528 transitions. [2022-02-20 17:59:45,600 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 12 states, 11 states have (on average 6.454545454545454) internal successors, (71), 8 states have internal predecessors, (71), 4 states have call successors, (14), 6 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 17:59:45,600 INFO L276 IsEmpty]: Start isEmpty. Operand 343 states and 528 transitions. [2022-02-20 17:59:45,602 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 110 [2022-02-20 17:59:45,602 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:45,602 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:45,602 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-02-20 17:59:45,602 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:45,603 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:45,603 INFO L85 PathProgramCache]: Analyzing trace with hash -2042043830, now seen corresponding path program 1 times [2022-02-20 17:59:45,603 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:45,603 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1499681195] [2022-02-20 17:59:45,603 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:45,603 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:45,652 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:45,681 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:59:45,682 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:45,683 INFO L290 TraceCheckUtils]: 0: Hoare triple {21580#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21521#true} is VALID [2022-02-20 17:59:45,683 INFO L290 TraceCheckUtils]: 1: Hoare triple {21521#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21521#true} is VALID [2022-02-20 17:59:45,684 INFO L290 TraceCheckUtils]: 2: Hoare triple {21521#true} assume true; {21521#true} is VALID [2022-02-20 17:59:45,684 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21521#true} {21521#true} #901#return; {21521#true} is VALID [2022-02-20 17:59:45,689 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:59:45,690 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:45,691 INFO L290 TraceCheckUtils]: 0: Hoare triple {21581#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21521#true} is VALID [2022-02-20 17:59:45,692 INFO L290 TraceCheckUtils]: 1: Hoare triple {21521#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21521#true} is VALID [2022-02-20 17:59:45,692 INFO L290 TraceCheckUtils]: 2: Hoare triple {21521#true} assume true; {21521#true} is VALID [2022-02-20 17:59:45,692 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21521#true} {21521#true} #903#return; {21521#true} is VALID [2022-02-20 17:59:45,692 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:45,693 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:45,705 INFO L290 TraceCheckUtils]: 0: Hoare triple {21580#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21582#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:45,706 INFO L290 TraceCheckUtils]: 1: Hoare triple {21582#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {21582#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:45,706 INFO L290 TraceCheckUtils]: 2: Hoare triple {21582#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {21583#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:45,706 INFO L290 TraceCheckUtils]: 3: Hoare triple {21583#(= 2 |setClientId_#in~handle|)} assume true; {21583#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:45,707 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {21583#(= 2 |setClientId_#in~handle|)} {21531#(= ~rjh~0 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #905#return; {21537#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:59:45,707 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:59:45,708 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:45,710 INFO L290 TraceCheckUtils]: 0: Hoare triple {21581#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21521#true} is VALID [2022-02-20 17:59:45,710 INFO L290 TraceCheckUtils]: 1: Hoare triple {21521#true} assume !(1 == ~handle); {21521#true} is VALID [2022-02-20 17:59:45,710 INFO L290 TraceCheckUtils]: 2: Hoare triple {21521#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {21521#true} is VALID [2022-02-20 17:59:45,710 INFO L290 TraceCheckUtils]: 3: Hoare triple {21521#true} assume true; {21521#true} is VALID [2022-02-20 17:59:45,710 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {21521#true} {21537#(not (= ~rjh~0 1))} #907#return; {21537#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:59:45,710 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:59:45,712 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:45,714 INFO L290 TraceCheckUtils]: 0: Hoare triple {21580#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21521#true} is VALID [2022-02-20 17:59:45,714 INFO L290 TraceCheckUtils]: 1: Hoare triple {21521#true} assume !(1 == ~handle); {21521#true} is VALID [2022-02-20 17:59:45,714 INFO L290 TraceCheckUtils]: 2: Hoare triple {21521#true} assume !(2 == ~handle); {21521#true} is VALID [2022-02-20 17:59:45,714 INFO L290 TraceCheckUtils]: 3: Hoare triple {21521#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {21521#true} is VALID [2022-02-20 17:59:45,714 INFO L290 TraceCheckUtils]: 4: Hoare triple {21521#true} assume true; {21521#true} is VALID [2022-02-20 17:59:45,715 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {21521#true} {21537#(not (= ~rjh~0 1))} #909#return; {21537#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:59:45,715 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 17:59:45,716 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:45,718 INFO L290 TraceCheckUtils]: 0: Hoare triple {21581#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21521#true} is VALID [2022-02-20 17:59:45,718 INFO L290 TraceCheckUtils]: 1: Hoare triple {21521#true} assume !(1 == ~handle); {21521#true} is VALID [2022-02-20 17:59:45,718 INFO L290 TraceCheckUtils]: 2: Hoare triple {21521#true} assume !(2 == ~handle); {21521#true} is VALID [2022-02-20 17:59:45,718 INFO L290 TraceCheckUtils]: 3: Hoare triple {21521#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {21521#true} is VALID [2022-02-20 17:59:45,719 INFO L290 TraceCheckUtils]: 4: Hoare triple {21521#true} assume true; {21521#true} is VALID [2022-02-20 17:59:45,719 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {21521#true} {21537#(not (= ~rjh~0 1))} #911#return; {21537#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:59:45,725 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2022-02-20 17:59:45,726 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:45,728 INFO L290 TraceCheckUtils]: 0: Hoare triple {21584#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21521#true} is VALID [2022-02-20 17:59:45,728 INFO L290 TraceCheckUtils]: 1: Hoare triple {21521#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21521#true} is VALID [2022-02-20 17:59:45,728 INFO L290 TraceCheckUtils]: 2: Hoare triple {21521#true} assume true; {21521#true} is VALID [2022-02-20 17:59:45,728 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21521#true} {21522#false} #895#return; {21522#false} is VALID [2022-02-20 17:59:45,735 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 17:59:45,736 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:45,737 INFO L290 TraceCheckUtils]: 0: Hoare triple {21585#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {21521#true} is VALID [2022-02-20 17:59:45,737 INFO L290 TraceCheckUtils]: 1: Hoare triple {21521#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21521#true} is VALID [2022-02-20 17:59:45,737 INFO L290 TraceCheckUtils]: 2: Hoare triple {21521#true} assume true; {21521#true} is VALID [2022-02-20 17:59:45,737 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21521#true} {21522#false} #897#return; {21522#false} is VALID [2022-02-20 17:59:45,737 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 17:59:45,738 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:45,739 INFO L290 TraceCheckUtils]: 0: Hoare triple {21521#true} ~handle := #in~handle;havoc ~retValue_acc~9; {21521#true} is VALID [2022-02-20 17:59:45,739 INFO L290 TraceCheckUtils]: 1: Hoare triple {21521#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {21521#true} is VALID [2022-02-20 17:59:45,739 INFO L290 TraceCheckUtils]: 2: Hoare triple {21521#true} assume true; {21521#true} is VALID [2022-02-20 17:59:45,739 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21521#true} {21522#false} #865#return; {21522#false} is VALID [2022-02-20 17:59:45,739 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 17:59:45,740 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:45,745 INFO L290 TraceCheckUtils]: 0: Hoare triple {21584#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21521#true} is VALID [2022-02-20 17:59:45,745 INFO L290 TraceCheckUtils]: 1: Hoare triple {21521#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21521#true} is VALID [2022-02-20 17:59:45,745 INFO L290 TraceCheckUtils]: 2: Hoare triple {21521#true} assume true; {21521#true} is VALID [2022-02-20 17:59:45,745 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21521#true} {21522#false} #867#return; {21522#false} is VALID [2022-02-20 17:59:45,745 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 17:59:45,746 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:45,747 INFO L290 TraceCheckUtils]: 0: Hoare triple {21521#true} ~handle := #in~handle;havoc ~retValue_acc~25; {21521#true} is VALID [2022-02-20 17:59:45,747 INFO L290 TraceCheckUtils]: 1: Hoare triple {21521#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~25; {21521#true} is VALID [2022-02-20 17:59:45,747 INFO L290 TraceCheckUtils]: 2: Hoare triple {21521#true} assume true; {21521#true} is VALID [2022-02-20 17:59:45,747 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21521#true} {21522#false} #869#return; {21522#false} is VALID [2022-02-20 17:59:45,747 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 17:59:45,748 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:45,749 INFO L290 TraceCheckUtils]: 0: Hoare triple {21521#true} ~handle := #in~handle;havoc ~retValue_acc~9; {21521#true} is VALID [2022-02-20 17:59:45,749 INFO L290 TraceCheckUtils]: 1: Hoare triple {21521#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {21521#true} is VALID [2022-02-20 17:59:45,749 INFO L290 TraceCheckUtils]: 2: Hoare triple {21521#true} assume true; {21521#true} is VALID [2022-02-20 17:59:45,749 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21521#true} {21522#false} #871#return; {21522#false} is VALID [2022-02-20 17:59:45,749 INFO L290 TraceCheckUtils]: 0: Hoare triple {21521#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(13, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(20, 34);call #Ultimate.allocInit(22, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(115, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {21521#true} is VALID [2022-02-20 17:59:45,749 INFO L290 TraceCheckUtils]: 1: Hoare triple {21521#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret14#1, main_~retValue_acc~28#1, main_~tmp~3#1;havoc main_~retValue_acc~28#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {21521#true} is VALID [2022-02-20 17:59:45,750 INFO L290 TraceCheckUtils]: 2: Hoare triple {21521#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {21521#true} is VALID [2022-02-20 17:59:45,750 INFO L290 TraceCheckUtils]: 3: Hoare triple {21521#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~36#1;havoc valid_product_~retValue_acc~36#1;valid_product_~retValue_acc~36#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~36#1; {21521#true} is VALID [2022-02-20 17:59:45,750 INFO L290 TraceCheckUtils]: 4: Hoare triple {21521#true} main_#t~ret14#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret14#1 && main_#t~ret14#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret14#1;havoc main_#t~ret14#1; {21521#true} is VALID [2022-02-20 17:59:45,750 INFO L290 TraceCheckUtils]: 5: Hoare triple {21521#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet11#1, setup_#t~nondet12#1, setup_#t~nondet13#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {21521#true} is VALID [2022-02-20 17:59:45,750 INFO L272 TraceCheckUtils]: 6: Hoare triple {21521#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {21580#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:45,751 INFO L290 TraceCheckUtils]: 7: Hoare triple {21580#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21521#true} is VALID [2022-02-20 17:59:45,751 INFO L290 TraceCheckUtils]: 8: Hoare triple {21521#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21521#true} is VALID [2022-02-20 17:59:45,751 INFO L290 TraceCheckUtils]: 9: Hoare triple {21521#true} assume true; {21521#true} is VALID [2022-02-20 17:59:45,751 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {21521#true} {21521#true} #901#return; {21521#true} is VALID [2022-02-20 17:59:45,751 INFO L290 TraceCheckUtils]: 11: Hoare triple {21521#true} assume { :end_inline_setup_bob__wrappee__Base } true; {21521#true} is VALID [2022-02-20 17:59:45,751 INFO L272 TraceCheckUtils]: 12: Hoare triple {21521#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {21581#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:45,752 INFO L290 TraceCheckUtils]: 13: Hoare triple {21581#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21521#true} is VALID [2022-02-20 17:59:45,752 INFO L290 TraceCheckUtils]: 14: Hoare triple {21521#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21521#true} is VALID [2022-02-20 17:59:45,752 INFO L290 TraceCheckUtils]: 15: Hoare triple {21521#true} assume true; {21521#true} is VALID [2022-02-20 17:59:45,752 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {21521#true} {21521#true} #903#return; {21521#true} is VALID [2022-02-20 17:59:45,752 INFO L290 TraceCheckUtils]: 17: Hoare triple {21521#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet11#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {21531#(= ~rjh~0 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 17:59:45,753 INFO L272 TraceCheckUtils]: 18: Hoare triple {21531#(= ~rjh~0 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {21580#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:45,753 INFO L290 TraceCheckUtils]: 19: Hoare triple {21580#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21582#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:45,753 INFO L290 TraceCheckUtils]: 20: Hoare triple {21582#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {21582#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:45,754 INFO L290 TraceCheckUtils]: 21: Hoare triple {21582#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {21583#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:45,754 INFO L290 TraceCheckUtils]: 22: Hoare triple {21583#(= 2 |setClientId_#in~handle|)} assume true; {21583#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:45,755 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {21583#(= 2 |setClientId_#in~handle|)} {21531#(= ~rjh~0 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #905#return; {21537#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:59:45,755 INFO L290 TraceCheckUtils]: 24: Hoare triple {21537#(not (= ~rjh~0 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {21537#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:59:45,755 INFO L272 TraceCheckUtils]: 25: Hoare triple {21537#(not (= ~rjh~0 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {21581#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:45,756 INFO L290 TraceCheckUtils]: 26: Hoare triple {21581#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21521#true} is VALID [2022-02-20 17:59:45,756 INFO L290 TraceCheckUtils]: 27: Hoare triple {21521#true} assume !(1 == ~handle); {21521#true} is VALID [2022-02-20 17:59:45,756 INFO L290 TraceCheckUtils]: 28: Hoare triple {21521#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {21521#true} is VALID [2022-02-20 17:59:45,756 INFO L290 TraceCheckUtils]: 29: Hoare triple {21521#true} assume true; {21521#true} is VALID [2022-02-20 17:59:45,756 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {21521#true} {21537#(not (= ~rjh~0 1))} #907#return; {21537#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:59:45,756 INFO L290 TraceCheckUtils]: 31: Hoare triple {21537#(not (= ~rjh~0 1))} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet12#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {21537#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:59:45,757 INFO L272 TraceCheckUtils]: 32: Hoare triple {21537#(not (= ~rjh~0 1))} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {21580#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:45,757 INFO L290 TraceCheckUtils]: 33: Hoare triple {21580#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21521#true} is VALID [2022-02-20 17:59:45,757 INFO L290 TraceCheckUtils]: 34: Hoare triple {21521#true} assume !(1 == ~handle); {21521#true} is VALID [2022-02-20 17:59:45,757 INFO L290 TraceCheckUtils]: 35: Hoare triple {21521#true} assume !(2 == ~handle); {21521#true} is VALID [2022-02-20 17:59:45,757 INFO L290 TraceCheckUtils]: 36: Hoare triple {21521#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {21521#true} is VALID [2022-02-20 17:59:45,758 INFO L290 TraceCheckUtils]: 37: Hoare triple {21521#true} assume true; {21521#true} is VALID [2022-02-20 17:59:45,758 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {21521#true} {21537#(not (= ~rjh~0 1))} #909#return; {21537#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:59:45,758 INFO L290 TraceCheckUtils]: 39: Hoare triple {21537#(not (= ~rjh~0 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {21537#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:59:45,759 INFO L272 TraceCheckUtils]: 40: Hoare triple {21537#(not (= ~rjh~0 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {21581#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:45,759 INFO L290 TraceCheckUtils]: 41: Hoare triple {21581#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21521#true} is VALID [2022-02-20 17:59:45,759 INFO L290 TraceCheckUtils]: 42: Hoare triple {21521#true} assume !(1 == ~handle); {21521#true} is VALID [2022-02-20 17:59:45,759 INFO L290 TraceCheckUtils]: 43: Hoare triple {21521#true} assume !(2 == ~handle); {21521#true} is VALID [2022-02-20 17:59:45,759 INFO L290 TraceCheckUtils]: 44: Hoare triple {21521#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {21521#true} is VALID [2022-02-20 17:59:45,759 INFO L290 TraceCheckUtils]: 45: Hoare triple {21521#true} assume true; {21521#true} is VALID [2022-02-20 17:59:45,760 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {21521#true} {21537#(not (= ~rjh~0 1))} #911#return; {21537#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:59:45,760 INFO L290 TraceCheckUtils]: 47: Hoare triple {21537#(not (= ~rjh~0 1))} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 8, 0;havoc setup_#t~nondet13#1; {21537#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:59:45,760 INFO L290 TraceCheckUtils]: 48: Hoare triple {21537#(not (= ~rjh~0 1))} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {21537#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:59:45,761 INFO L290 TraceCheckUtils]: 49: Hoare triple {21537#(not (= ~rjh~0 1))} assume !false; {21537#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:59:45,761 INFO L290 TraceCheckUtils]: 50: Hoare triple {21537#(not (= ~rjh~0 1))} assume test_~splverifierCounter~0#1 < 4; {21537#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:59:45,761 INFO L290 TraceCheckUtils]: 51: Hoare triple {21537#(not (= ~rjh~0 1))} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {21537#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:59:45,761 INFO L290 TraceCheckUtils]: 52: Hoare triple {21537#(not (= ~rjh~0 1))} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet40#1 && test_#t~nondet40#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet40#1;havoc test_#t~nondet40#1; {21537#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:59:45,762 INFO L290 TraceCheckUtils]: 53: Hoare triple {21537#(not (= ~rjh~0 1))} assume !(0 != test_~tmp___9~0#1); {21537#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:59:45,762 INFO L290 TraceCheckUtils]: 54: Hoare triple {21537#(not (= ~rjh~0 1))} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet41#1 && test_#t~nondet41#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet41#1;havoc test_#t~nondet41#1; {21537#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:59:45,762 INFO L290 TraceCheckUtils]: 55: Hoare triple {21537#(not (= ~rjh~0 1))} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {21555#(not (= |ULTIMATE.start_setClientAutoResponse_~handle#1| 1))} is VALID [2022-02-20 17:59:45,763 INFO L290 TraceCheckUtils]: 56: Hoare triple {21555#(not (= |ULTIMATE.start_setClientAutoResponse_~handle#1| 1))} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {21522#false} is VALID [2022-02-20 17:59:45,763 INFO L290 TraceCheckUtils]: 57: Hoare triple {21522#false} assume { :end_inline_setClientAutoResponse } true; {21522#false} is VALID [2022-02-20 17:59:45,763 INFO L290 TraceCheckUtils]: 58: Hoare triple {21522#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {21522#false} is VALID [2022-02-20 17:59:45,763 INFO L290 TraceCheckUtils]: 59: Hoare triple {21522#false} assume !false; {21522#false} is VALID [2022-02-20 17:59:45,763 INFO L290 TraceCheckUtils]: 60: Hoare triple {21522#false} assume !