./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec4_product25.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec4_product25.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 4aad45d78970842948dd8f2d4a23b330a7c7a053ef8846b1af27e637f96c3ae7 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 17:59:22,410 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 17:59:22,416 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 17:59:22,440 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 17:59:22,440 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 17:59:22,441 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 17:59:22,442 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 17:59:22,444 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 17:59:22,445 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 17:59:22,446 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 17:59:22,446 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 17:59:22,450 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 17:59:22,451 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 17:59:22,453 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 17:59:22,455 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 17:59:22,456 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 17:59:22,458 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 17:59:22,462 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 17:59:22,463 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 17:59:22,469 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 17:59:22,470 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 17:59:22,471 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 17:59:22,472 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 17:59:22,474 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 17:59:22,476 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 17:59:22,482 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 17:59:22,483 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 17:59:22,484 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 17:59:22,484 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 17:59:22,485 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 17:59:22,485 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 17:59:22,486 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 17:59:22,487 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 17:59:22,488 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 17:59:22,489 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 17:59:22,490 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 17:59:22,491 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 17:59:22,491 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 17:59:22,492 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 17:59:22,492 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 17:59:22,493 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 17:59:22,494 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 17:59:22,521 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 17:59:22,521 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 17:59:22,522 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 17:59:22,522 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 17:59:22,523 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 17:59:22,523 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 17:59:22,524 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 17:59:22,524 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 17:59:22,525 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 17:59:22,525 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 17:59:22,526 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 17:59:22,526 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 17:59:22,526 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 17:59:22,526 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 17:59:22,526 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 17:59:22,527 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 17:59:22,527 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 17:59:22,527 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 17:59:22,527 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 17:59:22,527 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 17:59:22,528 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 17:59:22,528 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 17:59:22,528 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 17:59:22,528 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 17:59:22,529 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 17:59:22,529 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 17:59:22,529 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 17:59:22,530 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 17:59:22,531 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 17:59:22,531 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 17:59:22,531 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 17:59:22,531 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 17:59:22,532 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 17:59:22,532 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 4aad45d78970842948dd8f2d4a23b330a7c7a053ef8846b1af27e637f96c3ae7 [2022-02-20 17:59:22,779 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 17:59:22,807 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 17:59:22,810 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 17:59:22,811 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 17:59:22,811 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 17:59:22,813 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec4_product25.cil.c [2022-02-20 17:59:22,866 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/a4de97d44/9c2581511f3e49f180306459a7773a76/FLAG122b2ad40 [2022-02-20 17:59:23,431 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 17:59:23,437 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec4_product25.cil.c [2022-02-20 17:59:23,464 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/a4de97d44/9c2581511f3e49f180306459a7773a76/FLAG122b2ad40 [2022-02-20 17:59:23,893 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/a4de97d44/9c2581511f3e49f180306459a7773a76 [2022-02-20 17:59:23,895 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 17:59:23,897 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 17:59:23,898 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 17:59:23,898 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 17:59:23,902 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 17:59:23,903 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:59:23" (1/1) ... [2022-02-20 17:59:23,905 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@7b636226 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:23, skipping insertion in model container [2022-02-20 17:59:23,906 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:59:23" (1/1) ... [2022-02-20 17:59:23,912 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 17:59:23,978 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 17:59:24,467 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec4_product25.cil.c[63576,63589] [2022-02-20 17:59:24,470 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 17:59:24,478 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 17:59:24,656 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec4_product25.cil.c[63576,63589] [2022-02-20 