(test_~splverifierCounter~0#1 < 4); {21522#false} is VALID [2022-02-20 17:59:45,763 INFO L290 TraceCheckUtils]: 61: Hoare triple {21522#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret6#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret6#1 && bobToRjh_#t~ret6#1 <= 2147483647;havoc bobToRjh_#t~ret6#1; {21522#false} is VALID [2022-02-20 17:59:45,763 INFO L272 TraceCheckUtils]: 62: Hoare triple {21522#false} call sendEmail(~bob~0, ~rjh~0); {21522#false} is VALID [2022-02-20 17:59:45,763 INFO L290 TraceCheckUtils]: 63: Hoare triple {21522#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~31#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~31#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {21522#false} is VALID [2022-02-20 17:59:45,763 INFO L272 TraceCheckUtils]: 64: Hoare triple {21522#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {21584#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:45,763 INFO L290 TraceCheckUtils]: 65: Hoare triple {21584#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21521#true} is VALID [2022-02-20 17:59:45,764 INFO L290 TraceCheckUtils]: 66: Hoare triple {21521#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21521#true} is VALID [2022-02-20 17:59:45,764 INFO L290 TraceCheckUtils]: 67: Hoare triple {21521#true} assume true; {21521#true} is VALID [2022-02-20 17:59:45,764 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {21521#true} {21522#false} #895#return; {21522#false} is VALID [2022-02-20 17:59:45,764 INFO L272 TraceCheckUtils]: 69: Hoare triple {21522#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {21585#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:45,764 INFO L290 TraceCheckUtils]: 70: Hoare triple {21585#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {21521#true} is VALID [2022-02-20 17:59:45,764 INFO L290 TraceCheckUtils]: 71: Hoare triple {21521#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21521#true} is VALID [2022-02-20 17:59:45,764 INFO L290 TraceCheckUtils]: 72: Hoare triple {21521#true} assume true; {21521#true} is VALID [2022-02-20 17:59:45,764 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {21521#true} {21522#false} #897#return; {21522#false} is VALID [2022-02-20 17:59:45,764 INFO L290 TraceCheckUtils]: 74: Hoare triple {21522#false} createEmail_~retValue_acc~31#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~31#1; {21522#false} is VALID [2022-02-20 17:59:45,764 INFO L290 TraceCheckUtils]: 75: Hoare triple {21522#false} #t~ret84#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret84#1 && #t~ret84#1 <= 2147483647;~tmp~17#1 := #t~ret84#1;havoc #t~ret84#1;~email~0#1 := ~tmp~17#1; {21522#false} is VALID [2022-02-20 17:59:45,765 INFO L272 TraceCheckUtils]: 76: Hoare triple {21522#false} call outgoing(~sender#1, ~email~0#1); {21522#false} is VALID [2022-02-20 17:59:45,765 INFO L290 TraceCheckUtils]: 77: Hoare triple {21522#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret88#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~19#1; {21522#false} is VALID [2022-02-20 17:59:45,765 INFO L272 TraceCheckUtils]: 78: Hoare triple {21522#false} call sign_#t~ret88#1 := getClientPrivateKey(sign_~client#1); {21521#true} is VALID [2022-02-20 17:59:45,765 INFO L290 TraceCheckUtils]: 79: Hoare triple {21521#true} ~handle := #in~handle;havoc ~retValue_acc~9; {21521#true} is VALID [2022-02-20 17:59:45,765 INFO L290 TraceCheckUtils]: 80: Hoare triple {21521#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {21521#true} is VALID [2022-02-20 17:59:45,765 INFO L290 TraceCheckUtils]: 81: Hoare triple {21521#true} assume true; {21521#true} is VALID [2022-02-20 17:59:45,765 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {21521#true} {21522#false} #865#return; {21522#false} is VALID [2022-02-20 17:59:45,765 INFO L290 TraceCheckUtils]: 83: Hoare triple {21522#false} assume -2147483648 <= sign_#t~ret88#1 && sign_#t~ret88#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret88#1;havoc sign_#t~ret88#1;sign_~privkey~0#1 := sign_~tmp~19#1; {21522#false} is VALID [2022-02-20 17:59:45,765 INFO L290 TraceCheckUtils]: 84: Hoare triple {21522#false} assume 0 == sign_~privkey~0#1; {21522#false} is VALID [2022-02-20 17:59:45,765 INFO L290 TraceCheckUtils]: 85: Hoare triple {21522#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret80#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__AutoResponder_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {21522#false} is VALID [2022-02-20 17:59:45,766 INFO L290 TraceCheckUtils]: 86: Hoare triple {21522#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {21522#false} is VALID [2022-02-20 17:59:45,766 INFO L290 TraceCheckUtils]: 87: Hoare triple {21522#false} outgoing__wrappee__AutoResponder_#t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret80#1 && outgoing__wrappee__AutoResponder_#t~ret80#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret80#1;havoc outgoing__wrappee__AutoResponder_#t~ret80#1; {21522#false} is VALID [2022-02-20 17:59:45,766 INFO L272 TraceCheckUtils]: 88: Hoare triple {21522#false} call setEmailFrom(outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1); {21584#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:45,766 INFO L290 TraceCheckUtils]: 89: Hoare triple {21584#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21521#true} is VALID [2022-02-20 17:59:45,766 INFO L290 TraceCheckUtils]: 90: Hoare triple {21521#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21521#true} is VALID [2022-02-20 17:59:45,766 INFO L290 TraceCheckUtils]: 91: Hoare triple {21521#true} assume true; {21521#true} is VALID [2022-02-20 17:59:45,766 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {21521#true} {21522#false} #867#return; {21522#false} is VALID [2022-02-20 17:59:45,766 INFO L290 TraceCheckUtils]: 93: Hoare triple {21522#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret75#1, __utac_acc__SignForward_spec__1_#t~ret76#1, __utac_acc__SignForward_spec__1_#t~ret77#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~12#1, __utac_acc__SignForward_spec__1_~tmp___0~5#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~12#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~5#1;call __utac_acc__SignForward_spec__1_#t~ret75#1 := puts(31, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret75#1 && __utac_acc__SignForward_spec__1_#t~ret75#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret75#1; {21522#false} is VALID [2022-02-20 17:59:45,766 INFO L272 TraceCheckUtils]: 94: Hoare triple {21522#false} call __utac_acc__SignForward_spec__1_#t~ret76#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {21521#true} is VALID [2022-02-20 17:59:45,767 INFO L290 TraceCheckUtils]: 95: Hoare triple {21521#true} ~handle := #in~handle;havoc ~retValue_acc~25; {21521#true} is VALID [2022-02-20 17:59:45,767 INFO L290 TraceCheckUtils]: 96: Hoare triple {21521#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~25; {21521#true} is VALID [2022-02-20 17:59:45,767 INFO L290 TraceCheckUtils]: 97: Hoare triple {21521#true} assume true; {21521#true} is VALID [2022-02-20 17:59:45,767 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {21521#true} {21522#false} #869#return; {21522#false} is VALID [2022-02-20 17:59:45,767 INFO L290 TraceCheckUtils]: 99: Hoare triple {21522#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret76#1 && __utac_acc__SignForward_spec__1_#t~ret76#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~5#1 := __utac_acc__SignForward_spec__1_#t~ret76#1;havoc __utac_acc__SignForward_spec__1_#t~ret76#1; {21522#false} is VALID [2022-02-20 17:59:45,767 INFO L290 TraceCheckUtils]: 100: Hoare triple {21522#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~5#1; {21522#false} is VALID [2022-02-20 17:59:45,767 INFO L272 TraceCheckUtils]: 101: Hoare triple {21522#false} call __utac_acc__SignForward_spec__1_#t~ret77#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {21521#true} is VALID [2022-02-20 17:59:45,767 INFO L290 TraceCheckUtils]: 102: Hoare triple {21521#true} ~handle := #in~handle;havoc ~retValue_acc~9; {21521#true} is VALID [2022-02-20 17:59:45,767 INFO L290 TraceCheckUtils]: 103: Hoare triple {21521#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {21521#true} is VALID [2022-02-20 17:59:45,767 INFO L290 TraceCheckUtils]: 104: Hoare triple {21521#true} assume true; {21521#true} is VALID [2022-02-20 17:59:45,768 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {21521#true} {21522#false} #871#return; {21522#false} is VALID [2022-02-20 17:59:45,768 INFO L290 TraceCheckUtils]: 106: Hoare triple {21522#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret77#1 && __utac_acc__SignForward_spec__1_#t~ret77#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~12#1 := __utac_acc__SignForward_spec__1_#t~ret77#1;havoc __utac_acc__SignForward_spec__1_#t~ret77#1; {21522#false} is VALID [2022-02-20 17:59:45,768 INFO L290 TraceCheckUtils]: 107: Hoare triple {21522#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~12#1;assume { :begin_inline___automaton_fail } true; {21522#false} is VALID [2022-02-20 17:59:45,768 INFO L290 TraceCheckUtils]: 108: Hoare triple {21522#false} assume !false; {21522#false} is VALID [2022-02-20 17:59:45,768 INFO L134 CoverageAnalysis]: Checked inductivity of 36 backedges. 5 proven. 4 refuted. 0 times theorem prover too weak. 27 trivial. 0 not checked. [2022-02-20 17:59:45,768 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:45,768 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1499681195] [2022-02-20 17:59:45,768 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1499681195] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:59:45,769 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [78613529] [2022-02-20 17:59:45,769 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:45,769 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:45,769 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:59:45,770 INFO L229 MonitoredProcess]: Starting monitored process 7 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:59:45,771 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (7)] Waiting until timeout for monitored process [2022-02-20 17:59:45,951 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:45,953 INFO L263 TraceCheckSpWp]: Trace formula consists of 1004 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 17:59:45,986 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:45,988 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:59:46,244 INFO L290 TraceCheckUtils]: 0: Hoare triple {21521#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(13, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(20, 34);call #Ultimate.allocInit(22, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(115, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {21521#true} is VALID [2022-02-20 17:59:46,244 INFO L290 TraceCheckUtils]: 1: Hoare triple {21521#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret14#1, main_~retValue_acc~28#1, main_~tmp~3#1;havoc main_~retValue_acc~28#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {21521#true} is VALID [2022-02-20 17:59:46,244 INFO L290 TraceCheckUtils]: 2: Hoare triple {21521#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {21521#true} is VALID [2022-02-20 17:59:46,244 INFO L290 TraceCheckUtils]: 3: Hoare triple {21521#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~36#1;havoc valid_product_~retValue_acc~36#1;valid_product_~retValue_acc~36#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~36#1; {21521#true} is VALID [2022-02-20 17:59:46,244 INFO L290 TraceCheckUtils]: 4: Hoare triple {21521#true} main_#t~ret14#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret14#1 && main_#t~ret14#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret14#1;havoc main_#t~ret14#1; {21521#true} is VALID [2022-02-20 17:59:46,244 INFO L290 TraceCheckUtils]: 5: Hoare triple {21521#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet11#1, setup_#t~nondet12#1, setup_#t~nondet13#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {21521#true} is VALID [2022-02-20 17:59:46,244 INFO L272 TraceCheckUtils]: 6: Hoare triple {21521#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {21521#true} is VALID [2022-02-20 17:59:46,244 INFO L290 TraceCheckUtils]: 7: Hoare triple {21521#true} ~handle := #in~handle;~value := #in~value; {21521#true} is VALID [2022-02-20 17:59:46,244 INFO L290 TraceCheckUtils]: 8: Hoare triple {21521#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21521#true} is VALID [2022-02-20 17:59:46,244 INFO L290 TraceCheckUtils]: 9: Hoare triple {21521#true} assume true; {21521#true} is VALID [2022-02-20 17:59:46,249 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {21521#true} {21521#true} #901#return; {21521#true} is VALID [2022-02-20 17:59:46,249 INFO L290 TraceCheckUtils]: 11: Hoare triple {21521#true} assume { :end_inline_setup_bob__wrappee__Base } true; {21521#true} is VALID [2022-02-20 17:59:46,249 INFO L272 TraceCheckUtils]: 12: Hoare triple {21521#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {21521#true} is VALID [2022-02-20 17:59:46,250 INFO L290 TraceCheckUtils]: 13: Hoare triple {21521#true} ~handle := #in~handle;~value := #in~value; {21521#true} is VALID [2022-02-20 17:59:46,250 INFO L290 TraceCheckUtils]: 14: Hoare triple {21521#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21521#true} is VALID [2022-02-20 17:59:46,252 INFO L290 TraceCheckUtils]: 15: Hoare triple {21521#true} assume true; {21521#true} is VALID [2022-02-20 17:59:46,253 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {21521#true} {21521#true} #903#return; {21521#true} is VALID [2022-02-20 17:59:46,253 INFO L290 TraceCheckUtils]: 17: Hoare triple {21521#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet11#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {21521#true} is VALID [2022-02-20 17:59:46,253 INFO L272 TraceCheckUtils]: 18: Hoare triple {21521#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {21521#true} is VALID [2022-02-20 17:59:46,253 INFO L290 TraceCheckUtils]: 19: Hoare triple {21521#true} ~handle := #in~handle;~value := #in~value; {21521#true} is VALID [2022-02-20 17:59:46,254 INFO L290 TraceCheckUtils]: 20: Hoare triple {21521#true} assume !(1 == ~handle); {21521#true} is VALID [2022-02-20 17:59:46,254 INFO L290 TraceCheckUtils]: 21: Hoare triple {21521#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {21521#true} is VALID [2022-02-20 17:59:46,254 INFO L290 TraceCheckUtils]: 22: Hoare triple {21521#true} assume true; {21521#true} is VALID [2022-02-20 17:59:46,254 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {21521#true} {21521#true} #905#return; {21521#true} is VALID [2022-02-20 17:59:46,254 INFO L290 TraceCheckUtils]: 24: Hoare triple {21521#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {21521#true} is VALID [2022-02-20 17:59:46,254 INFO L272 TraceCheckUtils]: 25: Hoare triple {21521#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {21521#true} is VALID [2022-02-20 17:59:46,254 INFO L290 TraceCheckUtils]: 26: Hoare triple {21521#true} ~handle := #in~handle;~value := #in~value; {21521#true} is VALID [2022-02-20 17:59:46,254 INFO L290 TraceCheckUtils]: 27: Hoare triple {21521#true} assume !(1 == ~handle); {21521#true} is VALID [2022-02-20 17:59:46,254 INFO L290 TraceCheckUtils]: 28: Hoare triple {21521#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {21521#true} is VALID [2022-02-20 17:59:46,254 INFO L290 TraceCheckUtils]: 29: Hoare triple {21521#true} assume true; {21521#true} is VALID [2022-02-20 17:59:46,254 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {21521#true} {21521#true} #907#return; {21521#true} is VALID [2022-02-20 17:59:46,254 INFO L290 TraceCheckUtils]: 31: Hoare triple {21521#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet12#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {21521#true} is VALID [2022-02-20 17:59:46,254 INFO L272 TraceCheckUtils]: 32: Hoare triple {21521#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {21521#true} is VALID [2022-02-20 17:59:46,254 INFO L290 TraceCheckUtils]: 33: Hoare triple {21521#true} ~handle := #in~handle;~value := #in~value; {21521#true} is VALID [2022-02-20 17:59:46,255 INFO L290 TraceCheckUtils]: 34: Hoare triple {21521#true} assume !(1 == ~handle); {21521#true} is VALID [2022-02-20 17:59:46,255 INFO L290 TraceCheckUtils]: 35: Hoare triple {21521#true} assume !(2 == ~handle); {21521#true} is VALID [2022-02-20 17:59:46,255 INFO L290 TraceCheckUtils]: 36: Hoare triple {21521#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {21521#true} is VALID [2022-02-20 17:59:46,255 INFO L290 TraceCheckUtils]: 37: Hoare triple {21521#true} assume true; {21521#true} is VALID [2022-02-20 17:59:46,255 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {21521#true} {21521#true} #909#return; {21521#true} is VALID [2022-02-20 17:59:46,255 INFO L290 TraceCheckUtils]: 39: Hoare triple {21521#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {21521#true} is VALID [2022-02-20 17:59:46,255 INFO L272 TraceCheckUtils]: 40: Hoare triple {21521#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {21521#true} is VALID [2022-02-20 17:59:46,255 INFO L290 TraceCheckUtils]: 41: Hoare triple {21521#true} ~handle := #in~handle;~value := #in~value; {21521#true} is VALID [2022-02-20 17:59:46,255 INFO L290 TraceCheckUtils]: 42: Hoare triple {21521#true} assume !(1 == ~handle); {21521#true} is VALID [2022-02-20 17:59:46,255 INFO L290 TraceCheckUtils]: 43: Hoare triple {21521#true} assume !(2 == ~handle); {21521#true} is VALID [2022-02-20 17:59:46,255 INFO L290 TraceCheckUtils]: 44: Hoare triple {21521#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {21521#true} is VALID [2022-02-20 17:59:46,255 INFO L290 TraceCheckUtils]: 45: Hoare triple {21521#true} assume true; {21521#true} is VALID [2022-02-20 17:59:46,255 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {21521#true} {21521#true} #911#return; {21521#true} is VALID [2022-02-20 17:59:46,255 INFO L290 TraceCheckUtils]: 47: Hoare triple {21521#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 8, 0;havoc setup_#t~nondet13#1; {21521#true} is VALID [2022-02-20 17:59:46,256 INFO L290 TraceCheckUtils]: 48: Hoare triple {21521#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {21733#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:59:46,256 INFO L290 TraceCheckUtils]: 49: Hoare triple {21733#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {21733#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:59:46,256 INFO L290 TraceCheckUtils]: 50: Hoare triple {21733#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {21733#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:59:46,257 INFO L290 TraceCheckUtils]: 51: Hoare triple {21733#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {21743#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:59:46,257 INFO L290 TraceCheckUtils]: 52: Hoare triple {21743#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet40#1 && test_#t~nondet40#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet40#1;havoc test_#t~nondet40#1; {21743#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:59:46,257 INFO L290 TraceCheckUtils]: 53: Hoare triple {21743#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(0 != test_~tmp___9~0#1); {21743#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:59:46,257 INFO L290 TraceCheckUtils]: 54: Hoare triple {21743#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet41#1 && test_#t~nondet41#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet41#1;havoc test_#t~nondet41#1; {21743#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:59:46,258 INFO L290 TraceCheckUtils]: 55: Hoare triple {21743#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {21743#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:59:46,258 INFO L290 TraceCheckUtils]: 56: Hoare triple {21743#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {21743#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:59:46,258 INFO L290 TraceCheckUtils]: 57: Hoare triple {21743#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume { :end_inline_setClientAutoResponse } true; {21743#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:59:46,259 INFO L290 TraceCheckUtils]: 58: Hoare triple {21743#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {21743#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:59:46,259 INFO L290 TraceCheckUtils]: 59: Hoare triple {21743#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !false; {21743#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:59:46,259 INFO L290 TraceCheckUtils]: 60: Hoare triple {21743#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(test_~splverifierCounter~0#1 < 4); {21522#false} is VALID [2022-02-20 17:59:46,259 INFO L290 TraceCheckUtils]: 61: Hoare triple {21522#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret6#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret6#1 && bobToRjh_#t~ret6#1 <= 2147483647;havoc bobToRjh_#t~ret6#1; {21522#false} is VALID [2022-02-20 17:59:46,259 INFO L272 TraceCheckUtils]: 62: Hoare triple {21522#false} call sendEmail(~bob~0, ~rjh~0); {21522#false} is VALID [2022-02-20 17:59:46,259 INFO L290 TraceCheckUtils]: 63: Hoare triple {21522#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~31#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~31#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {21522#false} is VALID [2022-02-20 17:59:46,259 INFO L272 TraceCheckUtils]: 64: Hoare triple {21522#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {21522#false} is VALID [2022-02-20 17:59:46,259 INFO L290 TraceCheckUtils]: 65: Hoare triple {21522#false} ~handle := #in~handle;~value := #in~value; {21522#false} is VALID [2022-02-20 17:59:46,260 INFO L290 TraceCheckUtils]: 66: Hoare triple {21522#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21522#false} is VALID [2022-02-20 17:59:46,260 INFO L290 TraceCheckUtils]: 67: Hoare triple {21522#false} assume true; {21522#false} is VALID [2022-02-20 17:59:46,260 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {21522#false} {21522#false} #895#return; {21522#false} is VALID [2022-02-20 17:59:46,260 INFO L272 TraceCheckUtils]: 69: Hoare triple {21522#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {21522#false} is VALID [2022-02-20 17:59:46,260 INFO L290 TraceCheckUtils]: 70: Hoare triple {21522#false} ~handle := #in~handle;~value := #in~value; {21522#false} is VALID [2022-02-20 17:59:46,260 INFO L290 TraceCheckUtils]: 71: Hoare triple {21522#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21522#false} is VALID [2022-02-20 17:59:46,260 INFO L290 TraceCheckUtils]: 72: Hoare triple {21522#false} assume true; {21522#false} is VALID [2022-02-20 17:59:46,260 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {21522#false} {21522#false} #897#return; {21522#false} is VALID [2022-02-20 17:59:46,260 INFO L290 TraceCheckUtils]: 74: Hoare triple {21522#false} createEmail_~retValue_acc~31#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~31#1; {21522#false} is VALID [2022-02-20 17:59:46,260 INFO L290 TraceCheckUtils]: 75: Hoare triple {21522#false} #t~ret84#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret84#1 && #t~ret84#1 <= 2147483647;~tmp~17#1 := #t~ret84#1;havoc #t~ret84#1;~email~0#1 := ~tmp~17#1; {21522#false} is VALID [2022-02-20 17:59:46,260 INFO L272 TraceCheckUtils]: 76: Hoare triple {21522#false} call outgoing(~sender#1, ~email~0#1); {21522#false} is VALID [2022-02-20 17:59:46,260 INFO L290 TraceCheckUtils]: 77: Hoare triple {21522#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret88#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~19#1; {21522#false} is VALID [2022-02-20 17:59:46,260 INFO L272 TraceCheckUtils]: 78: Hoare triple {21522#false} call sign_#t~ret88#1 := getClientPrivateKey(sign_~client#1); {21522#false} is VALID [2022-02-20 17:59:46,260 INFO L290 TraceCheckUtils]: 79: Hoare triple {21522#false} ~handle := #in~handle;havoc ~retValue_acc~9; {21522#false} is VALID [2022-02-20 17:59:46,260 INFO L290 TraceCheckUtils]: 80: Hoare triple {21522#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {21522#false} is VALID [2022-02-20 17:59:46,260 INFO L290 TraceCheckUtils]: 81: Hoare triple {21522#false} assume true; {21522#false} is VALID [2022-02-20 17:59:46,260 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {21522#false} {21522#false} #865#return; {21522#false} is VALID [2022-02-20 17:59:46,260 INFO L290 TraceCheckUtils]: 83: Hoare triple {21522#false} assume -2147483648 <= sign_#t~ret88#1 && sign_#t~ret88#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret88#1;havoc sign_#t~ret88#1;sign_~privkey~0#1 := sign_~tmp~19#1; {21522#false} is VALID [2022-02-20 17:59:46,260 INFO L290 TraceCheckUtils]: 84: Hoare triple {21522#false} assume 0 == sign_~privkey~0#1; {21522#false} is VALID [2022-02-20 17:59:46,260 INFO L290 TraceCheckUtils]: 85: Hoare triple {21522#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret80#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__AutoResponder_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {21522#false} is VALID [2022-02-20 17:59:46,260 INFO L290 TraceCheckUtils]: 86: Hoare triple {21522#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {21522#false} is VALID [2022-02-20 17:59:46,261 INFO L290 TraceCheckUtils]: 87: Hoare triple {21522#false} outgoing__wrappee__AutoResponder_#t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret80#1 && outgoing__wrappee__AutoResponder_#t~ret80#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret80#1;havoc outgoing__wrappee__AutoResponder_#t~ret80#1; {21522#false} is VALID [2022-02-20 17:59:46,261 INFO L272 TraceCheckUtils]: 88: Hoare triple {21522#false} call setEmailFrom(outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1); {21522#false} is VALID [2022-02-20 17:59:46,261 INFO L290 TraceCheckUtils]: 89: Hoare triple {21522#false} ~handle := #in~handle;~value := #in~value; {21522#false} is VALID [2022-02-20 17:59:46,261 INFO L290 TraceCheckUtils]: 90: Hoare triple {21522#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21522#false} is VALID [2022-02-20 17:59:46,261 INFO L290 TraceCheckUtils]: 91: Hoare triple {21522#false} assume true; {21522#false} is VALID [2022-02-20 17:59:46,261 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {21522#false} {21522#false} #867#return; {21522#false} is VALID [2022-02-20 17:59:46,261 INFO L290 TraceCheckUtils]: 93: Hoare triple {21522#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret75#1, __utac_acc__SignForward_spec__1_#t~ret76#1, __utac_acc__SignForward_spec__1_#t~ret77#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~12#1, __utac_acc__SignForward_spec__1_~tmp___0~5#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~12#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~5#1;call __utac_acc__SignForward_spec__1_#t~ret75#1 := puts(31, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret75#1 && __utac_acc__SignForward_spec__1_#t~ret75#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret75#1; {21522#false} is VALID [2022-02-20 17:59:46,261 INFO L272 TraceCheckUtils]: 94: Hoare triple {21522#false} call __utac_acc__SignForward_spec__1_#t~ret76#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {21522#false} is VALID [2022-02-20 17:59:46,261 INFO L290 TraceCheckUtils]: 95: Hoare triple {21522#false} ~handle := #in~handle;havoc ~retValue_acc~25; {21522#false} is VALID [2022-02-20 17:59:46,261 INFO L290 TraceCheckUtils]: 96: Hoare triple {21522#false} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~25; {21522#false} is VALID [2022-02-20 17:59:46,261 INFO L290 TraceCheckUtils]: 97: Hoare triple {21522#false} assume true; {21522#false} is VALID [2022-02-20 17:59:46,261 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {21522#false} {21522#false} #869#return; {21522#false} is VALID [2022-02-20 17:59:46,261 INFO L290 TraceCheckUtils]: 99: Hoare triple {21522#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret76#1 && __utac_acc__SignForward_spec__1_#t~ret76#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~5#1 := __utac_acc__SignForward_spec__1_#t~ret76#1;havoc __utac_acc__SignForward_spec__1_#t~ret76#1; {21522#false} is VALID [2022-02-20 17:59:46,261 INFO L290 TraceCheckUtils]: 100: Hoare triple {21522#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~5#1; {21522#false} is VALID [2022-02-20 17:59:46,261 INFO L272 TraceCheckUtils]: 101: Hoare triple {21522#false} call __utac_acc__SignForward_spec__1_#t~ret77#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {21522#false} is VALID [2022-02-20 17:59:46,261 INFO L290 TraceCheckUtils]: 102: Hoare triple {21522#false} ~handle := #in~handle;havoc ~retValue_acc~9; {21522#false} is VALID [2022-02-20 17:59:46,261 INFO L290 TraceCheckUtils]: 103: Hoare triple {21522#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {21522#false} is VALID [2022-02-20 17:59:46,261 INFO L290 TraceCheckUtils]: 104: Hoare triple {21522#false} assume true; {21522#false} is VALID [2022-02-20 17:59:46,261 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {21522#false} {21522#false} #871#return; {21522#false} is VALID [2022-02-20 17:59:46,261 INFO L290 TraceCheckUtils]: 106: Hoare triple {21522#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret77#1 && __utac_acc__SignForward_spec__1_#t~ret77#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~12#1 := __utac_acc__SignForward_spec__1_#t~ret77#1;havoc __utac_acc__SignForward_spec__1_#t~ret77#1; {21522#false} is VALID [2022-02-20 17:59:46,261 INFO L290 TraceCheckUtils]: 107: Hoare triple {21522#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~12#1;assume { :begin_inline___automaton_fail } true; {21522#false} is VALID [2022-02-20 17:59:46,262 INFO L290 TraceCheckUtils]: 108: Hoare triple {21522#false} assume !false; {21522#false} is VALID [2022-02-20 17:59:46,262 INFO L134 CoverageAnalysis]: Checked inductivity of 36 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 34 trivial. 