17:59:24,656 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 17:59:24,680 INFO L208 MainTranslator]: Completed translation [2022-02-20 17:59:24,681 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:24 WrapperNode [2022-02-20 17:59:24,681 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 17:59:24,682 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 17:59:24,682 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 17:59:24,682 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 17:59:24,689 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:24" (1/1) ... [2022-02-20 17:59:24,742 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:24" (1/1) ... [2022-02-20 17:59:24,815 INFO L137 Inliner]: procedures = 130, calls = 218, calls flagged for inlining = 60, calls inlined = 57, statements flattened = 1060 [2022-02-20 17:59:24,816 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 17:59:24,816 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 17:59:24,817 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 17:59:24,817 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 17:59:24,827 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:24" (1/1) ... [2022-02-20 17:59:24,832 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:24" (1/1) ... [2022-02-20 17:59:24,838 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:24" (1/1) ... [2022-02-20 17:59:24,844 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:24" (1/1) ... [2022-02-20 17:59:24,862 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:24" (1/1) ... [2022-02-20 17:59:24,871 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:24" (1/1) ... [2022-02-20 17:59:24,876 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:24" (1/1) ... [2022-02-20 17:59:24,894 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 17:59:24,895 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 17:59:24,895 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 17:59:24,895 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 17:59:24,908 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:24" (1/1) ... [2022-02-20 17:59:24,914 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 17:59:24,937 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:59:24,960 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 17:59:24,981 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 17:59:25,002 INFO L130 BoogieDeclarations]: Found specification of procedure getClientPrivateKey [2022-02-20 17:59:25,002 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientPrivateKey [2022-02-20 17:59:25,003 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookSize [2022-02-20 17:59:25,003 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookSize [2022-02-20 17:59:25,003 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookAddress [2022-02-20 17:59:25,003 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookAddress [2022-02-20 17:59:25,003 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__wrappee__Keys [2022-02-20 17:59:25,003 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__wrappee__Keys [2022-02-20 17:59:25,005 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2022-02-20 17:59:25,005 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2022-02-20 17:59:25,005 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2022-02-20 17:59:25,006 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2022-02-20 17:59:25,006 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable [2022-02-20 17:59:25,006 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable [2022-02-20 17:59:25,006 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2022-02-20 17:59:25,006 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2022-02-20 17:59:25,006 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailSignKey [2022-02-20 17:59:25,006 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailSignKey [2022-02-20 17:59:25,007 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2022-02-20 17:59:25,007 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2022-02-20 17:59:25,007 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2022-02-20 17:59:25,007 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailFrom [2022-02-20 17:59:25,007 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailFrom [2022-02-20 17:59:25,007 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2022-02-20 17:59:25,007 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2022-02-20 17:59:25,008 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 17:59:25,008 INFO L130 BoogieDeclarations]: Found specification of procedure isSigned [2022-02-20 17:59:25,008 INFO L138 BoogieDeclarations]: Found implementation of procedure isSigned [2022-02-20 17:59:25,008 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookSize [2022-02-20 17:59:25,008 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookSize [2022-02-20 17:59:25,008 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2022-02-20 17:59:25,008 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2022-02-20 17:59:25,009 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2022-02-20 17:59:25,009 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2022-02-20 17:59:25,009 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2022-02-20 17:59:25,009 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2022-02-20 17:59:25,009 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2022-02-20 17:59:25,009 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2022-02-20 17:59:25,010 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2022-02-20 17:59:25,010 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2022-02-20 17:59:25,010 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2022-02-20 17:59:25,010 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2022-02-20 17:59:25,011 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 17:59:25,011 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2022-02-20 17:59:25,011 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2022-02-20 17:59:25,011 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookAddress [2022-02-20 17:59:25,011 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookAddress [2022-02-20 17:59:25,011 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 17:59:25,011 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 17:59:25,288 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 17:59:25,289 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 17:59:26,055 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 17:59:26,072 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 17:59:26,074 INFO L299 CfgBuilder]: Removed 1 assume(true) statements. [2022-02-20 17:59:26,077 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:59:26 BoogieIcfgContainer [2022-02-20 17:59:26,078 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 17:59:26,079 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 17:59:26,080 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 17:59:26,084 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 17:59:26,085 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 05:59:23" (1/3) ... [2022-02-20 17:59:26,085 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@68018da and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:59:26, skipping insertion in model container [2022-02-20 17:59:26,086 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:24" (2/3) ... [2022-02-20 17:59:26,086 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@68018da