0 not checked. [2022-02-20 17:59:46,262 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 17:59:46,566 INFO L290 TraceCheckUtils]: 108: Hoare triple {21522#false} assume !false; {21522#false} is VALID [2022-02-20 17:59:46,566 INFO L290 TraceCheckUtils]: 107: Hoare triple {21522#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~12#1;assume { :begin_inline___automaton_fail } true; {21522#false} is VALID [2022-02-20 17:59:46,566 INFO L290 TraceCheckUtils]: 106: Hoare triple {21522#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret77#1 && __utac_acc__SignForward_spec__1_#t~ret77#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~12#1 := __utac_acc__SignForward_spec__1_#t~ret77#1;havoc __utac_acc__SignForward_spec__1_#t~ret77#1; {21522#false} is VALID [2022-02-20 17:59:46,566 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {21521#true} {21522#false} #871#return; {21522#false} is VALID [2022-02-20 17:59:46,566 INFO L290 TraceCheckUtils]: 104: Hoare triple {21521#true} assume true; {21521#true} is VALID [2022-02-20 17:59:46,566 INFO L290 TraceCheckUtils]: 103: Hoare triple {21521#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {21521#true} is VALID [2022-02-20 17:59:46,566 INFO L290 TraceCheckUtils]: 102: Hoare triple {21521#true} ~handle := #in~handle;havoc ~retValue_acc~9; {21521#true} is VALID [2022-02-20 17:59:46,566 INFO L272 TraceCheckUtils]: 101: Hoare triple {21522#false} call __utac_acc__SignForward_spec__1_#t~ret77#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {21521#true} is VALID [2022-02-20 17:59:46,566 INFO L290 TraceCheckUtils]: 100: Hoare triple {21522#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~5#1; {21522#false} is VALID [2022-02-20 17:59:46,567 INFO L290 TraceCheckUtils]: 99: Hoare triple {21522#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret76#1 && __utac_acc__SignForward_spec__1_#t~ret76#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~5#1 := __utac_acc__SignForward_spec__1_#t~ret76#1;havoc __utac_acc__SignForward_spec__1_#t~ret76#1; {21522#false} is VALID [2022-02-20 17:59:46,567 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {21521#true} {21522#false} #869#return; {21522#false} is VALID [2022-02-20 17:59:46,567 INFO L290 TraceCheckUtils]: 97: Hoare triple {21521#true} assume true; {21521#true} is VALID [2022-02-20 17:59:46,567 INFO L290 TraceCheckUtils]: 96: Hoare triple {21521#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~25; {21521#true} is VALID [2022-02-20 17:59:46,567 INFO L290 TraceCheckUtils]: 95: Hoare triple {21521#true} ~handle := #in~handle;havoc ~retValue_acc~25; {21521#true} is VALID [2022-02-20 17:59:46,567 INFO L272 TraceCheckUtils]: 94: Hoare triple {21522#false} call __utac_acc__SignForward_spec__1_#t~ret76#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {21521#true} is VALID [2022-02-20 17:59:46,567 INFO L290 TraceCheckUtils]: 93: Hoare triple {21522#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret75#1, __utac_acc__SignForward_spec__1_#t~ret76#1, __utac_acc__SignForward_spec__1_#t~ret77#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~12#1, __utac_acc__SignForward_spec__1_~tmp___0~5#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~12#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~5#1;call __utac_acc__SignForward_spec__1_#t~ret75#1 := puts(31, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret75#1 && __utac_acc__SignForward_spec__1_#t~ret75#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret75#1; {21522#false} is VALID [2022-02-20 17:59:46,567 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {21521#true} {21522#false} #867#return; {21522#false} is VALID [2022-02-20 17:59:46,567 INFO L290 TraceCheckUtils]: 91: Hoare triple {21521#true} assume true; {21521#true} is VALID [2022-02-20 17:59:46,567 INFO L290 TraceCheckUtils]: 90: Hoare triple {21521#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21521#true} is VALID [2022-02-20 17:59:46,567 INFO L290 TraceCheckUtils]: 89: Hoare triple {21521#true} ~handle := #in~handle;~value := #in~value; {21521#true} is VALID [2022-02-20 17:59:46,567 INFO L272 TraceCheckUtils]: 88: Hoare triple {21522#false} call setEmailFrom(outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1); {21521#true} is VALID [2022-02-20 17:59:46,567 INFO L290 TraceCheckUtils]: 87: Hoare triple {21522#false} outgoing__wrappee__AutoResponder_#t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret80#1 && outgoing__wrappee__AutoResponder_#t~ret80#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret80#1;havoc outgoing__wrappee__AutoResponder_#t~ret80#1; {21522#false} is VALID [2022-02-20 17:59:46,567 INFO L290 TraceCheckUtils]: 86: Hoare triple {21522#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {21522#false} is VALID [2022-02-20 17:59:46,567 INFO L290 TraceCheckUtils]: 85: Hoare triple {21522#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret80#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__AutoResponder_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {21522#false} is VALID [2022-02-20 17:59:46,567 INFO L290 TraceCheckUtils]: 84: Hoare triple {21522#false} assume 0 == sign_~privkey~0#1; {21522#false} is VALID [2022-02-20 17:59:46,567 INFO L290 TraceCheckUtils]: 83: Hoare triple {21522#false} assume -2147483648 <= sign_#t~ret88#1 && sign_#t~ret88#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret88#1;havoc sign_#t~ret88#1;sign_~privkey~0#1 := sign_~tmp~19#1; {21522#false} is VALID [2022-02-20 17:59:46,567 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {21521#true} {21522#false} #865#return; {21522#false} is VALID [2022-02-20 17:59:46,567 INFO L290 TraceCheckUtils]: 81: Hoare triple {21521#true} assume true; {21521#true} is VALID [2022-02-20 17:59:46,567 INFO L290 TraceCheckUtils]: 80: Hoare triple {21521#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {21521#true} is VALID [2022-02-20 17:59:46,567 INFO L290 TraceCheckUtils]: 79: Hoare triple {21521#true} ~handle := #in~handle;havoc ~retValue_acc~9; {21521#true} is VALID [2022-02-20 17:59:46,567 INFO L272 TraceCheckUtils]: 78: Hoare triple {21522#false} call sign_#t~ret88#1 := getClientPrivateKey(sign_~client#1); {21521#true} is VALID [2022-02-20 17:59:46,568 INFO L290 TraceCheckUtils]: 77: Hoare triple {21522#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret88#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~19#1; {21522#false} is VALID [2022-02-20 17:59:46,568 INFO L272 TraceCheckUtils]: 76: Hoare triple {21522#false} call outgoing(~sender#1, ~email~0#1); {21522#false} is VALID [2022-02-20 17:59:46,568 INFO L290 TraceCheckUtils]: 75: Hoare triple {21522#false} #t~ret84#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret84#1 && #t~ret84#1 <= 2147483647;~tmp~17#1 := #t~ret84#1;havoc #t~ret84#1;~email~0#1 := ~tmp~17#1; {21522#false} is VALID [2022-02-20 17:59:46,568 INFO L290 TraceCheckUtils]: 74: Hoare triple {21522#false} createEmail_~retValue_acc~31#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~31#1; {21522#false} is VALID [2022-02-20 17:59:46,568 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {21521#true} {21522#false} #897#return; {21522#false} is VALID [2022-02-20 17:59:46,568 INFO L290 TraceCheckUtils]: 72: Hoare triple {21521#true} assume true; {21521#true} is VALID [2022-02-20 17:59:46,568 INFO L290 TraceCheckUtils]: 71: Hoare triple {21521#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21521#true} is VALID [2022-02-20 17:59:46,568 INFO L290 TraceCheckUtils]: 70: Hoare triple {21521#true} ~handle := #in~handle;~value := #in~value; {21521#true} is VALID [2022-02-20 17:59:46,568 INFO L272 TraceCheckUtils]: 69: Hoare triple {21522#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {21521#true} is VALID [2022-02-20 17:59:46,568 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {21521#true} {21522#false} #895#return; {21522#false} is VALID [2022-02-20 17:59:46,568 INFO L290 TraceCheckUtils]: 67: Hoare triple {21521#true} assume true; {21521#true} is VALID [2022-02-20 17:59:46,568 INFO L290 TraceCheckUtils]: 66: Hoare triple {21521#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21521#true} is VALID [2022-02-20 17:59:46,568 INFO L290 TraceCheckUtils]: 65: Hoare triple {21521#true} ~handle := #in~handle;~value := #in~value; {21521#true} is VALID [2022-02-20 17:59:46,568 INFO L272 TraceCheckUtils]: 64: Hoare triple {21522#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {21521#true} is VALID [2022-02-20 17:59:46,568 INFO L290 TraceCheckUtils]: 63: Hoare triple {21522#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~31#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~31#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {21522#false} is VALID [2022-02-20 17:59:46,568 INFO L272 TraceCheckUtils]: 62: Hoare triple {21522#false} call sendEmail(~bob~0, ~rjh~0); {21522#false} is VALID [2022-02-20 17:59:46,568 INFO L290 TraceCheckUtils]: 61: Hoare triple {21522#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret6#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret6#1 && bobToRjh_#t~ret6#1 <= 2147483647;havoc bobToRjh_#t~ret6#1; {21522#false} is VALID [2022-02-20 17:59:46,569 INFO L290 TraceCheckUtils]: 60: Hoare triple {22059#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(test_~splverifierCounter~0#1 < 4); {21522#false} is VALID [2022-02-20 17:59:46,569 INFO L290 TraceCheckUtils]: 59: Hoare triple {22059#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !false; {22059#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:59:46,569 INFO L290 TraceCheckUtils]: 58: Hoare triple {22059#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {22059#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:59:46,569 INFO L290 TraceCheckUtils]: 57: Hoare triple {22059#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume { :end_inline_setClientAutoResponse } true; {22059#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:59:46,570 INFO L290 TraceCheckUtils]: 56: Hoare triple {22059#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {22059#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:59:46,570 INFO L290 TraceCheckUtils]: 55: Hoare triple {22059#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {22059#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:59:46,570 INFO L290 TraceCheckUtils]: 54: Hoare triple {22059#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet41#1 && test_#t~nondet41#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet41#1;havoc test_#t~nondet41#1; {22059#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:59:46,570 INFO L290 TraceCheckUtils]: 53: Hoare triple {22059#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(0 != test_~tmp___9~0#1); {22059#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:59:46,571 INFO L290 TraceCheckUtils]: 52: Hoare triple {22059#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet40#1 && test_#t~nondet40#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet40#1;havoc test_#t~nondet40#1; {22059#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:59:46,571 INFO L290 TraceCheckUtils]: 51: Hoare triple {22087#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {22059#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:59:46,571 INFO L290 TraceCheckUtils]: 50: Hoare triple {22087#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume test_~splverifierCounter~0#1 < 4; {22087#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 17:59:46,572 INFO L290 TraceCheckUtils]: 49: Hoare triple {22087#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume !false; {22087#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 17:59:46,572 INFO L290 TraceCheckUtils]: 48: Hoare triple {21521#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {22087#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 17:59:46,572 INFO L290 TraceCheckUtils]: 47: Hoare triple {21521#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 8, 0;havoc setup_#t~nondet13#1; {21521#true} is VALID [2022-02-20 17:59:46,572 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {21521#true} {21521#true} #911#return; {21521#true} is VALID [2022-02-20 17:59:46,572 INFO L290 TraceCheckUtils]: 45: Hoare triple {21521#true} assume true; {21521#true} is VALID [2022-02-20 17:59:46,572 INFO L290 TraceCheckUtils]: 44: Hoare triple {21521#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {21521#true} is VALID [2022-02-20 17:59:46,572 INFO L290 TraceCheckUtils]: 43: Hoare triple {21521#true} assume !(2 == ~handle); {21521#true} is VALID [2022-02-20 17:59:46,572 INFO L290 TraceCheckUtils]: 42: Hoare triple {21521#true} assume !(1 == ~handle); {21521#true} is VALID [2022-02-20 17:59:46,572 INFO L290 TraceCheckUtils]: 41: Hoare triple {21521#true} ~handle := #in~handle;~value := #in~value; {21521#true} is VALID [2022-02-20 17:59:46,572 INFO L272 TraceCheckUtils]: 40: Hoare triple {21521#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {21521#true} is VALID [2022-02-20 17:59:46,573 INFO L290 TraceCheckUtils]: 39: Hoare triple {21521#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {21521#true} is VALID [2022-02-20 17:59:46,573 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {21521#true} {21521#true} #909#return; {21521#true} is VALID [2022-02-20 17:59:46,573 INFO L290 TraceCheckUtils]: 37: Hoare triple {21521#true} assume true; {21521#true} is VALID [2022-02-20 17:59:46,573 INFO L290 TraceCheckUtils]: 36: Hoare triple {21521#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {21521#true} is VALID [2022-02-20 17:59:46,573 INFO L290 TraceCheckUtils]: 35: Hoare triple {21521#true} assume !(2 == ~handle); {21521#true} is VALID [2022-02-20 17:59:46,573 INFO L290 TraceCheckUtils]: 34: Hoare triple {21521#true} assume !(1 == ~handle); {21521#true} is VALID [2022-02-20 17:59:46,573 INFO L290 TraceCheckUtils]: 33: Hoare triple {21521#true} ~handle := #in~handle;~value := #in~value; {21521#true} is VALID [2022-02-20 17:59:46,573 INFO L272 TraceCheckUtils]: 32: Hoare triple {21521#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {21521#true} is VALID [2022-02-20 17:59:46,573 INFO L290 TraceCheckUtils]: 31: Hoare triple {21521#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet12#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {21521#true} is VALID [2022-02-20 17:59:46,573 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {21521#true} {21521#true} #907#return; {21521#true} is VALID [2022-02-20 17:59:46,573 INFO L290 TraceCheckUtils]: 29: Hoare triple {21521#true} assume true; {21521#true} is VALID [2022-02-20 17:59:46,573 INFO L290 TraceCheckUtils]: 28: Hoare triple {21521#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {21521#true} is VALID [2022-02-20 17:59:46,573 INFO L290 TraceCheckUtils]: 27: Hoare triple {21521#true} assume !(1 == ~handle); {21521#true} is VALID [2022-02-20 17:59:46,573 INFO L290 TraceCheckUtils]: 26: Hoare triple {21521#true} ~handle := #in~handle;~value := #in~value; {21521#true} is VALID [2022-02-20 17:59:46,573 INFO L272 TraceCheckUtils]: 25: Hoare triple {21521#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {21521#true} is VALID [2022-02-20 17:59:46,573 INFO L290 TraceCheckUtils]: 24: Hoare triple {21521#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {21521#true} is VALID [2022-02-20 17:59:46,573 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {21521#true} {21521#true} #905#return; {21521#true} is VALID [2022-02-20 17:59:46,573 INFO L290 TraceCheckUtils]: 22: Hoare triple {21521#true} assume true; {21521#true} is VALID [2022-02-20 17:59:46,573 INFO L290 TraceCheckUtils]: 21: Hoare triple {21521#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {21521#true} is VALID [2022-02-20 17:59:46,573 INFO L290 TraceCheckUtils]: 20: Hoare triple {21521#true} assume !(1 == ~handle); {21521#true} is VALID [2022-02-20 17:59:46,573 INFO L290 TraceCheckUtils]: 19: Hoare triple {21521#true} ~handle := #in~handle;~value := #in~value; {21521#true} is VALID [2022-02-20 17:59:46,573 INFO L272 TraceCheckUtils]: 18: Hoare triple {21521#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {21521#true} is VALID [2022-02-20 17:59:46,574 INFO L290 TraceCheckUtils]: 17: Hoare triple {21521#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet11#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {21521#true} is VALID [2022-02-20 17:59:46,574 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {21521#true} {21521#true} #903#return; {21521#true} is VALID [2022-02-20 17:59:46,574 INFO L290 TraceCheckUtils]: 15: Hoare triple {21521#true} assume true; {21521#true} is VALID [2022-02-20 17:59:46,574 INFO L290 TraceCheckUtils]: 14: Hoare triple {21521#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21521#true} is VALID [2022-02-20 17:59:46,574 INFO L290 TraceCheckUtils]: 13: Hoare triple {21521#true} ~handle := #in~handle;~value := #in~value; {21521#true} is VALID [2022-02-20 17:59:46,574 INFO L272 TraceCheckUtils]: 12: Hoare triple {21521#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {21521#true} is VALID [2022-02-20 17:59:46,574 INFO L290 TraceCheckUtils]: 11: Hoare triple {21521#true} assume { :end_inline_setup_bob__wrappee__Base } true; {21521#true} is VALID [2022-02-20 17:59:46,574 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {21521#true} {21521#true} #901#return; {21521#true} is VALID [2022-02-20 17:59:46,574 INFO L290 TraceCheckUtils]: 9: Hoare triple {21521#true} assume true; {21521#true} is VALID [2022-02-20 17:59:46,574 INFO L290 TraceCheckUtils]: 8: Hoare triple {21521#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21521#true} is VALID [2022-02-20 17:59:46,574 INFO L290 TraceCheckUtils]: 7: Hoare triple {21521#true} ~handle := #in~handle;~value := #in~value; {21521#true} is VALID [2022-02-20 17:59:46,574 INFO L272 TraceCheckUtils]: 6: Hoare triple {21521#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {21521#true} is VALID [2022-02-20 17:59:46,574 INFO L290 TraceCheckUtils]: 5: Hoare triple {21521#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet11#1, setup_#t~nondet12#1, setup_#t~nondet13#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {21521#true} is VALID [2022-02-20 17:59:46,574 INFO L290 TraceCheckUtils]: 4: Hoare triple {21521#true} main_#t~ret14#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret14#1 && main_#t~ret14#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret14#1;havoc main_#t~ret14#1; {21521#true} is VALID [2022-02-20 17:59:46,574 INFO L290 TraceCheckUtils]: 3: Hoare triple {21521#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~36#1;havoc valid_product_~retValue_acc~36#1;valid_product_~retValue_acc~36#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~36#1; {21521#true} is VALID [2022-02-20 17:59:46,574 INFO L290 TraceCheckUtils]: 2: Hoare triple {21521#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {21521#true} is VALID [2022-02-20 17:59:46,574 INFO L290 TraceCheckUtils]: 1: Hoare triple {21521#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret14#1, main_~retValue_acc~28#1, main_~tmp~3#1;havoc main_~retValue_acc~28#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {21521#true} is VALID [2022-02-20 17:59:46,574 INFO L290 TraceCheckUtils]: 0: Hoare triple {21521#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(13, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(20, 34);call #Ultimate.allocInit(22, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(115, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {21521#true} is VALID [2022-02-20 17:59:46,575 INFO L134 CoverageAnalysis]: Checked inductivity of 36 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 34 trivial. 0 not checked. [2022-02-20 17:59:46,575 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [78613529] provided 0 perfect and 2 imperfect interpolant sequences [2022-02-20 17:59:46,575 INFO L191 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-02-20 17:59:46,575 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [11, 4, 4] total 15 [2022-02-20 17:59:46,575 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [319950425] [2022-02-20 17:59:46,575 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-02-20 17:59:46,576 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 14 states have (on average 8.428571428571429) internal successors, (118), 11 states have internal predecessors, (118), 4 states have call successors, (29), 6 states have call predecessors, (29), 3 states have return successors, (22), 3 states have call predecessors, (22), 4 states have call successors, (22) Word has length 109 [2022-02-20 17:59:46,597 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:46,597 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 15 states, 14 states have (on average 8.428571428571429) internal successors, (118), 11 states have internal predecessors, (118), 4 states have call successors, (29), 6 states have call predecessors, (29), 3 states have return successors, (22), 3 states have call predecessors, (22), 4 states have call successors, (22) [2022-02-20 17:59:46,706 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 169 edges. 169 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:46,706 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 15 states [2022-02-20 17:59:46,706 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:46,706 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2022-02-20 17:59:46,706 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=33, Invalid=177, Unknown=0, NotChecked=0, Total=210 [2022-02-20 17:59:46,707 INFO L87 Difference]: Start difference. First operand 343 states and 528 transitions. Second operand has 15 states, 14 states have (on average 8.428571428571429) internal successors, (118), 11 states have internal predecessors, (118), 4 states have call successors, (29), 6 states have call predecessors, (29), 3 states have return successors, (22), 3 states have call predecessors, (22), 4 states have call successors, (22) [2022-02-20 18:00:02,424 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:02,424 INFO L93 Difference]: Finished difference Result 1440 states and 2404 transitions. [2022-02-20 18:00:02,425 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 20 states. [2022-02-20 18:00:02,425 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 14 states have (on average 8.428571428571429) internal successors, (118), 11 states have internal predecessors, (118), 4 states have call successors, (29), 6 states have call predecessors, (29), 3 states have return successors, (22), 3 states have call predecessors, (22), 4 states have call successors, (22) Word has length 109 [2022-02-20 18:00:02,425 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:00:02,425 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 15 states, 14 states have (on average 8.428571428571429) internal successors, (118), 11 states have internal predecessors, (118), 4 states have call successors, (29), 6 states have call predecessors, (29), 3 states have return successors, (22), 3 states have call predecessors, (22), 4 states have call successors, (22) [2022-02-20 18:00:02,440 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 20 states to 20 states and 1854 transitions. [2022-02-20 18:00:02,440 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 15 states, 14 states have (on average 8.428571428571429) internal successors, (118), 11 states have internal predecessors, (118), 4 states have call successors, (29), 6 states have call predecessors, (29), 3 states have return successors, (22), 3 states have call predecessors, (22), 4 states have call successors, (22) [2022-02-20 18:00:02,455 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 20 states to 20 states and 1854 transitions. [2022-02-20 18:00:02,455 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 20 states and 1854 transitions. [2022-02-20 18:00:03,426 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1854 edges. 1854 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:03,492 INFO L225 Difference]: With dead ends: 1440 [2022-02-20 18:00:03,493 INFO L226 Difference]: Without dead ends: 1128 [2022-02-20 18:00:03,495 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 269 GetRequests, 239 SyntacticMatches, 0 SemanticMatches, 30 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 140 ImplicationChecksByTransitivity, 0.3s TimeCoverageRelationStatistics Valid=181, Invalid=811, Unknown=0, NotChecked=0, Total=992 [2022-02-20 18:00:03,496 INFO L933 BasicCegarLoop]: 660 mSDtfsCounter, 2692 mSDsluCounter, 2845 mSDsCounter, 0 mSdLazyCounter, 4619 mSolverCounterSat, 948 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 6.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 2694 SdHoareTripleChecker+Valid, 3505 SdHoareTripleChecker+Invalid, 5567 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 948 IncrementalHoareTripleChecker+Valid, 4619 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 6.6s IncrementalHoareTripleChecker+Time [2022-02-20 18:00:03,519 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [2694 Valid, 3505 Invalid, 5567 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [948 Valid, 4619 Invalid, 0 Unknown, 0 Unchecked, 6.6s Time] [2022-02-20 18:00:03,521 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1128 states. [2022-02-20 18:00:03,740 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1128 to 671. [2022-02-20 18:00:03,740 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:00:03,741 INFO L82 GeneralOperation]: Start isEquivalent. First operand 1128 states. Second operand has 671 states, 534 states have (on average 1.5842696629213484) internal successors, (846), 539 states have internal predecessors, (846), 115 states have call successors, (115), 17 states have call predecessors, (115), 21 states have return successors, (136), 114 states have call predecessors, (136), 114 states have call successors, (136) [2022-02-20 18:00:03,741 INFO L74 IsIncluded]: Start isIncluded. First operand 1128 states. Second operand has 671 states, 534 states have (on average 1.5842696629213484) internal successors, (846), 539 states have internal predecessors, (846), 115 states have call successors, (115), 17 states have call predecessors, (115), 21 states have return successors, (136), 114 states have call predecessors, (136), 114 states have call successors, (136) [2022-02-20 18:00:03,742 INFO L87 Difference]: Start difference. First operand 1128 states. Second operand has 671 states, 534 states have (on average 1.5842696629213484) internal successors, (846), 539 states have internal predecessors, (846), 115 states have call successors, (115), 17 states have call predecessors, (115), 21 states have return successors, (136), 114 states have call predecessors, (136), 114 states have call successors, (136) [2022-02-20 18:00:03,823 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:03,823 INFO L93 Difference]: Finished difference Result 1128 states and 1901 transitions. [2022-02-20 18:00:03,823 INFO L276 IsEmpty]: Start isEmpty. Operand 1128 states and 1901 transitions. [2022-02-20 18:00:03,828 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:03,843 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:03,844 INFO L74 IsIncluded]: Start isIncluded. First operand has 671 states, 534 states have (on average 1.5842696629213484) internal successors, (846), 539 states have internal predecessors, (846), 115 states have call successors, (115), 17 states have call predecessors, (115), 21 states have return successors, (136), 114 states have call predecessors, (136), 114 states have call successors, (136) Second operand 1128 states. [2022-02-20 18:00:03,845 INFO L87 Difference]: Start difference. First operand has 671 states, 534 states have (on average 1.5842696629213484) internal successors, (846), 539 states have internal predecessors, (846), 115 states have call successors, (115), 17 states have call predecessors, (115), 21 states have return successors, (136), 114 states have call predecessors, (136), 114 states have call successors, (136) Second operand 1128 states. [2022-02-20 18:00:03,918 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:03,930 INFO L93 Difference]: Finished difference Result 1128 states and 1901 transitions. [2022-02-20 18:00:03,930 INFO L276 IsEmpty]: Start isEmpty. Operand 1128 states and 1901 transitions. [2022-02-20 18:00:03,935 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:03,935 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:03,935 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:00:03,935 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:00:03,936 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 671 states, 534 states have (on average 1.5842696629213484) internal successors, (846), 539 states have internal predecessors, (846), 115 states have call successors, (115), 17 states have call predecessors, (115), 21 states have return successors, (136), 114 states have call predecessors, (136), 114 states have call successors, (136) [2022-02-20 18:00:03,958 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 671 states to 671 states and 1097 transitions. [2022-02-20 18:00:03,958 INFO L78 Accepts]: Start accepts. Automaton has 671 states and 1097 transitions. Word has length 109 [2022-02-20 18:00:03,958 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:00:03,958 INFO L470 AbstractCegarLoop]: Abstraction has 671 states and 1097 transitions. [2022-02-20 18:00:03,959 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 15 states, 14 states have (on average 8.428571428571429) internal successors, (118), 11 states have internal predecessors, (118), 4 states have call successors, (29), 6 states have call predecessors, (29), 3 states have return successors, (22), 3 states have call predecessors, (22), 4 states have call successors, (22) [2022-02-20 18:00:03,959 INFO L276 IsEmpty]: Start isEmpty. Operand 671 states and 1097 transitions. [2022-02-20 18:00:03,961 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 113 [2022-02-20 18:00:03,961 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:00:03,961 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:00:03,978 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (7)] Ended with exit code 0 [2022-02-20 18:00:04,174 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable9,7 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:00:04,174 INFO L402 AbstractCegarLoop]: === Iteration 11 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:00:04,174 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:00:04,174 INFO L85 PathProgramCache]: Analyzing trace with hash -1028197055, now seen corresponding path program 1 times [2022-02-20 18:00:04,174 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:00:04,174 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [880693293] [2022-02-20 18:00:04,174 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:04,174 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:00:04,209 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:04,252 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:00:04,253 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:04,255 INFO L290 TraceCheckUtils]: 0: Hoare triple {27673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27616#true} is VALID [2022-02-20 18:00:04,255 INFO L290 TraceCheckUtils]: 1: Hoare triple {27616#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {27616#true} is VALID [2022-02-20 18:00:04,255 INFO L290 TraceCheckUtils]: 2: Hoare triple {27616#true} assume true; {27616#true} is VALID [2022-02-20 18:00:04,255 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27616#true} {27616#true} #901#return; {27616#true} is VALID [2022-02-20 18:00:04,258 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:00:04,259 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:04,261 INFO L290 TraceCheckUtils]: 0: Hoare triple {27674#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {27616#true} is VALID [2022-02-20 18:00:04,261 INFO L290 TraceCheckUtils]: 1: Hoare triple {27616#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {27616#true} is VALID [2022-02-20 18:00:04,261 INFO L290 TraceCheckUtils]: 2: Hoare triple {27616#true} assume true; {27616#true} is VALID [2022-02-20 18:00:04,261 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27616#true} {27616#true} #903#return; {27616#true} is VALID [2022-02-20 18:00:04,261 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:00:04,262 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:04,263 INFO L290 TraceCheckUtils]: 0: Hoare triple {27673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27616#true} is VALID [2022-02-20 18:00:04,263 INFO L290 TraceCheckUtils]: 1: Hoare triple {27616#true} assume !(1 == ~handle); {27616#true} is VALID [2022-02-20 18:00:04,263 INFO L290 TraceCheckUtils]: 2: Hoare triple {27616#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {27616#true} is VALID [2022-02-20 18:00:04,263 INFO L290 TraceCheckUtils]: 3: Hoare triple {27616#true} assume true; {27616#true} is VALID [2022-02-20 18:00:04,263 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {27616#true} {27616#true} #905#return; {27616#true} is VALID [2022-02-20 18:00:04,264 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:00:04,265 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:04,266 INFO L290 TraceCheckUtils]: 0: Hoare triple {27674#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {27616#true} is VALID [2022-02-20 18:00:04,266 INFO L290 TraceCheckUtils]: 1: Hoare triple {27616#true} assume !(1 == ~handle); {27616#true} is VALID [2022-02-20 18:00:04,266 INFO L290 TraceCheckUtils]: 2: Hoare triple {27616#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {27616#true} is VALID [2022-02-20 18:00:04,267 INFO L290 TraceCheckUtils]: 3: Hoare triple {27616#true} assume true; {27616#true} is VALID [2022-02-20 18:00:04,267 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {27616#true} {27616#true} #907#return; {27616#true} is VALID [2022-02-20 18:00:04,267 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:00:04,268 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:04,269 INFO L290 TraceCheckUtils]: 0: Hoare triple {27673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27616#true} is VALID [2022-02-20 18:00:04,269 INFO L290 TraceCheckUtils]: 1: Hoare triple {27616#true} assume !(1 == ~handle); {27616#true} is VALID [2022-02-20 18:00:04,269 INFO L290 TraceCheckUtils]: 2: Hoare triple {27616#true} assume !(2 == ~handle); {27616#true} is VALID [2022-02-20 18:00:04,269 INFO L290 TraceCheckUtils]: 3: Hoare triple {27616#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {27616#true} is VALID [2022-02-20 18:00:04,270 INFO L290 TraceCheckUtils]: 4: Hoare triple {27616#true} assume true; {27616#true} is VALID [2022-02-20 18:00:04,270 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {27616#true} {27616#true} #909#return; {27616#true} is VALID [2022-02-20 18:00:04,270 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:00:04,271 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:04,273 INFO L290 TraceCheckUtils]: 0: Hoare triple {27674#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {27616#true} is VALID [2022-02-20 18:00:04,273 INFO L290 TraceCheckUtils]: 1: Hoare triple {27616#true} assume !(1 == ~handle); {27616#true} is VALID [2022-02-20 18:00:04,274 INFO L290 TraceCheckUtils]: 2: Hoare triple {27616#true} assume !(2 == ~handle); {27616#true} is VALID [2022-02-20 18:00:04,274 INFO L290 TraceCheckUtils]: 3: Hoare triple {27616#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {27616#true} is VALID [2022-02-20 18:00:04,274 INFO L290 TraceCheckUtils]: 4: Hoare triple {27616#true} assume true; {27616#true} is VALID [2022-02-20 18:00:04,274 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {27616#true} {27616#true} #911#return; {27616#true} is VALID [2022-02-20 18:00:04,277 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:00:04,278 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:04,279 INFO L290 TraceCheckUtils]: 0: Hoare triple {27675#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {27616#true} is VALID [2022-02-20 18:00:04,279 INFO L290 TraceCheckUtils]: 1: Hoare triple {27616#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {27616#true} is VALID [2022-02-20 18:00:04,279 INFO L290 TraceCheckUtils]: 2: Hoare triple {27616#true} assume true; {27616#true} is VALID [2022-02-20 18:00:04,279 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27616#true} {27617#false} #895#return; {27617#false} is VALID [2022-02-20 18:00:04,283 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 18:00:04,284 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:04,285 INFO L290 TraceCheckUtils]: 0: Hoare triple {27676#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {27616#true} is VALID [2022-02-20 18:00:04,285 INFO L290 TraceCheckUtils]: 1: Hoare triple {27616#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {27616#true} is VALID [2022-02-20 18:00:04,286 INFO L290 TraceCheckUtils]: 2: Hoare triple {27616#true} assume true; {27616#true} is VALID [2022-02-20 18:00:04,286 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27616#true} {27617#false} #897#return; {27617#false} is VALID [2022-02-20 18:00:04,299 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81 [2022-02-20 18:00:04,300 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:04,301 INFO L290 TraceCheckUtils]: 0: Hoare triple {27616#true} ~handle := #in~handle;havoc ~retValue_acc~9; {27616#true} is VALID [2022-02-20 18:00:04,301 INFO L290 TraceCheckUtils]: 1: Hoare triple {27616#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {27616#true} is VALID [2022-02-20 18:00:04,301 INFO L290 TraceCheckUtils]: 2: Hoare triple {27616#true} assume true; {27616#true} is VALID [2022-02-20 18:00:04,301 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27616#true} {27617#false} #865#return; {27617#false} is VALID [2022-02-20 18:00:04,302 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91 [2022-02-20 18:00:04,302 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:04,303 INFO L290 TraceCheckUtils]: 0: Hoare triple {27675#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {27616#true} is VALID [2022-02-20 18:00:04,303 INFO L290 TraceCheckUtils]: 1: Hoare triple {27616#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {27616#true} is VALID [2022-02-20 18:00:04,303 INFO L290 TraceCheckUtils]: 2: Hoare triple {27616#true} assume true; {27616#true} is VALID [2022-02-20 18:00:04,303 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27616#true} {27617#false} #867#return; {27617#false} is VALID [2022-02-20 18:00:04,303 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 97 [2022-02-20 18:00:04,304 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:04,306 INFO L290 TraceCheckUtils]: 0: Hoare triple {27616#true} ~handle := #in~handle;havoc ~retValue_acc~25; {27616#true} is VALID [2022-02-20 18:00:04,306 INFO L290 TraceCheckUtils]: 1: Hoare triple {27616#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~25; {27616#true} is VALID [2022-02-20 18:00:04,306 INFO L290 TraceCheckUtils]: 2: Hoare triple {27616#true} assume true; {27616#true} is VALID [2022-02-20 18:00:04,306 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27616#true} {27617#false} #869#return; {27617#false} is VALID [2022-02-20 18:00:04,306 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 104 [2022-02-20 18:00:04,307 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:04,308 INFO L290 TraceCheckUtils]: 0: Hoare triple {27616#true} ~handle := #in~handle;havoc ~retValue_acc~9; {27616#true} is VALID [2022-02-20 18:00:04,308 INFO L290 TraceCheckUtils]: 1: Hoare triple {27616#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {27616#true} is VALID [2022-02-20 18:00:04,308 INFO L290 TraceCheckUtils]: 2: Hoare triple {27616#true} assume true; {27616#true} is VALID [2022-02-20 18:00:04,308 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27616#true} {27617#false} #871#return; {27617#false} is VALID [2022-02-20 18:00:04,308 INFO L290 TraceCheckUtils]: 0: Hoare triple {27616#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(13, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(20, 34);call #Ultimate.allocInit(22, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(115, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {27616#true} is VALID [2022-02-20 18:00:04,308 INFO L290 TraceCheckUtils]: 1: Hoare triple {27616#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret14#1, main_~retValue_acc~28#1, main_~tmp~3#1;havoc main_~retValue_acc~28#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {27616#true} is VALID [2022-02-20 18:00:04,308 INFO L290 TraceCheckUtils]: 2: Hoare triple {27616#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {27616#true} is VALID [2022-02-20 18:00:04,309 INFO L290 TraceCheckUtils]: 3: Hoare triple {27616#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~36#1;havoc valid_product_~retValue_acc~36#1;valid_product_~retValue_acc~36#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~36#1; {27616#true} is VALID [2022-02-20 18:00:04,309 INFO L290 TraceCheckUtils]: 4: Hoare triple {27616#true} main_#t~ret14#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret14#1 && main_#t~ret14#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret14#1;havoc main_#t~ret14#1; {27616#true} is VALID [2022-02-20 18:00:04,309 INFO L290 TraceCheckUtils]: 5: Hoare triple {27616#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet11#1, setup_#t~nondet12#1, setup_#t~nondet13#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {27616#true} is VALID [2022-02-20 18:00:04,309 INFO L272 TraceCheckUtils]: 6: Hoare triple {27616#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {27673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:04,309 INFO L290 TraceCheckUtils]: 7: Hoare triple {27673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27616#true} is VALID [2022-02-20 18:00:04,309 INFO L290 TraceCheckUtils]: 8: Hoare triple {27616#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {27616#true} is VALID [2022-02-20 18:00:04,310 INFO L290 TraceCheckUtils]: 9: Hoare triple {27616#true} assume true; {27616#true} is VALID [2022-02-20 18:00:04,310 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {27616#true} {27616#true} #901#return; {27616#true} is VALID [2022-02-20 18:00:04,310 INFO L290 TraceCheckUtils]: 11: Hoare triple {27616#true} assume { :end_inline_setup_bob__wrappee__Base } true; {27616#true} is VALID [2022-02-20 18:00:04,310 INFO L272 TraceCheckUtils]: 12: Hoare triple {27616#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {27674#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:04,310 INFO L290 TraceCheckUtils]: 13: Hoare triple {27674#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {27616#true} is VALID [2022-02-20 18:00:04,310 INFO L290 TraceCheckUtils]: 14: Hoare triple {27616#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {27616#true} is VALID [2022-02-20 18:00:04,311 INFO L290 TraceCheckUtils]: 15: Hoare triple {27616#true} assume true; {27616#true} is VALID [2022-02-20 18:00:04,311 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {27616#true} {27616#true} #903#return; {27616#true} is VALID [2022-02-20 18:00:04,311 INFO L290 TraceCheckUtils]: 17: Hoare triple {27616#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet11#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {27616#true} is VALID [2022-02-20 18:00:04,311 INFO L272 TraceCheckUtils]: 18: Hoare triple {27616#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {27673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:04,311 INFO L290 TraceCheckUtils]: 19: Hoare triple {27673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27616#true} is VALID [2022-02-20 18:00:04,311 INFO L290 TraceCheckUtils]: 20: Hoare triple {27616#true} assume !(1 == ~handle); {27616#true} is VALID [2022-02-20 18:00:04,311 INFO L290 TraceCheckUtils]: 21: Hoare triple {27616#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {27616#true} is VALID [2022-02-20 18:00:04,312 INFO L290 TraceCheckUtils]: 22: Hoare triple {27616#true} assume true; {27616#true} is VALID [2022-02-20 18:00:04,312 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {27616#true} {27616#true} #905#return; {27616#true} is VALID [2022-02-20 18:00:04,312 INFO L290 TraceCheckUtils]: 24: Hoare triple {27616#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {27616#true} is VALID [2022-02-20 18:00:04,312 INFO L272 TraceCheckUtils]: 25: Hoare triple {27616#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {27674#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:04,312 INFO L290 TraceCheckUtils]: 26: Hoare triple {27674#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {27616#true} is VALID [2022-02-20 18:00:04,312 INFO L290 TraceCheckUtils]: 27: Hoare triple {27616#true} assume !(1 == ~handle); {27616#true} is VALID [2022-02-20 18:00:04,313 INFO L290 TraceCheckUtils]: 28: Hoare triple {27616#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {27616#true} is VALID [2022-02-20 18:00:04,313 INFO L290 TraceCheckUtils]: 29: Hoare triple {27616#true} assume true; {27616#true} is VALID [2022-02-20 18:00:04,313 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {27616#true} {27616#true} #907#return; {27616#true} is VALID [2022-02-20 18:00:04,313 INFO L290 TraceCheckUtils]: 31: Hoare triple {27616#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet12#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {27616#true} is VALID [2022-02-20 18:00:04,313 INFO L272 TraceCheckUtils]: 32: Hoare triple {27616#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {27673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:04,313 INFO L290 TraceCheckUtils]: 33: Hoare triple {27673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27616#true} is VALID [2022-02-20 18:00:04,313 INFO L290 TraceCheckUtils]: 34: Hoare triple {27616#true} assume !(1 == ~handle); {27616#true} is VALID [2022-02-20 18:00:04,314 INFO L290 TraceCheckUtils]: 35: Hoare triple {27616#true} assume !(2 == ~handle); {27616#true} is VALID [2022-02-20 18:00:04,314 INFO L290 TraceCheckUtils]: 36: Hoare triple {27616#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {27616#true} is VALID [2022-02-20 18:00:04,314 INFO L290 TraceCheckUtils]: 37: Hoare triple {27616#true} assume true; {27616#true} is VALID [2022-02-20 18:00:04,314 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {27616#true} {27616#true} #909#return; {27616#true} is VALID [2022-02-20 18:00:04,314 INFO L290 TraceCheckUtils]: 39: Hoare triple {27616#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {27616#true} is VALID [2022-02-20 18:00:04,314 INFO L272 TraceCheckUtils]: 40: Hoare triple {27616#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {27674#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:04,315 INFO L290 TraceCheckUtils]: 41: Hoare triple {27674#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {27616#true} is VALID [2022-02-20 18:00:04,315 INFO L290 TraceCheckUtils]: 42: Hoare triple {27616#true} assume !(1 == ~handle); {27616#true} is VALID [2022-02-20 18:00:04,315 INFO L290 TraceCheckUtils]: 43: Hoare triple {27616#true} assume !(2 == ~handle); {27616#true} is VALID [2022-02-20 18:00:04,315 INFO L290 TraceCheckUtils]: 44: Hoare triple {27616#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {27616#true} is VALID [2022-02-20 18:00:04,315 INFO L290 TraceCheckUtils]: 45: Hoare triple {27616#true} assume true; {27616#true} is VALID [2022-02-20 18:00:04,315 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {27616#true} {27616#true} #911#return; {27616#true} is VALID [2022-02-20 18:00:04,315 INFO L290 TraceCheckUtils]: 47: Hoare triple {27616#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 8, 0;havoc setup_#t~nondet13#1; {27616#true} is VALID [2022-02-20 18:00:04,315 INFO L290 TraceCheckUtils]: 48: Hoare triple {27616#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {27648#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 18:00:04,316 INFO L290 TraceCheckUtils]: 49: Hoare triple {27648#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume !false; {27648#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 18:00:04,316 INFO L290 TraceCheckUtils]: 50: Hoare triple {27648#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {27648#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 18:00:04,316 INFO L290 TraceCheckUtils]: 51: Hoare triple {27648#(= |ULTIMATE.start_test_~op2~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {27648#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 18:00:04,316 INFO L290 TraceCheckUtils]: 52: Hoare triple {27648#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet40#1 && test_#t~nondet40#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet40#1;havoc test_#t~nondet40#1; {27648#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 18:00:04,317 INFO L290 TraceCheckUtils]: 53: Hoare triple {27648#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume !(0 != test_~tmp___9~0#1); {27648#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 18:00:04,317 INFO L290 TraceCheckUtils]: 54: Hoare triple {27648#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume !(0 == test_~op2~0#1); {27617#false} is VALID [2022-02-20 18:00:04,317 INFO L290 TraceCheckUtils]: 55: Hoare triple {27617#false} assume !(0 == test_~op3~0#1); {27617#false} is VALID [2022-02-20 18:00:04,317 INFO L290 TraceCheckUtils]: 56: Hoare triple {27617#false} assume !(0 == test_~op4~0#1); {27617#false} is VALID [2022-02-20 18:00:04,317 INFO L290 TraceCheckUtils]: 57: Hoare triple {27617#false} assume !(0 == test_~op5~0#1); {27617#false} is VALID [2022-02-20 18:00:04,317 INFO L290 TraceCheckUtils]: 58: Hoare triple {27617#false} assume !(0 == test_~op6~0#1); {27617#false} is VALID [2022-02-20 18:00:04,317 INFO L290 TraceCheckUtils]: 59: Hoare triple {27617#false} assume !(0 == test_~op7~0#1); {27617#false} is VALID [2022-02-20 18:00:04,317 INFO L290 TraceCheckUtils]: 60: Hoare triple {27617#false} assume !(0 == test_~op8~0#1); {27617#false} is VALID [2022-02-20 18:00:04,318 INFO L290 TraceCheckUtils]: 61: Hoare triple {27617#false} assume !(0 == test_~op9~0#1); {27617#false} is VALID [2022-02-20 18:00:04,318 INFO L290 TraceCheckUtils]: 62: Hoare triple {27617#false} assume !(0 == test_~op10~0#1); {27617#false} is VALID [2022-02-20 18:00:04,318 INFO L290 TraceCheckUtils]: 63: Hoare triple {27617#false} assume !(0 == test_~op11~0#1); {27617#false} is VALID [2022-02-20 18:00:04,318 INFO L290 TraceCheckUtils]: 64: Hoare triple {27617#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret6#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret6#1 && bobToRjh_#t~ret6#1 <= 2147483647;havoc bobToRjh_#t~ret6#1; {27617#false} is VALID [2022-02-20 18:00:04,318 INFO L272 TraceCheckUtils]: 65: Hoare triple {27617#false} call sendEmail(~bob~0, ~rjh~0); {27617#false} is VALID [2022-02-20 18:00:04,318 INFO L290 TraceCheckUtils]: 66: Hoare triple {27617#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~31#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~31#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {27617#false} is VALID [2022-02-20 18:00:04,318 INFO L272 TraceCheckUtils]: 67: Hoare triple {27617#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {27675#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:04,318 INFO L290 TraceCheckUtils]: 68: Hoare triple {27675#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {27616#true} is VALID [2022-02-20 18:00:04,318 INFO L290 TraceCheckUtils]: 69: Hoare triple {27616#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {27616#true} is VALID [2022-02-20 18:00:04,318 INFO L290 TraceCheckUtils]: 70: Hoare triple {27616#true} assume true; {27616#true} is VALID [2022-02-20 18:00:04,319 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {27616#true} {27617#false} #895#return; {27617#false} is VALID [2022-02-20 18:00:04,319 INFO L272 TraceCheckUtils]: 72: Hoare triple {27617#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {27676#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:00:04,319 INFO L290 TraceCheckUtils]: 73: Hoare triple {27676#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {27616#true} is VALID [2022-02-20 18:00:04,319 INFO L290 TraceCheckUtils]: 74: Hoare triple {27616#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {27616#true} is VALID [2022-02-20 18:00:04,319 INFO L290 TraceCheckUtils]: 75: Hoare triple {27616#true} assume true; {27616#true} is VALID [2022-02-20 18:00:04,319 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {27616#true} {27617#false} #897#return; {27617#false} is VALID [2022-02-20 18:00:04,319 INFO L290 TraceCheckUtils]: 77: Hoare triple {27617#false} createEmail_~retValue_acc~31#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~31#1; {27617#false} is VALID [2022-02-20 18:00:04,319 INFO L290 TraceCheckUtils]: 78: Hoare triple {27617#false} #t~ret84#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret84#1 && #t~ret84#1 <= 2147483647;~tmp~17#1 := #t~ret84#1;havoc #t~ret84#1;~email~0#1 := ~tmp~17#1; {27617#false} is VALID [2022-02-20 18:00:04,319 INFO L272 TraceCheckUtils]: 79: Hoare triple {27617#false} call outgoing(~sender#1, ~email~0#1); {27617#false} is VALID [2022-02-20 18:00:04,319 INFO L290 TraceCheckUtils]: 80: Hoare triple {27617#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret88#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~19#1; {27617#false} is VALID [2022-02-20 18:00:04,320 INFO L272 TraceCheckUtils]: 81: Hoare triple {27617#false} call sign_#t~ret88#1 := getClientPrivateKey(sign_~client#1); {27616#true} is VALID [2022-02-20 18:00:04,320 INFO L290 TraceCheckUtils]: 82: Hoare triple {27616#true} ~handle := #in~handle;havoc ~retValue_acc~9; {27616#true} is VALID [2022-02-20 18:00:04,320 INFO L290 TraceCheckUtils]: 83: Hoare triple {27616#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {27616#true} is VALID [2022-02-20 18:00:04,320 INFO L290 TraceCheckUtils]: 84: Hoare triple {27616#true} assume true; {27616#true} is VALID [2022-02-20 18:00:04,320 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {27616#true} {27617#false} #865#return; {27617#false} is VALID [2022-02-20 18:00:04,320 INFO L290 TraceCheckUtils]: 86: Hoare triple {27617#false} assume -2147483648 <= sign_#t~ret88#1 && sign_#t~ret88#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret88#1;havoc sign_#t~ret88#1;sign_~privkey~0#1 := sign_~tmp~19#1; {27617#false} is VALID [2022-02-20 18:00:04,320 INFO L290 TraceCheckUtils]: 87: Hoare triple {27617#false} assume 0 == sign_~privkey~0#1; {27617#false} is VALID [2022-02-20 18:00:04,320 INFO L290 TraceCheckUtils]: 88: Hoare triple {27617#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret80#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__AutoResponder_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {27617#false} is VALID [2022-02-20 18:00:04,320 INFO L290 TraceCheckUtils]: 89: Hoare triple {27617#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {27617#false} is VALID [2022-02-20 18:00:04,320 INFO L290 TraceCheckUtils]: 90: Hoare triple {27617#false} outgoing__wrappee__AutoResponder_#t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret80#1 && outgoing__wrappee__AutoResponder_#t~ret80#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret80#1;havoc outgoing__wrappee__AutoResponder_#t~ret80#1; {27617#false} is VALID [2022-02-20 18:00:04,321 INFO L272 TraceCheckUtils]: 91: Hoare triple {27617#false} call setEmailFrom(outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1); {27675#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:04,321 INFO L290 TraceCheckUtils]: 92: Hoare triple {27675#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {27616#true} is VALID [2022-02-20 18:00:04,321 INFO L290 TraceCheckUtils]: 93: Hoare triple {27616#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {27616#true} is VALID [2022-02-20 18:00:04,321 INFO L290 TraceCheckUtils]: 94: Hoare triple {27616#true} assume true; {27616#true} is VALID [2022-02-20 18:00:04,321 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {27616#true} {27617#false} #867#return; {27617#false} is VALID [2022-02-20 18:00:04,321 INFO L290 TraceCheckUtils]: 96: Hoare triple {27617#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret75#1, __utac_acc__SignForward_spec__1_#t~ret76#1, __utac_acc__SignForward_spec__1_#t~ret77#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~12#1, __utac_acc__SignForward_spec__1_~tmp___0~5#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~12#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~5#1;call __utac_acc__SignForward_spec__1_#t~ret75#1 := puts(31, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret75#1 && __utac_acc__SignForward_spec__1_#t~ret75#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret75#1; {27617#false} is VALID [2022-02-20 18:00:04,321 INFO L272 TraceCheckUtils]: 97: Hoare triple {27617#false} call __utac_acc__SignForward_spec__1_#t~ret76#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {27616#true} is VALID [2022-02-20 18:00:04,321 INFO L290 TraceCheckUtils]: 98: Hoare triple {27616#true} ~handle := #in~handle;havoc ~retValue_acc~25; {27616#true} is VALID [2022-02-20 18:00:04,321 INFO L290 TraceCheckUtils]: 99: Hoare triple {27616#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~25; {27616#true} is VALID [2022-02-20 18:00:04,322 INFO L290 TraceCheckUtils]: 100: Hoare triple {27616#true} assume true; {27616#true} is VALID [2022-02-20 18:00:04,322 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {27616#true} {27617#false} #869#return; {27617#false} is VALID [2022-02-20 18:00:04,322 INFO L290 TraceCheckUtils]: 102: Hoare triple {27617#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret76#1 && __utac_acc__SignForward_spec__1_#t~ret76#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~5#1 := __utac_acc__SignForward_spec__1_#t~ret76#1;havoc __utac_acc__SignForward_spec__1_#t~ret76#1; {27617#false} is VALID [2022-02-20 18:00:04,322 INFO L290 TraceCheckUtils]: 103: Hoare triple {27617#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~5#1; {27617#false} is VALID [2022-02-20 18:00:04,322 INFO L272 TraceCheckUtils]: 104: Hoare triple {27617#false} call __utac_acc__SignForward_spec__1_#t~ret77#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {27616#true} is VALID [2022-02-20 18:00:04,322 INFO L290 TraceCheckUtils]: 105: Hoare triple {27616#true} ~handle := #in~handle;havoc ~retValue_acc~9; {27616#true} is VALID [2022-02-20 18:00:04,322 INFO L290 TraceCheckUtils]: 106: Hoare triple {27616#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {27616#true} is VALID [2022-02-20 18:00:04,322 INFO L290 TraceCheckUtils]: 107: Hoare triple {27616#true} assume true; {27616#true} is VALID [2022-02-20 18:00:04,322 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {27616#true} {27617#false} #871#return; {27617#false} is VALID [2022-02-20 18:00:04,322 INFO L290 TraceCheckUtils]: 109: Hoare triple {27617#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret77#1 && __utac_acc__SignForward_spec__1_#t~ret77#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~12#1 := __utac_acc__SignForward_spec__1_#t~ret77#1;havoc __utac_acc__SignForward_spec__1_#t~ret77#1; {27617#false} is VALID [2022-02-20 18:00:04,323 INFO L290 TraceCheckUtils]: 110: Hoare triple {27617#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~12#1;assume { :begin_inline___automaton_fail } true; {27617#false} is VALID [2022-02-20 18:00:04,323 INFO L290 TraceCheckUtils]: 111: Hoare triple {27617#false} assume !false; {27617#false} is VALID [2022-02-20 18:00:04,335 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 34 trivial. 0 not checked. [2022-02-20 18:00:04,335 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:00:04,335 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [880693293] [2022-02-20 18:00:04,336 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [880693293] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:00:04,336 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:00:04,336 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2022-02-20 18:00:04,336 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1406524770] [2022-02-20 18:00:04,336 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:00:04,336 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 10.0) internal successors, (70), 3 states have internal predecessors, (70), 2 states have call successors, (14), 6 states have call predecessors, (14), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 112 [2022-02-20 18:00:04,337 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:00:04,337 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 7 states, 7 states have (on average 10.0) internal successors, (70), 3 states have internal predecessors, (70), 2 states have call successors, (14), 6 states have call predecessors, (14), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:00:04,375 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 96 edges. 96 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:04,375 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2022-02-20 18:00:04,375 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:00:04,375 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2022-02-20 18:00:04,375 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2022-02-20 18:00:04,375 INFO L87 Difference]: Start difference. First operand 671 states and 1097 transitions. Second operand has 7 states, 7 states have (on average 10.0) internal successors, (70), 3 states have internal predecessors, (70), 2 states have call successors, (14), 6 states have call predecessors, (14), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:00:07,575 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:07,575 INFO L93 Difference]: Finished difference Result 1676 states and 2807 transitions. [2022-02-20 18:00:07,575 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 18:00:07,575 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 10.0) internal successors, (70), 3 states have internal predecessors, (70), 2 states have call successors, (14), 6 states have call predecessors, (14), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 112 [2022-02-20 18:00:07,576 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:00:07,576 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 10.0) internal successors, (70), 3 states have internal predecessors, (70), 2 states have call successors, (14), 6 states have call predecessors, (14), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:00:07,583 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1115 transitions. [2022-02-20 18:00:07,583 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 10.0) internal successors, (70), 3 states have internal predecessors, (70), 2 states have call successors, (14), 6 states have call predecessors, (14), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:00:07,590 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1115 transitions. [2022-02-20 18:00:07,590 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 1115 transitions. [2022-02-20 18:00:08,255 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1115 edges. 1115 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:08,364 INFO L225 Difference]: With dead ends: 1676 [2022-02-20 18:00:08,374 INFO L226 Difference]: Without dead ends: 1083 [2022-02-20 18:00:08,376 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 37 GetRequests, 26 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 15 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=48, Invalid=108, Unknown=0, NotChecked=0, Total=156 [2022-02-20 18:00:08,391 INFO L933 BasicCegarLoop]: 541 mSDtfsCounter, 997 mSDsluCounter, 644 mSDsCounter, 0 mSdLazyCounter, 846 mSolverCounterSat, 336 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1012 SdHoareTripleChecker+Valid, 1185 SdHoareTripleChecker+Invalid, 1182 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 336 IncrementalHoareTripleChecker+Valid, 846 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:00:08,392 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1012 Valid, 1185 Invalid, 1182 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [336 Valid, 846 Invalid, 0 Unknown, 0 Unchecked, 1.1s Time] [2022-02-20 18:00:08,394 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1083 states. [2022-02-20 18:00:08,729 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1083 to 971. [2022-02-20 18:00:08,730 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:00:08,734 INFO L82 GeneralOperation]: Start isEquivalent. First operand 1083 states. Second operand has 971 states, 770 states have (on average 1.5987012987012987) internal successors, (1231), 775 states have internal predecessors, (1231), 179 states have call successors, (179), 17 states have call predecessors, (179), 21 states have return successors, (210), 178 states have call predecessors, (210), 178 states have call successors, (210) [2022-02-20 18:00:08,736 INFO L74 IsIncluded]: Start isIncluded. First operand 1083 states. Second operand has 971 states, 770 states have (on average 1.5987012987012987) internal successors, (1231), 775 states have internal predecessors, (1231), 179 states have call successors, (179), 17 states have call predecessors, (179), 21 states have return successors, (210), 178 states have call predecessors, (210), 178 states have call successors, (210) [2022-02-20 18:00:08,737 INFO L87 Difference]: Start difference. First operand 1083 states. Second operand has 971 states, 770 states have (on average 1.5987012987012987) internal successors, (1231), 775 states have internal predecessors, (1231), 179 states have call successors, (179), 17 states have call predecessors, (179), 21 states have return successors, (210), 178 states have call predecessors, (210), 178 states have call successors, (210) [2022-02-20 18:00:08,827 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:08,843 INFO L93 Difference]: Finished difference Result 1083 states and 1824 transitions. [2022-02-20 18:00:08,843 INFO L276 IsEmpty]: Start isEmpty. Operand 1083 states and 1824 transitions. [2022-02-20 18:00:08,847 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:08,847 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:08,849 INFO L74 IsIncluded]: Start isIncluded. First operand has 971 states, 770 states have (on average 1.5987012987012987) internal successors, (1231), 775 states have internal predecessors, (1231), 179 states have call successors, (179), 17 states have call predecessors, (179), 21 states have return successors, (210), 178 states have call predecessors, (210), 178 states have call successors, (210) Second operand 1083 states. [2022-02-20 18:00:08,850 INFO L87 Difference]: Start difference. First operand has 971 states, 770 states have (on average 1.5987012987012987) internal successors, (1231), 775 states have internal predecessors, (1231), 179 states have call successors, (179), 17 states have call predecessors, (179), 21 states have return successors, (210), 178 states have call predecessors, (210), 178 states have call successors, (210) Second operand 1083 states. [2022-02-20 18:00:08,931 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:08,931 INFO L93 Difference]: Finished difference Result 1083 states and 1824 transitions. [2022-02-20 18:00:08,931 INFO L276 IsEmpty]: Start isEmpty. Operand 1083 states and 1824 transitions. [2022-02-20 18:00:08,935 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:08,935 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:08,935 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:00:08,935 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:00:08,937 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 971 states, 770 states have (on average 1.5987012987012987) internal successors, (1231), 775 states have internal predecessors, (1231), 179 states have call successors, (179), 17 states have call predecessors, (179), 21 states have return successors, (210), 178 states have call predecessors, (210), 178 states have call successors, (210) [2022-02-20 18:00:09,028 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 971 states to 971 states and 1620 transitions. [2022-02-20 18:00:09,029 INFO L78 Accepts]: Start accepts. Automaton has 971 states and 1620 transitions. Word has length 112 [2022-02-20 18:00:09,029 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:00:09,029 INFO L470 AbstractCegarLoop]: Abstraction has 971 states and 1620 transitions. [2022-02-20 18:00:09,029 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 10.0) internal successors, (70), 3 states have internal predecessors, (70), 2 states have call successors, (14), 6 states have call predecessors, (14), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:00:09,029 INFO L276 IsEmpty]: Start isEmpty. Operand 971 states and 1620 transitions. [2022-02-20 18:00:09,032 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 114 [2022-02-20 18:00:09,032 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:00:09,032 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:00:09,032 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable10 [2022-02-20 18:00:09,032 INFO L402 AbstractCegarLoop]: === Iteration 12 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:00:09,033 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:00:09,033 INFO L85 PathProgramCache]: Analyzing trace with hash 342356814, now seen corresponding path program 1 times [2022-02-20 18:00:09,033 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:00:09,033 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1516688103] [2022-02-20 18:00:09,033 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:09,033 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:00:09,055 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:09,072 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:00:09,073 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:09,075 INFO L290 TraceCheckUtils]: 0: Hoare triple {33810#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {33753#true} is VALID [2022-02-20 18:00:09,075 INFO L290 TraceCheckUtils]: 1: Hoare triple {33753#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {33753#true} is VALID [2022-02-20 18:00:09,075 INFO L290 TraceCheckUtils]: 2: Hoare triple {33753#true} assume true; {33753#true} is VALID [2022-02-20 18:00:09,075 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {33753#true} {33753#true} #901#return; {33753#true} is VALID [2022-02-20 18:00:09,079 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:00:09,080 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:09,082 INFO L290 TraceCheckUtils]: 0: Hoare triple {33811#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {33753#true} is VALID [2022-02-20 18:00:09,082 INFO L290 TraceCheckUtils]: 1: Hoare triple {33753#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {33753#true} is VALID [2022-02-20 18:00:09,082 INFO L290 TraceCheckUtils]: 2: Hoare triple {33753#true} assume true; {33753#true} is VALID [2022-02-20 18:00:09,082 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {33753#true} {33753#true} #903#return; {33753#true} is VALID [2022-02-20 18:00:09,082 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:00:09,083 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:09,084 INFO L290 TraceCheckUtils]: 0: Hoare triple {33810#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {33753#true} is VALID [2022-02-20 18:00:09,084 INFO L290 TraceCheckUtils]: 1: Hoare triple {33753#true} assume !(1 == ~handle); {33753#true} is VALID [2022-02-20 18:00:09,084 INFO L290 TraceCheckUtils]: 2: Hoare triple {33753#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {33753#true} is VALID [2022-02-20 18:00:09,084 INFO L290 TraceCheckUtils]: 3: Hoare triple {33753#true} assume true; {33753#true} is VALID [2022-02-20 18:00:09,085 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {33753#true} {33753#true} #905#return; {33753#true} is VALID [2022-02-20 18:00:09,085 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:00:09,086 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:09,087 INFO L290 TraceCheckUtils]: 0: Hoare triple {33811#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {33753#true} is VALID [2022-02-20 18:00:09,087 INFO L290 TraceCheckUtils]: 1: Hoare triple {33753#true} assume !(1 == ~handle); {33753#true} is VALID [2022-02-20 18:00:09,087 INFO L290 TraceCheckUtils]: 2: Hoare triple {33753#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {33753#true} is VALID [2022-02-20 18:00:09,088 INFO L290 TraceCheckUtils]: 3: Hoare triple {33753#true} assume true; {33753#true} is VALID [2022-02-20 18:00:09,088 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {33753#true} {33753#true} #907#return; {33753#true} is VALID [2022-02-20 18:00:09,088 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:00:09,089 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:09,090 INFO L290 TraceCheckUtils]: 0: Hoare triple {33810#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {33753#true} is VALID [2022-02-20 18:00:09,090 INFO L290 TraceCheckUtils]: 1: Hoare triple {33753#true} assume !(1 == ~handle); {33753#true} is VALID [2022-02-20 18:00:09,090 INFO L290 TraceCheckUtils]: 2: Hoare triple {33753#true} assume !(2 == ~handle); {33753#true} is VALID [2022-02-20 18:00:09,090 INFO L290 TraceCheckUtils]: 3: Hoare triple {33753#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {33753#true} is VALID [2022-02-20 18:00:09,090 INFO L290 TraceCheckUtils]: 4: Hoare triple {33753#true} assume true; {33753#true} is VALID [2022-02-20 18:00:09,090 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {33753#true} {33753#true} #909#return; {33753#true} is VALID [2022-02-20 18:00:09,091 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:00:09,091 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:09,093 INFO L290 TraceCheckUtils]: 0: Hoare triple {33811#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {33753#true} is VALID [2022-02-20 18:00:09,093 INFO L290 TraceCheckUtils]: 1: Hoare triple {33753#true} assume !(1 == ~handle); {33753#true} is VALID [2022-02-20 18:00:09,093 INFO L290 TraceCheckUtils]: 2: Hoare triple {33753#true} assume !(2 == ~handle); {33753#true} is VALID [2022-02-20 18:00:09,093 INFO L290 TraceCheckUtils]: 3: Hoare triple {33753#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {33753#true} is VALID [2022-02-20 18:00:09,093 INFO L290 TraceCheckUtils]: 4: Hoare triple {33753#true} assume true; {33753#true} is VALID [2022-02-20 18:00:09,093 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {33753#true} {33753#true} #911#return; {33753#true} is VALID [2022-02-20 18:00:09,098 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 18:00:09,098 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:09,099 INFO L290 TraceCheckUtils]: 0: Hoare triple {33812#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {33753#true} is VALID [2022-02-20 18:00:09,100 INFO L290 TraceCheckUtils]: 1: Hoare triple {33753#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {33753#true} is VALID [2022-02-20 18:00:09,100 INFO L290 TraceCheckUtils]: 2: Hoare triple {33753#true} assume true; {33753#true} is VALID [2022-02-20 18:00:09,100 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {33753#true} {33754#false} #895#return; {33754#false} is VALID [2022-02-20 18:00:09,104 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 73 [2022-02-20 18:00:09,105 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:09,106 INFO L290 TraceCheckUtils]: 0: Hoare triple {33813#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {33753#true} is VALID [2022-02-20 18:00:09,106 INFO L290 TraceCheckUtils]: 1: Hoare triple {33753#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {33753#true} is VALID [2022-02-20 18:00:09,106 INFO L290 TraceCheckUtils]: 2: Hoare triple {33753#true} assume true; {33753#true} is VALID [2022-02-20 18:00:09,106 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {33753#true} {33754#false} #897#return; {33754#false} is VALID [2022-02-20 18:00:09,107 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82 [2022-02-20 18:00:09,107 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:09,108 INFO L290 TraceCheckUtils]: 0: Hoare triple {33753#true} ~handle := #in~handle;havoc ~retValue_acc~9; {33753#true} is VALID [2022-02-20 18:00:09,108 INFO L290 TraceCheckUtils]: 1: Hoare triple {33753#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {33753#true} is VALID [2022-02-20 18:00:09,108 INFO L290 TraceCheckUtils]: 2: Hoare triple {33753#true} assume true; {33753#true} is VALID [2022-02-20 18:00:09,108 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {33753#true} {33754#false} #865#return; {33754#false} is VALID [2022-02-20 18:00:09,109 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:00:09,109 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:09,110 INFO L290 TraceCheckUtils]: 0: Hoare triple {33812#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {33753#true} is VALID [2022-02-20 18:00:09,110 INFO L290 TraceCheckUtils]: 1: Hoare triple {33753#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {33753#true} is VALID [2022-02-20 18:00:09,110 INFO L290 TraceCheckUtils]: 2: Hoare triple {33753#true} assume true; {33753#true} is VALID [2022-02-20 18:00:09,110 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {33753#true} {33754#false} #867#return; {33754#false} is VALID [2022-02-20 18:00:09,111 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 18:00:09,111 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:09,112 INFO L290 TraceCheckUtils]: 0: Hoare triple {33753#true} ~handle := #in~handle;havoc ~retValue_acc~25; {33753#true} is VALID [2022-02-20 18:00:09,112 INFO L290 TraceCheckUtils]: 1: Hoare triple {33753#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~25; {33753#true} is VALID [2022-02-20 18:00:09,112 INFO L290 TraceCheckUtils]: 2: Hoare triple {33753#true} assume true; {33753#true} is VALID [2022-02-20 18:00:09,112 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {33753#true} {33754#false} #869#return; {33754#false} is VALID [2022-02-20 18:00:09,113 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 105 [2022-02-20 18:00:09,113 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:09,114 INFO L290 TraceCheckUtils]: 0: Hoare triple {33753#true} ~handle := #in~handle;havoc ~retValue_acc~9; {33753#true} is VALID [2022-02-20 18:00:09,114 INFO L290 TraceCheckUtils]: 1: Hoare triple {33753#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {33753#true} is VALID [2022-02-20 18:00:09,114 INFO L290 TraceCheckUtils]: 2: Hoare triple {33753#true} assume true; {33753#true} is VALID [2022-02-20 18:00:09,114 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {33753#true} {33754#false} #871#return; {33754#false} is VALID [2022-02-20 18:00:09,115 INFO L290 TraceCheckUtils]: 0: Hoare triple {33753#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(13, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(20, 34);call #Ultimate.allocInit(22, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(115, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {33753#true} is VALID [2022-02-20 18:00:09,115 INFO L290 TraceCheckUtils]: 1: Hoare triple {33753#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret14#1, main_~retValue_acc~28#1, main_~tmp~3#1;havoc main_~retValue_acc~28#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {33753#true} is VALID [2022-02-20 18:00:09,115 INFO L290 TraceCheckUtils]: 2: Hoare triple {33753#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {33753#true} is VALID [2022-02-20 18:00:09,115 INFO L290 TraceCheckUtils]: 3: Hoare triple {33753#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~36#1;havoc valid_product_~retValue_acc~36#1;valid_product_~retValue_acc~36#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~36#1; {33753#true} is VALID [2022-02-20 18:00:09,115 INFO L290 TraceCheckUtils]: 4: Hoare triple {33753#true} main_#t~ret14#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret14#1 && main_#t~ret14#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret14#1;havoc main_#t~ret14#1; {33753#true} is VALID [2022-02-20 18:00:09,115 INFO L290 TraceCheckUtils]: 5: Hoare triple {33753#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet11#1, setup_#t~nondet12#1, setup_#t~nondet13#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {33753#true} is VALID [2022-02-20 18:00:09,116 INFO L272 TraceCheckUtils]: 6: Hoare triple {33753#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {33810#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:09,116 INFO L290 TraceCheckUtils]: 7: Hoare triple {33810#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {33753#true} is VALID [2022-02-20 18:00:09,116 INFO L290 TraceCheckUtils]: 8: Hoare triple {33753#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {33753#true} is VALID [2022-02-20 18:00:09,116 INFO L290 TraceCheckUtils]: 9: Hoare triple {33753#true} assume true; {33753#true} is VALID [2022-02-20 18:00:09,116 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {33753#true} {33753#true} #901#return; {33753#true} is VALID [2022-02-20 18:00:09,116 INFO L290 TraceCheckUtils]: 11: Hoare triple {33753#true} assume { :end_inline_setup_bob__wrappee__Base } true; {33753#true} is VALID [2022-02-20 18:00:09,117 INFO L272 TraceCheckUtils]: 12: Hoare triple {33753#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {33811#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:09,117 INFO L290 TraceCheckUtils]: 13: Hoare triple {33811#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {33753#true} is VALID [2022-02-20 18:00:09,117 INFO L290 TraceCheckUtils]: 14: Hoare triple {33753#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {33753#true} is VALID [2022-02-20 18:00:09,117 INFO L290 TraceCheckUtils]: 15: Hoare triple {33753#true} assume true; {33753#true} is VALID [2022-02-20 18:00:09,117 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {33753#true} {33753#true} #903#return; {33753#true} is VALID [2022-02-20 18:00:09,117 INFO L290 TraceCheckUtils]: 17: Hoare triple {33753#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet11#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {33753#true} is VALID [2022-02-20 18:00:09,118 INFO L272 TraceCheckUtils]: 18: Hoare triple {33753#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {33810#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:09,118 INFO L290 TraceCheckUtils]: 19: Hoare triple {33810#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {33753#true} is VALID [2022-02-20 18:00:09,118 INFO L290 TraceCheckUtils]: 20: Hoare triple {33753#true} assume !(1 == ~handle); {33753#true} is VALID [2022-02-20 18:00:09,118 INFO L290 TraceCheckUtils]: 21: Hoare triple {33753#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {33753#true} is VALID [2022-02-20 18:00:09,118 INFO L290 TraceCheckUtils]: 22: Hoare triple {33753#true} assume true; {33753#true} is VALID [2022-02-20 18:00:09,118 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {33753#true} {33753#true} #905#return; {33753#true} is VALID [2022-02-20 18:00:09,118 INFO L290 TraceCheckUtils]: 24: Hoare triple {33753#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {33753#true} is VALID [2022-02-20 18:00:09,119 INFO L272 TraceCheckUtils]: 25: Hoare triple {33753#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {33811#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:09,119 INFO L290 TraceCheckUtils]: 26: Hoare triple {33811#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {33753#true} is VALID [2022-02-20 18:00:09,120 INFO L290 TraceCheckUtils]: 27: Hoare triple {33753#true} assume !(1 == ~handle); {33753#true} is VALID [2022-02-20 18:00:09,120 INFO L290 TraceCheckUtils]: 28: Hoare triple {33753#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {33753#true} is VALID [2022-02-20 18:00:09,120 INFO L290 TraceCheckUtils]: 29: Hoare triple {33753#true} assume true; {33753#true} is VALID [2022-02-20 18:00:09,120 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {33753#true} {33753#true} #907#return; {33753#true} is VALID [2022-02-20 18:00:09,120 INFO L290 TraceCheckUtils]: 31: Hoare triple {33753#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet12#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {33753#true} is VALID [2022-02-20 18:00:09,120 INFO L272 TraceCheckUtils]: 32: Hoare triple {33753#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {33810#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:09,121 INFO L290 TraceCheckUtils]: 33: Hoare triple {33810#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {33753#true} is VALID [2022-02-20 18:00:09,121 INFO L290 TraceCheckUtils]: 34: Hoare triple {33753#true} assume !(1 == ~handle); {33753#true} is VALID [2022-02-20 18:00:09,121 INFO L290 TraceCheckUtils]: 35: Hoare triple {33753#true} assume !(2 == ~handle); {33753#true} is VALID [2022-02-20 18:00:09,121 INFO L290 TraceCheckUtils]: 36: Hoare triple {33753#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {33753#true} is VALID [2022-02-20 18:00:09,121 INFO L290 TraceCheckUtils]: 37: Hoare triple {33753#true} assume true; {33753#true} is VALID [2022-02-20 18:00:09,121 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {33753#true} {33753#true} #909#return; {33753#true} is VALID [2022-02-20 18:00:09,121 INFO L290 TraceCheckUtils]: 39: Hoare triple {33753#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {33753#true} is VALID [2022-02-20 18:00:09,122 INFO L272 TraceCheckUtils]: 40: Hoare triple {33753#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {33811#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:09,122 INFO L290 TraceCheckUtils]: 41: Hoare triple {33811#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {33753#true} is VALID [2022-02-20 18:00:09,122 INFO L290 TraceCheckUtils]: 42: Hoare triple {33753#true} assume !(1 == ~handle); {33753#true} is VALID [2022-02-20 18:00:09,122 INFO L290 TraceCheckUtils]: 43: Hoare triple {33753#true} assume !(2 == ~handle); {33753#true} is VALID [2022-02-20 18:00:09,122 INFO L290 TraceCheckUtils]: 44: Hoare triple {33753#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {33753#true} is VALID [2022-02-20 18:00:09,122 INFO L290 TraceCheckUtils]: 45: Hoare triple {33753#true} assume true; {33753#true} is VALID [2022-02-20 18:00:09,122 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {33753#true} {33753#true} #911#return; {33753#true} is VALID [2022-02-20 18:00:09,122 INFO L290 TraceCheckUtils]: 47: Hoare triple {33753#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 8, 0;havoc setup_#t~nondet13#1; {33753#true} is VALID [2022-02-20 18:00:09,123 INFO L290 TraceCheckUtils]: 48: Hoare triple {33753#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {33785#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 18:00:09,123 INFO L290 TraceCheckUtils]: 49: Hoare triple {33785#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume !false; {33785#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 18:00:09,123 INFO L290 TraceCheckUtils]: 50: Hoare triple {33785#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {33785#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 18:00:09,123 INFO L290 TraceCheckUtils]: 51: Hoare triple {33785#(= |ULTIMATE.start_test_~op3~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {33785#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 18:00:09,124 INFO L290 TraceCheckUtils]: 52: Hoare triple {33785#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet40#1 && test_#t~nondet40#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet40#1;havoc test_#t~nondet40#1; {33785#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 18:00:09,124 INFO L290 TraceCheckUtils]: 53: Hoare triple {33785#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume !(0 != test_~tmp___9~0#1); {33785#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 18:00:09,124 INFO L290 TraceCheckUtils]: 54: Hoare triple {33785#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet41#1 && test_#t~nondet41#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet41#1;havoc test_#t~nondet41#1; {33785#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 18:00:09,124 INFO L290 TraceCheckUtils]: 55: Hoare triple {33785#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume !(0 != test_~tmp___8~0#1); {33785#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 18:00:09,125 INFO L290 TraceCheckUtils]: 56: Hoare triple {33785#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume !(0 == test_~op3~0#1); {33754#false} is VALID [2022-02-20 18:00:09,125 INFO L290 TraceCheckUtils]: 57: Hoare triple {33754#false} assume !(0 == test_~op4~0#1); {33754#false} is VALID [2022-02-20 18:00:09,125 INFO L290 TraceCheckUtils]: 58: Hoare triple {33754#false} assume !(0 == test_~op5~0#1); {33754#false} is VALID [2022-02-20 18:00:09,125 INFO L290 TraceCheckUtils]: 59: Hoare triple {33754#false} assume !(0 == test_~op6~0#1); {33754#false} is VALID [2022-02-20 18:00:09,125 INFO L290 TraceCheckUtils]: 60: Hoare triple {33754#false} assume !(0 == test_~op7~0#1); {33754#false} is VALID [2022-02-20 18:00:09,125 INFO L290 TraceCheckUtils]: 61: Hoare triple {33754#false} assume !(0 == test_~op8~0#1); {33754#false} is VALID [2022-02-20 18:00:09,125 INFO L290 TraceCheckUtils]: 62: Hoare triple {33754#false} assume !(0 == test_~op9~0#1); {33754#false} is VALID [2022-02-20 18:00:09,125 INFO L290 TraceCheckUtils]: 63: Hoare triple {33754#false} assume !(0 == test_~op10~0#1); {33754#false} is VALID [2022-02-20 18:00:09,126 INFO L290 TraceCheckUtils]: 64: Hoare triple {33754#false} assume !(0 == test_~op11~0#1); {33754#false} is VALID [2022-02-20 18:00:09,126 INFO L290 TraceCheckUtils]: 65: Hoare triple {33754#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret6#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret6#1 && bobToRjh_#t~ret6#1 <= 2147483647;havoc bobToRjh_#t~ret6#1; {33754#false} is VALID [2022-02-20 18:00:09,126 INFO L272 TraceCheckUtils]: 66: Hoare triple {33754#false} call sendEmail(~bob~0, ~rjh~0); {33754#false} is VALID [2022-02-20 18:00:09,126 INFO L290 TraceCheckUtils]: 67: Hoare triple {33754#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~31#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~31#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {33754#false} is VALID [2022-02-20 18:00:09,126 INFO L272 TraceCheckUtils]: 68: Hoare triple {33754#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {33812#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:09,126 INFO L290 TraceCheckUtils]: 69: Hoare triple {33812#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {33753#true} is VALID [2022-02-20 18:00:09,126 INFO L290 TraceCheckUtils]: 70: Hoare triple {33753#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {33753#true} is VALID [2022-02-20 18:00:09,126 INFO L290 TraceCheckUtils]: 71: Hoare triple {33753#true} assume true; {33753#true} is VALID [2022-02-20 18:00:09,126 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {33753#true} {33754#false} #895#return; {33754#false} is VALID [2022-02-20 18:00:09,126 INFO L272 TraceCheckUtils]: 73: Hoare triple {33754#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {33813#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:00:09,127 INFO L290 TraceCheckUtils]: 74: Hoare triple {33813#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {33753#true} is VALID [2022-02-20 18:00:09,127 INFO L290 TraceCheckUtils]: 75: Hoare triple {33753#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {33753#true} is VALID [2022-02-20 18:00:09,127 INFO L290 TraceCheckUtils]: 76: Hoare triple {33753#true} assume true; {33753#true} is VALID [2022-02-20 18:00:09,127 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {33753#true} {33754#false} #897#return; {33754#false} is VALID [2022-02-20 18:00:09,127 INFO L290 TraceCheckUtils]: 78: Hoare triple {33754#false} createEmail_~retValue_acc~31#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~31#1; {33754#false} is VALID [2022-02-20 18:00:09,127 INFO L290 TraceCheckUtils]: 79: Hoare triple {33754#false} #t~ret84#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret84#1 && #t~ret84#1 <= 2147483647;~tmp~17#1 := #t~ret84#1;havoc #t~ret84#1;~email~0#1 := ~tmp~17#1; {33754#false} is VALID [2022-02-20 18:00:09,127 INFO L272 TraceCheckUtils]: 80: Hoare triple {33754#false} call outgoing(~sender#1, ~email~0#1); {33754#false} is VALID [2022-02-20 18:00:09,127 INFO L290 TraceCheckUtils]: 81: Hoare triple {33754#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret88#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~19#1; {33754#false} is VALID [2022-02-20 18:00:09,127 INFO L272 TraceCheckUtils]: 82: Hoare triple {33754#false} call sign_#t~ret88#1 := getClientPrivateKey(sign_~client#1); {33753#true} is VALID [2022-02-20 18:00:09,127 INFO L290 TraceCheckUtils]: 83: Hoare triple {33753#true} ~handle := #in~handle;havoc ~retValue_acc~9; {33753#true} is VALID [2022-02-20 18:00:09,128 INFO L290 TraceCheckUtils]: 84: Hoare triple {33753#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {33753#true} is VALID [2022-02-20 18:00:09,128 INFO L290 TraceCheckUtils]: 85: Hoare triple {33753#true} assume true; {33753#true} is VALID [2022-02-20 18:00:09,128 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {33753#true} {33754#false} #865#return; {33754#false} is VALID [2022-02-20 18:00:09,128 INFO L290 TraceCheckUtils]: 87: Hoare triple {33754#false} assume -2147483648 <= sign_#t~ret88#1 && sign_#t~ret88#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret88#1;havoc sign_#t~ret88#1;sign_~privkey~0#1 := sign_~tmp~19#1; {33754#false} is VALID [2022-02-20 18:00:09,128 INFO L290 TraceCheckUtils]: 88: Hoare triple {33754#false} assume 0 == sign_~privkey~0#1; {33754#false} is VALID [2022-02-20 18:00:09,128 INFO L290 TraceCheckUtils]: 89: Hoare triple {33754#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret80#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__AutoResponder_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {33754#false} is VALID [2022-02-20 18:00:09,128 INFO L290 TraceCheckUtils]: 90: Hoare triple {33754#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {33754#false} is VALID [2022-02-20 18:00:09,128 INFO L290 TraceCheckUtils]: 91: Hoare triple {33754#false} outgoing__wrappee__AutoResponder_#t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret80#1 && outgoing__wrappee__AutoResponder_#t~ret80#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret80#1;havoc outgoing__wrappee__AutoResponder_#t~ret80#1; {33754#false} is VALID [2022-02-20 18:00:09,128 INFO L272 TraceCheckUtils]: 92: Hoare triple {33754#false} call setEmailFrom(outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1); {33812#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:09,128 INFO L290 TraceCheckUtils]: 93: Hoare triple {33812#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {33753#true} is VALID [2022-02-20 18:00:09,129 INFO L290 TraceCheckUtils]: 94: Hoare triple {33753#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {33753#true} is VALID [2022-02-20 18:00:09,129 INFO L290 TraceCheckUtils]: 95: Hoare triple {33753#true} assume true; {33753#true} is VALID [2022-02-20 18:00:09,129 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {33753#true} {33754#false} #867#return; {33754#false} is VALID [2022-02-20 18:00:09,129 INFO L290 TraceCheckUtils]: 97: Hoare triple {33754#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret75#1, __utac_acc__SignForward_spec__1_#t~ret76#1, __utac_acc__SignForward_spec__1_#t~ret77#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~12#1, __utac_acc__SignForward_spec__1_~tmp___0~5#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~12#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~5#1;call __utac_acc__SignForward_spec__1_#t~ret75#1 := puts(31, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret75#1 && __utac_acc__SignForward_spec__1_#t~ret75#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret75#1; {33754#false} is VALID [2022-02-20 18:00:09,129 INFO L272 TraceCheckUtils]: 98: Hoare triple {33754#false} call __utac_acc__SignForward_spec__1_#t~ret76#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {33753#true} is VALID [2022-02-20 18:00:09,129 INFO L290 TraceCheckUtils]: 99: Hoare triple {33753#true} ~handle := #in~handle;havoc ~retValue_acc~25; {33753#true} is VALID [2022-02-20 18:00:09,129 INFO L290 TraceCheckUtils]: 100: Hoare triple {33753#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~25; {33753#true} is VALID [2022-02-20 18:00:09,129 INFO L290 TraceCheckUtils]: 101: Hoare triple {33753#true} assume true; {33753#true} is VALID [2022-02-20 18:00:09,129 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {33753#true} {33754#false} #869#return; {33754#false} is VALID [2022-02-20 18:00:09,129 INFO L290 TraceCheckUtils]: 103: Hoare triple {33754#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret76#1 && __utac_acc__SignForward_spec__1_#t~ret76#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~5#1 := __utac_acc__SignForward_spec__1_#t~ret76#1;havoc __utac_acc__SignForward_spec__1_#t~ret76#1; {33754#false} is VALID [2022-02-20 18:00:09,130 INFO L290 TraceCheckUtils]: 104: Hoare triple {33754#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~5#1; {33754#false} is VALID [2022-02-20 18:00:09,130 INFO L272 TraceCheckUtils]: 105: Hoare triple {33754#false} call __utac_acc__SignForward_spec__1_#t~ret77#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {33753#true} is VALID [2022-02-20 18:00:09,130 INFO L290 TraceCheckUtils]: 106: Hoare triple {33753#true} ~handle := #in~handle;havoc ~retValue_acc~9; {33753#true} is VALID [2022-02-20 18:00:09,130 INFO L290 TraceCheckUtils]: 107: Hoare triple {33753#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {33753#true} is VALID [2022-02-20 18:00:09,130 INFO L290 TraceCheckUtils]: 108: Hoare triple {33753#true} assume true; {33753#true} is VALID [2022-02-20 18:00:09,130 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {33753#true} {33754#false} #871#return; {33754#false} is VALID [2022-02-20 18:00:09,130 INFO L290 TraceCheckUtils]: 110: Hoare triple {33754#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret77#1 && __utac_acc__SignForward_spec__1_#t~ret77#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~12#1 := __utac_acc__SignForward_spec__1_#t~ret77#1;havoc __utac_acc__SignForward_spec__1_#t~ret77#1; {33754#false} is VALID [2022-02-20 18:00:09,130 INFO L290 TraceCheckUtils]: 111: Hoare triple {33754#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~12#1;assume { :begin_inline___automaton_fail } true; {33754#false} is VALID [2022-02-20 18:00:09,130 INFO L290 TraceCheckUtils]: 112: Hoare triple {33754#false} assume !false; {33754#false} is VALID [2022-02-20 18:00:09,131 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 34 trivial. 0 not checked. [2022-02-20 18:00:09,131 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:00:09,131 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1516688103] [2022-02-20 18:00:09,131 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1516688103] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:00:09,131 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:00:09,131 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2022-02-20 18:00:09,131 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1084232915] [2022-02-20 18:00:09,131 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:00:09,132 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 10.142857142857142) internal successors, (71), 3 states have internal predecessors, (71), 2 states have call successors, (14), 6 states have call predecessors, (14), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 113 [2022-02-20 18:00:09,132 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:00:09,132 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 7 states, 7 states have (on average 10.142857142857142) internal successors, (71), 3 states have internal predecessors, (71), 2 states have call successors, (14), 6 states have call predecessors, (14), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:00:09,183 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 97 edges. 97 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:09,183 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2022-02-20 18:00:09,183 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:00:09,184 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2022-02-20 18:00:09,184 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2022-02-20 18:00:09,185 INFO L87 Difference]: Start difference. First operand 971 states and 1620 transitions. Second operand has 7 states, 7 states have (on average 10.142857142857142) internal successors, (71), 3 states have internal predecessors, (71), 2 states have call successors, (14), 6 states have call predecessors, (14), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:00:12,626 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:12,626 INFO L93 Difference]: Finished difference Result 2416 states and 4087 transitions. [2022-02-20 18:00:12,626 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 18:00:12,626 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 10.142857142857142) internal successors, (71), 3 states have internal predecessors, (71), 2 states have call successors, (14), 6 states have call predecessors, (14), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 113 [2022-02-20 18:00:12,626 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:00:12,626 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 10.142857142857142) internal successors, (71), 3 states have internal predecessors, (71), 2 states have call successors, (14), 6 states have call predecessors, (14), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:00:12,633 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1118 transitions. [2022-02-20 18:00:12,633 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 10.142857142857142) internal successors, (71), 3 states have internal predecessors, (71), 2 states have call successors, (14), 6 states have call predecessors, (14), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:00:12,640 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1118 transitions. [2022-02-20 18:00:12,640 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 1118 transitions. [2022-02-20 18:00:13,509 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1118 edges. 1118 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:13,631 INFO L225 Difference]: With dead ends: 2416 [2022-02-20 18:00:13,631 INFO L226 Difference]: Without dead ends: 1576 [2022-02-20 18:00:13,649 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 37 GetRequests, 26 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 15 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=48, Invalid=108, Unknown=0, NotChecked=0, Total=156 [2022-02-20 18:00:13,649 INFO L933 BasicCegarLoop]: 527 mSDtfsCounter, 996 mSDsluCounter, 628 mSDsCounter, 0 mSdLazyCounter, 816 mSolverCounterSat, 340 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1011 SdHoareTripleChecker+Valid, 1155 SdHoareTripleChecker+Invalid, 1156 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 340 IncrementalHoareTripleChecker+Valid, 816 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:00:13,649 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1011 Valid, 1155 Invalid, 1156 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [340 Valid, 816 Invalid, 0 Unknown, 0 Unchecked, 1.1s Time] [2022-02-20 18:00:13,664 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1576 states. [2022-02-20 18:00:14,733 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1576 to 1464. [2022-02-20 18:00:14,733 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:00:14,736 INFO L82 GeneralOperation]: Start isEquivalent. First operand 1576 states. Second operand has 1464 states, 1168 states have (on average 1.6035958904109588) internal successors, (1873), 1173 states have internal predecessors, (1873), 274 states have call successors, (274), 17 states have call predecessors, (274), 21 states have return successors, (305), 273 states have call predecessors, (305), 273 states have call successors, (305) [2022-02-20 18:00:14,751 INFO L74 IsIncluded]: Start isIncluded. First operand 1576 states. Second operand has 1464 states, 1168 states have (on average 1.6035958904109588) internal successors, (1873), 1173 states have internal predecessors, (1873), 274 states have call successors, (274), 17 states have call predecessors, (274), 21 states have return successors, (305), 273 states have call predecessors, (305), 273 states have call successors, (305) [2022-02-20 18:00:14,753 INFO L87 Difference]: Start difference. First operand 1576 states. Second operand has 1464 states, 1168 states have (on average 1.6035958904109588) internal successors, (1873), 1173 states have internal predecessors, (1873), 274 states have call successors, (274), 17 states have call predecessors, (274), 21 states have return successors, (305), 273 states have call predecessors, (305), 273 states have call successors, (305) [2022-02-20 18:00:14,886 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:14,886 INFO L93 Difference]: Finished difference Result 1576 states and 2672 transitions. [2022-02-20 18:00:14,886 INFO L276 IsEmpty]: Start isEmpty. Operand 1576 states and 2672 transitions. [2022-02-20 18:00:14,891 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:14,891 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:14,893 INFO L74 IsIncluded]: Start isIncluded. First operand has 1464 states, 1168 states have (on average 1.6035958904109588) internal successors, (1873), 1173 states have internal predecessors, (1873), 274 states have call successors, (274), 17 states have call predecessors, (274), 21 states have return successors, (305), 273 states have call predecessors, (305), 273 states have call successors, (305) Second operand 1576 states. [2022-02-20 18:00:14,894 INFO L87 Difference]: Start difference. First operand has 1464 states, 1168 states have (on average 1.6035958904109588) internal successors, (1873), 1173 states have internal predecessors, (1873), 274 states have call successors, (274), 17 states have call predecessors, (274), 21 states have return successors, (305), 273 states have call predecessors, (305), 273 states have call successors, (305) Second operand 1576 states. [2022-02-20 18:00:14,978 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:14,978 INFO L93 Difference]: Finished difference Result 1576 states and 2672 transitions. [2022-02-20 18:00:14,978 INFO L276 IsEmpty]: Start isEmpty. Operand 1576 states and 2672 transitions. [2022-02-20 18:00:14,983 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:14,983 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:14,983 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:00:14,983 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:00:14,985 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1464 states, 1168 states have (on average 1.6035958904109588) internal successors, (1873), 1173 states have internal predecessors, (1873), 274 states have call successors, (274), 17 states have call predecessors, (274), 21 states have return successors, (305), 273 states have call predecessors, (305), 273 states have call successors, (305) [2022-02-20 18:00:15,076 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1464 states to 1464 states and 2452 transitions. [2022-02-20 18:00:15,076 INFO L78 Accepts]: Start accepts. Automaton has 1464 states and 2452 transitions. Word has length 113 [2022-02-20 18:00:15,076 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:00:15,076 INFO L470 AbstractCegarLoop]: Abstraction has 1464 states and 2452 transitions. [2022-02-20 18:00:15,077 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 10.142857142857142) internal successors, (71), 3 states have internal predecessors, (71), 2 states have call successors, (14), 6 states have call predecessors, (14), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:00:15,077 INFO L276 IsEmpty]: Start isEmpty. Operand 1464 states and 2452 transitions. [2022-02-20 18:00:15,080 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 115 [2022-02-20 18:00:15,080 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:00:15,081 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:00:15,081 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable11 [2022-02-20 18:00:15,081 INFO L402 AbstractCegarLoop]: === Iteration 13 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:00:15,081 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:00:15,081 INFO L85 PathProgramCache]: Analyzing trace with hash 913875667, now seen corresponding path program 1 times [2022-02-20 18:00:15,081 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:00:15,081 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1407091324] [2022-02-20 18:00:15,081 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:15,082 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:00:15,126 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,164 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:00:15,165 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,167 INFO L290 TraceCheckUtils]: 0: Hoare triple {42787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {42730#true} is VALID [2022-02-20 18:00:15,167 INFO L290 TraceCheckUtils]: 1: Hoare triple {42730#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {42730#true} is VALID [2022-02-20 18:00:15,167 INFO L290 TraceCheckUtils]: 2: Hoare triple {42730#true} assume true; {42730#true} is VALID [2022-02-20 18:00:15,167 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {42730#true} {42730#true} #901#return; {42730#true} is VALID [2022-02-20 18:00:15,188 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:00:15,189 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,191 INFO L290 TraceCheckUtils]: 0: Hoare triple {42788#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {42730#true} is VALID [2022-02-20 18:00:15,191 INFO L290 TraceCheckUtils]: 1: Hoare triple {42730#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {42730#true} is VALID [2022-02-20 18:00:15,191 INFO L290 TraceCheckUtils]: 2: Hoare triple {42730#true} assume true; {42730#true} is VALID [2022-02-20 18:00:15,191 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {42730#true} {42730#true} #903#return; {42730#true} is VALID [2022-02-20 18:00:15,191 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:00:15,192 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,194 INFO L290 TraceCheckUtils]: 0: Hoare triple {42787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {42730#true} is VALID [2022-02-20 18:00:15,194 INFO L290 TraceCheckUtils]: 1: Hoare triple {42730#true} assume !(1 == ~handle); {42730#true} is VALID [2022-02-20 18:00:15,194 INFO L290 TraceCheckUtils]: 2: Hoare triple {42730#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {42730#true} is VALID [2022-02-20 18:00:15,194 INFO L290 TraceCheckUtils]: 3: Hoare triple {42730#true} assume true; {42730#true} is VALID [2022-02-20 18:00:15,194 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {42730#true} {42730#true} #905#return; {42730#true} is VALID [2022-02-20 18:00:15,194 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:00:15,196 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,198 INFO L290 TraceCheckUtils]: 0: Hoare triple {42788#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {42730#true} is VALID [2022-02-20 18:00:15,198 INFO L290 TraceCheckUtils]: 1: Hoare triple {42730#true} assume !(1 == ~handle); {42730#true} is VALID [2022-02-20 18:00:15,198 INFO L290 TraceCheckUtils]: 2: Hoare triple {42730#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {42730#true} is VALID [2022-02-20 18:00:15,199 INFO L290 TraceCheckUtils]: 3: Hoare triple {42730#true} assume true; {42730#true} is VALID [2022-02-20 18:00:15,199 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {42730#true} {42730#true} #907#return; {42730#true} is VALID [2022-02-20 18:00:15,199 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:00:15,200 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,201 INFO L290 TraceCheckUtils]: 0: Hoare triple {42787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {42730#true} is VALID [2022-02-20 18:00:15,202 INFO L290 TraceCheckUtils]: 1: Hoare triple {42730#true} assume !(1 == ~handle); {42730#true} is VALID [2022-02-20 18:00:15,202 INFO L290 TraceCheckUtils]: 2: Hoare triple {42730#true} assume !(2 == ~handle); {42730#true} is VALID [2022-02-20 18:00:15,202 INFO L290 TraceCheckUtils]: 3: Hoare triple {42730#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {42730#true} is VALID [2022-02-20 18:00:15,202 INFO L290 TraceCheckUtils]: 4: Hoare triple {42730#true} assume true; {42730#true} is VALID [2022-02-20 18:00:15,202 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {42730#true} {42730#true} #909#return; {42730#true} is VALID [2022-02-20 18:00:15,202 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:00:15,203 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,207 INFO L290 TraceCheckUtils]: 0: Hoare triple {42788#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {42730#true} is VALID [2022-02-20 18:00:15,207 INFO L290 TraceCheckUtils]: 1: Hoare triple {42730#true} assume !(1 == ~handle); {42730#true} is VALID [2022-02-20 18:00:15,207 INFO L290 TraceCheckUtils]: 2: Hoare triple {42730#true} assume !(2 == ~handle); {42730#true} is VALID [2022-02-20 18:00:15,208 INFO L290 TraceCheckUtils]: 3: Hoare triple {42730#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {42730#true} is VALID [2022-02-20 18:00:15,208 INFO L290 TraceCheckUtils]: 4: Hoare triple {42730#true} assume true; {42730#true} is VALID [2022-02-20 18:00:15,218 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {42730#true} {42730#true} #911#return; {42730#true} is VALID [2022-02-20 18:00:15,240 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 18:00:15,241 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,242 INFO L290 TraceCheckUtils]: 0: Hoare triple {42789#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {42730#true} is VALID [2022-02-20 18:00:15,243 INFO L290 TraceCheckUtils]: 1: Hoare triple {42730#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {42730#true} is VALID [2022-02-20 18:00:15,243 INFO L290 TraceCheckUtils]: 2: Hoare triple {42730#true} assume true; {42730#true} is VALID [2022-02-20 18:00:15,243 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {42730#true} {42731#false} #895#return; {42731#false} is VALID [2022-02-20 18:00:15,248 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 74 [2022-02-20 18:00:15,248 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,250 INFO L290 TraceCheckUtils]: 0: Hoare triple {42790#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {42730#true} is VALID [2022-02-20 18:00:15,250 INFO L290 TraceCheckUtils]: 1: Hoare triple {42730#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {42730#true} is VALID [2022-02-20 18:00:15,250 INFO L290 TraceCheckUtils]: 2: Hoare triple {42730#true} assume true; {42730#true} is VALID [2022-02-20 18:00:15,250 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {42730#true} {42731#false} #897#return; {42731#false} is VALID [2022-02-20 18:00:15,250 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83 [2022-02-20 18:00:15,251 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,252 INFO L290 TraceCheckUtils]: 0: Hoare triple {42730#true} ~handle := #in~handle;havoc ~retValue_acc~9; {42730#true} is VALID [2022-02-20 18:00:15,252 INFO L290 TraceCheckUtils]: 1: Hoare triple {42730#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {42730#true} is VALID [2022-02-20 18:00:15,252 INFO L290 TraceCheckUtils]: 2: Hoare triple {42730#true} assume true; {42730#true} is VALID [2022-02-20 18:00:15,252 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {42730#true} {42731#false} #865#return; {42731#false} is VALID [2022-02-20 18:00:15,252 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 18:00:15,253 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,254 INFO L290 TraceCheckUtils]: 0: Hoare triple {42789#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {42730#true} is VALID [2022-02-20 18:00:15,254 INFO L290 TraceCheckUtils]: 1: Hoare triple {42730#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {42730#true} is VALID [2022-02-20 18:00:15,254 INFO L290 TraceCheckUtils]: 2: Hoare triple {42730#true} assume true; {42730#true} is VALID [2022-02-20 18:00:15,254 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {42730#true} {42731#false} #867#return; {42731#false} is VALID [2022-02-20 18:00:15,254 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99 [2022-02-20 18:00:15,255 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,256 INFO L290 TraceCheckUtils]: 0: Hoare triple {42730#true} ~handle := #in~handle;havoc ~retValue_acc~25; {42730#true} is VALID [2022-02-20 18:00:15,256 INFO L290 TraceCheckUtils]: 1: Hoare triple {42730#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~25; {42730#true} is VALID [2022-02-20 18:00:15,256 INFO L290 TraceCheckUtils]: 2: Hoare triple {42730#true} assume true; {42730#true} is VALID [2022-02-20 18:00:15,256 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {42730#true} {42731#false} #869#return; {42731#false} is VALID [2022-02-20 18:00:15,257 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 106 [2022-02-20 18:00:15,257 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,258 INFO L290 TraceCheckUtils]: 0: Hoare triple {42730#true} ~handle := #in~handle;havoc ~retValue_acc~9; {42730#true} is VALID [2022-02-20 18:00:15,258 INFO L290 TraceCheckUtils]: 1: Hoare triple {42730#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {42730#true} is VALID [2022-02-20 18:00:15,259 INFO L290 TraceCheckUtils]: 2: Hoare triple {42730#true} assume true; {42730#true} is VALID [2022-02-20 18:00:15,259 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {42730#true} {42731#false} #871#return; {42731#false} is VALID [2022-02-20 18:00:15,259 INFO L290 TraceCheckUtils]: 0: Hoare triple {42730#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(13, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(20, 34);call #Ultimate.allocInit(22, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(115, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {42730#true} is VALID [2022-02-20 18:00:15,271 INFO L290 TraceCheckUtils]: 1: Hoare triple {42730#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret14#1, main_~retValue_acc~28#1, main_~tmp~3#1;havoc main_~retValue_acc~28#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {42730#true} is VALID [2022-02-20 18:00:15,271 INFO L290 TraceCheckUtils]: 2: Hoare triple {42730#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {42730#true} is VALID [2022-02-20 18:00:15,271 INFO L290 TraceCheckUtils]: 3: Hoare triple {42730#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~36#1;havoc valid_product_~retValue_acc~36#1;valid_product_~retValue_acc~36#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~36#1; {42730#true} is VALID [2022-02-20 18:00:15,271 INFO L290 TraceCheckUtils]: 4: Hoare triple {42730#true} main_#t~ret14#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret14#1 && main_#t~ret14#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret14#1;havoc main_#t~ret14#1; {42730#true} is VALID [2022-02-20 18:00:15,271 INFO L290 TraceCheckUtils]: 5: Hoare triple {42730#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet11#1, setup_#t~nondet12#1, setup_#t~nondet13#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {42730#true} is VALID [2022-02-20 18:00:15,272 INFO L272 TraceCheckUtils]: 6: Hoare triple {42730#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {42787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:15,272 INFO L290 TraceCheckUtils]: 7: Hoare triple {42787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {42730#true} is VALID [2022-02-20 18:00:15,272 INFO L290 TraceCheckUtils]: 8: Hoare triple {42730#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {42730#true} is VALID [2022-02-20 18:00:15,272 INFO L290 TraceCheckUtils]: 9: Hoare triple {42730#true} assume true; {42730#true} is VALID [2022-02-20 18:00:15,272 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {42730#true} {42730#true} #901#return; {42730#true} is VALID [2022-02-20 18:00:15,272 INFO L290 TraceCheckUtils]: 11: Hoare triple {42730#true} assume { :end_inline_setup_bob__wrappee__Base } true; {42730#true} is VALID [2022-02-20 18:00:15,273 INFO L272 TraceCheckUtils]: 12: Hoare triple {42730#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {42788#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:15,273 INFO L290 TraceCheckUtils]: 13: Hoare triple {42788#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {42730#true} is VALID [2022-02-20 18:00:15,273 INFO L290 TraceCheckUtils]: 14: Hoare triple {42730#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {42730#true} is VALID [2022-02-20 18:00:15,273 INFO L290 TraceCheckUtils]: 15: Hoare triple {42730#true} assume true; {42730#true} is VALID [2022-02-20 18:00:15,273 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {42730#true} {42730#true} #903#return; {42730#true} is VALID [2022-02-20 18:00:15,273 INFO L290 TraceCheckUtils]: 17: Hoare triple {42730#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet11#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {42730#true} is VALID [2022-02-20 18:00:15,273 INFO L272 TraceCheckUtils]: 18: Hoare triple {42730#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {42787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:15,274 INFO L290 TraceCheckUtils]: 19: Hoare triple {42787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {42730#true} is VALID [2022-02-20 18:00:15,274 INFO L290 TraceCheckUtils]: 20: Hoare triple {42730#true} assume !(1 == ~handle); {42730#true} is VALID [2022-02-20 18:00:15,274 INFO L290 TraceCheckUtils]: 21: Hoare triple {42730#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {42730#true} is VALID [2022-02-20 18:00:15,274 INFO L290 TraceCheckUtils]: 22: Hoare triple {42730#true} assume true; {42730#true} is VALID [2022-02-20 18:00:15,274 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {42730#true} {42730#true} #905#return; {42730#true} is VALID [2022-02-20 18:00:15,274 INFO L290 TraceCheckUtils]: 24: Hoare triple {42730#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {42730#true} is VALID [2022-02-20 18:00:15,275 INFO L272 TraceCheckUtils]: 25: Hoare triple {42730#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {42788#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:15,276 INFO L290 TraceCheckUtils]: 26: Hoare triple {42788#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {42730#true} is VALID [2022-02-20 18:00:15,276 INFO L290 TraceCheckUtils]: 27: Hoare triple {42730#true} assume !(1 == ~handle); {42730#true} is VALID [2022-02-20 18:00:15,276 INFO L290 TraceCheckUtils]: 28: Hoare triple {42730#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {42730#true} is VALID [2022-02-20 18:00:15,276 INFO L290 TraceCheckUtils]: 29: Hoare triple {42730#true} assume true; {42730#true} is VALID [2022-02-20 18:00:15,276 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {42730#true} {42730#true} #907#return; {42730#true} is VALID [2022-02-20 18:00:15,276 INFO L290 TraceCheckUtils]: 31: Hoare triple {42730#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet12#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {42730#true} is VALID [2022-02-20 18:00:15,277 INFO L272 TraceCheckUtils]: 32: Hoare triple {42730#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {42787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:15,277 INFO L290 TraceCheckUtils]: 33: Hoare triple {42787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {42730#true} is VALID [2022-02-20 18:00:15,277 INFO L290 TraceCheckUtils]: 34: Hoare triple {42730#true} assume !(1 == ~handle); {42730#true} is VALID [2022-02-20 18:00:15,277 INFO L290 TraceCheckUtils]: 35: Hoare triple {42730#true} assume !(2 == ~handle); {42730#true} is VALID [2022-02-20 18:00:15,277 INFO L290 TraceCheckUtils]: 36: Hoare triple {42730#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {42730#true} is VALID [2022-02-20 18:00:15,278 INFO L290 TraceCheckUtils]: 37: Hoare triple {42730#true} assume true; {42730#true} is VALID [2022-02-20 18:00:15,278 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {42730#true} {42730#true} #909#return; {42730#true} is VALID [2022-02-20 18:00:15,278 INFO L290 TraceCheckUtils]: 39: Hoare triple {42730#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {42730#true} is VALID [2022-02-20 18:00:15,279 INFO L272 TraceCheckUtils]: 40: Hoare triple {42730#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {42788#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:15,279 INFO L290 TraceCheckUtils]: 41: Hoare triple {42788#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {42730#true} is VALID [2022-02-20 18:00:15,279 INFO L290 TraceCheckUtils]: 42: Hoare triple {42730#true} assume !(1 == ~handle); {42730#true} is VALID [2022-02-20 18:00:15,279 INFO L290 TraceCheckUtils]: 43: Hoare triple {42730#true} assume !(2 == ~handle); {42730#true} is VALID [2022-02-20 18:00:15,279 INFO L290 TraceCheckUtils]: 44: Hoare triple {42730#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {42730#true} is VALID [2022-02-20 18:00:15,279 INFO L290 TraceCheckUtils]: 45: Hoare triple {42730#true} assume true; {42730#true} is VALID [2022-02-20 18:00:15,279 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {42730#true} {42730#true} #911#return; {42730#true} is VALID [2022-02-20 18:00:15,279 INFO L290 TraceCheckUtils]: 47: Hoare triple {42730#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 8, 0;havoc setup_#t~nondet13#1; {42730#true} is VALID [2022-02-20 18:00:15,280 INFO L290 TraceCheckUtils]: 48: Hoare triple {42730#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {42762#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 18:00:15,280 INFO L290 TraceCheckUtils]: 49: Hoare triple {42762#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume !false; {42762#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 18:00:15,280 INFO L290 TraceCheckUtils]: 50: Hoare triple {42762#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {42762#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 18:00:15,281 INFO L290 TraceCheckUtils]: 51: Hoare triple {42762#(= |ULTIMATE.start_test_~op4~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {42762#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 18:00:15,281 INFO L290 TraceCheckUtils]: 52: Hoare triple {42762#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet40#1 && test_#t~nondet40#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet40#1;havoc test_#t~nondet40#1; {42762#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 18:00:15,281 INFO L290 TraceCheckUtils]: 53: Hoare triple {42762#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume !(0 != test_~tmp___9~0#1); {42762#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 18:00:15,281 INFO L290 TraceCheckUtils]: 54: Hoare triple {42762#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet41#1 && test_#t~nondet41#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet41#1;havoc test_#t~nondet41#1; {42762#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 18:00:15,282 INFO L290 TraceCheckUtils]: 55: Hoare triple {42762#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume !(0 != test_~tmp___8~0#1); {42762#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 18:00:15,282 INFO L290 TraceCheckUtils]: 56: Hoare triple {42762#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume 0 == test_~op3~0#1;assume -2147483648 <= test_#t~nondet42#1 && test_#t~nondet42#1 <= 2147483647;test_~tmp___7~0#1 := test_#t~nondet42#1;havoc test_#t~nondet42#1; {42762#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 18:00:15,282 INFO L290 TraceCheckUtils]: 57: Hoare triple {42762#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume !(0 != test_~tmp___7~0#1); {42762#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 18:00:15,282 INFO L290 TraceCheckUtils]: 58: Hoare triple {42762#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume !(0 == test_~op4~0#1); {42731#false} is VALID [2022-02-20 18:00:15,283 INFO L290 TraceCheckUtils]: 59: Hoare triple {42731#false} assume !(0 == test_~op5~0#1); {42731#false} is VALID [2022-02-20 18:00:15,283 INFO L290 TraceCheckUtils]: 60: Hoare triple {42731#false} assume !(0 == test_~op6~0#1); {42731#false} is VALID [2022-02-20 18:00:15,283 INFO L290 TraceCheckUtils]: 61: Hoare triple {42731#false} assume !(0 == test_~op7~0#1); {42731#false} is VALID [2022-02-20 18:00:15,283 INFO L290 TraceCheckUtils]: 62: Hoare triple {42731#false} assume !(0 == test_~op8~0#1); {42731#false} is VALID [2022-02-20 18:00:15,283 INFO L290 TraceCheckUtils]: 63: Hoare triple {42731#false} assume !(0 == test_~op9~0#1); {42731#false} is VALID [2022-02-20 18:00:15,283 INFO L290 TraceCheckUtils]: 64: Hoare triple {42731#false} assume !(0 == test_~op10~0#1); {42731#false} is VALID [2022-02-20 18:00:15,283 INFO L290 TraceCheckUtils]: 65: Hoare triple {42731#false} assume !(0 == test_~op11~0#1); {42731#false} is VALID [2022-02-20 18:00:15,283 INFO L290 TraceCheckUtils]: 66: Hoare triple {42731#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret6#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret6#1 && bobToRjh_#t~ret6#1 <= 2147483647;havoc bobToRjh_#t~ret6#1; {42731#false} is VALID [2022-02-20 18:00:15,283 INFO L272 TraceCheckUtils]: 67: Hoare triple {42731#false} call sendEmail(~bob~0, ~rjh~0); {42731#false} is VALID [2022-02-20 18:00:15,284 INFO L290 TraceCheckUtils]: 68: Hoare triple {42731#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~31#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~31#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {42731#false} is VALID [2022-02-20 18:00:15,284 INFO L272 TraceCheckUtils]: 69: Hoare triple {42731#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {42789#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:15,284 INFO L290 TraceCheckUtils]: 70: Hoare triple {42789#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {42730#true} is VALID [2022-02-20 18:00:15,284 INFO L290 TraceCheckUtils]: 71: Hoare triple {42730#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {42730#true} is VALID [2022-02-20 18:00:15,284 INFO L290 TraceCheckUtils]: 72: Hoare triple {42730#true} assume true; {42730#true} is VALID [2022-02-20 18:00:15,284 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {42730#true} {42731#false} #895#return; {42731#false} is VALID [2022-02-20 18:00:15,284 INFO L272 TraceCheckUtils]: 74: Hoare triple {42731#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {42790#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:00:15,284 INFO L290 TraceCheckUtils]: 75: Hoare triple {42790#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {42730#true} is VALID [2022-02-20 18:00:15,284 INFO L290 TraceCheckUtils]: 76: Hoare triple {42730#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {42730#true} is VALID [2022-02-20 18:00:15,284 INFO L290 TraceCheckUtils]: 77: Hoare triple {42730#true} assume true; {42730#true} is VALID [2022-02-20 18:00:15,285 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {42730#true} {42731#false} #897#return; {42731#false} is VALID [2022-02-20 18:00:15,285 INFO L290 TraceCheckUtils]: 79: Hoare triple {42731#false} createEmail_~retValue_acc~31#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~31#1; {42731#false} is VALID [2022-02-20 18:00:15,285 INFO L290 TraceCheckUtils]: 80: Hoare triple {42731#false} #t~ret84#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret84#1 && #t~ret84#1 <= 2147483647;~tmp~17#1 := #t~ret84#1;havoc #t~ret84#1;~email~0#1 := ~tmp~17#1; {42731#false} is VALID [2022-02-20 18:00:15,285 INFO L272 TraceCheckUtils]: 81: Hoare triple {42731#false} call outgoing(~sender#1, ~email~0#1); {42731#false} is VALID [2022-02-20 18:00:15,285 INFO L290 TraceCheckUtils]: 82: Hoare triple {42731#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret88#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~19#1; {42731#false} is VALID [2022-02-20 18:00:15,285 INFO L272 TraceCheckUtils]: 83: Hoare triple {42731#false} call sign_#t~ret88#1 := getClientPrivateKey(sign_~client#1); {42730#true} is VALID [2022-02-20 18:00:15,285 INFO L290 TraceCheckUtils]: 84: Hoare triple {42730#true} ~handle := #in~handle;havoc ~retValue_acc~9; {42730#true} is VALID [2022-02-20 18:00:15,285 INFO L290 TraceCheckUtils]: 85: Hoare triple {42730#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {42730#true} is VALID [2022-02-20 18:00:15,285 INFO L290 TraceCheckUtils]: 86: Hoare triple {42730#true} assume true; {42730#true} is VALID [2022-02-20 18:00:15,286 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {42730#true} {42731#false} #865#return; {42731#false} is VALID [2022-02-20 18:00:15,286 INFO L290 TraceCheckUtils]: 88: Hoare triple {42731#false} assume -2147483648 <= sign_#t~ret88#1 && sign_#t~ret88#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret88#1;havoc sign_#t~ret88#1;sign_~privkey~0#1 := sign_~tmp~19#1; {42731#false} is VALID [2022-02-20 18:00:15,286 INFO L290 TraceCheckUtils]: 89: Hoare triple {42731#false} assume 0 == sign_~privkey~0#1; {42731#false} is VALID [2022-02-20 18:00:15,286 INFO L290 TraceCheckUtils]: 90: Hoare triple {42731#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret80#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__AutoResponder_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {42731#false} is VALID [2022-02-20 18:00:15,286 INFO L290 TraceCheckUtils]: 91: Hoare triple {42731#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {42731#false} is VALID [2022-02-20 18:00:15,286 INFO L290 TraceCheckUtils]: 92: Hoare triple {42731#false} outgoing__wrappee__AutoResponder_#t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret80#1 && outgoing__wrappee__AutoResponder_#t~ret80#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret80#1;havoc outgoing__wrappee__AutoResponder_#t~ret80#1; {42731#false} is VALID [2022-02-20 18:00:15,286 INFO L272 TraceCheckUtils]: 93: Hoare triple {42731#false} call setEmailFrom(outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1); {42789#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:15,286 INFO L290 TraceCheckUtils]: 94: Hoare triple {42789#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {42730#true} is VALID [2022-02-20 18:00:15,286 INFO L290 TraceCheckUtils]: 95: Hoare triple {42730#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {42730#true} is VALID [2022-02-20 18:00:15,286 INFO L290 TraceCheckUtils]: 96: Hoare triple {42730#true} assume true; {42730#true} is VALID [2022-02-20 18:00:15,287 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {42730#true} {42731#false} #867#return; {42731#false} is VALID [2022-02-20 18:00:15,287 INFO L290 TraceCheckUtils]: 98: Hoare triple {42731#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret75#1, __utac_acc__SignForward_spec__1_#t~ret76#1, __utac_acc__SignForward_spec__1_#t~ret77#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~12#1, __utac_acc__SignForward_spec__1_~tmp___0~5#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~12#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~5#1;call __utac_acc__SignForward_spec__1_#t~ret75#1 := puts(31, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret75#1 && __utac_acc__SignForward_spec__1_#t~ret75#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret75#1; {42731#false} is VALID [2022-02-20 18:00:15,287 INFO L272 TraceCheckUtils]: 99: Hoare triple {42731#false} call __utac_acc__SignForward_spec__1_#t~ret76#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {42730#true} is VALID [2022-02-20 18:00:15,287 INFO L290 TraceCheckUtils]: 100: Hoare triple {42730#true} ~handle := #in~handle;havoc ~retValue_acc~25; {42730#true} is VALID [2022-02-20 18:00:15,287 INFO L290 TraceCheckUtils]: 101: Hoare triple {42730#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~25; {42730#true} is VALID [2022-02-20 18:00:15,287 INFO L290 TraceCheckUtils]: 102: Hoare triple {42730#true} assume true; {42730#true} is VALID [2022-02-20 18:00:15,287 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {42730#true} {42731#false} #869#return; {42731#false} is VALID [2022-02-20 18:00:15,287 INFO L290 TraceCheckUtils]: 104: Hoare triple {42731#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret76#1 && __utac_acc__SignForward_spec__1_#t~ret76#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~5#1 := __utac_acc__SignForward_spec__1_#t~ret76#1;havoc __utac_acc__SignForward_spec__1_#t~ret76#1; {42731#false} is VALID [2022-02-20 18:00:15,287 INFO L290 TraceCheckUtils]: 105: Hoare triple {42731#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~5#1; {42731#false} is VALID [2022-02-20 18:00:15,288 INFO L272 TraceCheckUtils]: 106: Hoare triple {42731#false} call __utac_acc__SignForward_spec__1_#t~ret77#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {42730#true} is VALID [2022-02-20 18:00:15,288 INFO L290 TraceCheckUtils]: 107: Hoare triple {42730#true} ~handle := #in~handle;havoc ~retValue_acc~9; {42730#true} is VALID [2022-02-20 18:00:15,288 INFO L290 TraceCheckUtils]: 108: Hoare triple {42730#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {42730#true} is VALID [2022-02-20 18:00:15,288 INFO L290 TraceCheckUtils]: 109: Hoare triple {42730#true} assume true; {42730#true} is VALID [2022-02-20 18:00:15,288 INFO L284 TraceCheckUtils]: 110: Hoare quadruple {42730#true} {42731#false} #871#return; {42731#false} is VALID [2022-02-20 18:00:15,288 INFO L290 TraceCheckUtils]: 111: Hoare triple {42731#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret77#1 && __utac_acc__SignForward_spec__1_#t~ret77#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~12#1 := __utac_acc__SignForward_spec__1_#t~ret77#1;havoc __utac_acc__SignForward_spec__1_#t~ret77#1; {42731#false} is VALID [2022-02-20 18:00:15,288 INFO L290 TraceCheckUtils]: 112: Hoare triple {42731#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~12#1;assume { :begin_inline___automaton_fail } true; {42731#false} is VALID [2022-02-20 18:00:15,288 INFO L290 TraceCheckUtils]: 113: Hoare triple {42731#false} assume !false; {42731#false} is VALID [2022-02-20 18:00:15,289 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 34 trivial. 0 not checked. [2022-02-20 18:00:15,289 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:00:15,289 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1407091324] [2022-02-20 18:00:15,289 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1407091324] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:00:15,289 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:00:15,289 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2022-02-20 18:00:15,289 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1223598091] [2022-02-20 18:00:15,289 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:00:15,290 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 10.285714285714286) internal successors, (72), 3 states have internal predecessors, (72), 2 states have call successors, (14), 6 states have call predecessors, (14), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 114 [2022-02-20 18:00:15,290 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:00:15,290 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 7 states, 7 states have (on average 10.285714285714286) internal successors, (72), 3 states have internal predecessors, (72), 2 states have call successors, (14), 6 states have call predecessors, (14), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:00:15,383 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 98 edges. 98 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:15,384 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2022-02-20 18:00:15,384 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:00:15,384 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2022-02-20 18:00:15,384 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2022-02-20 18:00:15,384 INFO L87 Difference]: Start difference. First operand 1464 states and 2452 transitions. Second operand has 7 states, 7 states have (on average 10.285714285714286) internal successors, (72), 3 states have internal predecessors, (72), 2 states have call successors, (14), 6 states have call predecessors, (14), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12)