and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:59:26, skipping insertion in model container [2022-02-20 17:59:26,086 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:59:26" (3/3) ... [2022-02-20 17:59:26,088 INFO L111 eAbstractionObserver]: Analyzing ICFG email_spec4_product25.cil.c [2022-02-20 17:59:26,095 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 17:59:26,096 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 17:59:26,154 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 17:59:26,167 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 17:59:26,168 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 17:59:26,204 INFO L276 IsEmpty]: Start isEmpty. Operand has 386 states, 306 states have (on average 1.565359477124183) internal successors, (479), 309 states have internal predecessors, (479), 56 states have call successors, (56), 22 states have call predecessors, (56), 22 states have return successors, (56), 55 states have call predecessors, (56), 56 states have call successors, (56) [2022-02-20 17:59:26,227 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 102 [2022-02-20 17:59:26,227 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:26,228 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:26,229 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:26,234 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:26,234 INFO L85 PathProgramCache]: Analyzing trace with hash 1457964568, now seen corresponding path program 1 times [2022-02-20 17:59:26,242 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:26,243 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [696797822] [2022-02-20 17:59:26,243 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:26,244 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:26,501 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:26,605 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:59:26,608 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:26,618 INFO L290 TraceCheckUtils]: 0: Hoare triple {444#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {389#true} is VALID [2022-02-20 17:59:26,618 INFO L290 TraceCheckUtils]: 1: Hoare triple {389#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {389#true} is VALID [2022-02-20 17:59:26,619 INFO L290 TraceCheckUtils]: 2: Hoare triple {389#true} assume true; {389#true} is VALID [2022-02-20 17:59:26,619 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {389#true} {389#true} #1208#return; {389#true} is VALID [2022-02-20 17:59:26,627 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:59:26,630 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:26,636 INFO L290 TraceCheckUtils]: 0: Hoare triple {445#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {389#true} is VALID [2022-02-20 17:59:26,637 INFO L290 TraceCheckUtils]: 1: Hoare triple {389#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {389#true} is VALID [2022-02-20 17:59:26,637 INFO L290 TraceCheckUtils]: 2: Hoare triple {389#true} assume true; {389#true} is VALID [2022-02-20 17:59:26,637 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {389#true} {389#true} #1210#return; {389#true} is VALID [2022-02-20 17:59:26,638 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:26,641 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:26,662 INFO L290 TraceCheckUtils]: 0: Hoare triple {444#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {446#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:26,663 INFO L290 TraceCheckUtils]: 1: Hoare triple {446#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {447#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:26,663 INFO L290 TraceCheckUtils]: 2: Hoare triple {447#(= |setClientId_#in~handle| 1)} assume true; {447#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:26,664 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {447#(= |setClientId_#in~handle| 1)} {399#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1212#return; {390#false} is VALID [2022-02-20 17:59:26,665 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:59:26,667 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:26,671 INFO L290 TraceCheckUtils]: 0: Hoare triple {445#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {389#true} is VALID [2022-02-20 17:59:26,671 INFO L290 TraceCheckUtils]: 1: Hoare triple {389#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {389#true} is VALID [2022-02-20 17:59:26,671 INFO L290 TraceCheckUtils]: 2: Hoare triple {389#true} assume true; {389#true} is VALID [2022-02-20 17:59:26,672 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {389#true} {390#false} #1214#return; {390#false} is VALID [2022-02-20 17:59:26,672 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:59:26,675 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:26,680 INFO L290 TraceCheckUtils]: 0: Hoare triple {444#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {389#true} is VALID [2022-02-20 17:59:26,681 INFO L290 TraceCheckUtils]: 1: Hoare triple {389#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {389#true} is VALID [2022-02-20 17:59:26,681 INFO L290 TraceCheckUtils]: 2: Hoare triple {389#true} assume true; {389#true} is VALID [2022-02-20 17:59:26,681 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {389#true} {390#false} #1216#return; {390#false} is VALID [2022-02-20 17:59:26,682 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:59:26,692 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:26,699 INFO L290 TraceCheckUtils]: 0: Hoare triple {445#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {389#true} is VALID [2022-02-20 17:59:26,700 INFO L290 TraceCheckUtils]: 1: Hoare triple {389#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {389#true} is VALID [2022-02-20 17:59:26,701 INFO L290 TraceCheckUtils]: 2: Hoare triple {389#true} assume true; {389#true} is VALID [2022-02-20 17:59:26,702 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {389#true} {390#false} #1218#return; {390#false} is VALID [2022-02-20 17:59:26,711 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2022-02-20 17:59:26,716 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:26,724 INFO L290 TraceCheckUtils]: 0: Hoare triple {448#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {389#true} is VALID [2022-02-20 17:59:26,725 INFO L290 TraceCheckUtils]: 1: Hoare triple {389#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {389#true} is VALID [2022-02-20 17:59:26,725 INFO L290 TraceCheckUtils]: 2: Hoare triple {389#true} assume true; {389#true} is VALID [2022-02-20 17:59:26,725 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {389#true} {390#false} #1166#return; {390#false} is VALID [2022-02-20 17:59:26,735 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 52 [2022-02-20 17:59:26,739 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:26,748 INFO L290 TraceCheckUtils]: 0: Hoare triple {449#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {389#true} is VALID [2022-02-20 17:59:26,748 INFO L290 TraceCheckUtils]: 1: Hoare triple {389#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {389#true} is VALID [2022-02-20 17:59:26,748 INFO L290 TraceCheckUtils]: 2: Hoare triple {389#true} assume true; {389#true} is VALID [2022-02-20 17:59:26,749 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {389#true} {390#false} #1168#return; {390#false} is VALID [2022-02-20 17:59:26,750 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 17:59:26,752 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:26,755 INFO L290 TraceCheckUtils]: 0: Hoare triple {389#true} ~handle := #in~handle;havoc ~retValue_acc~35; {389#true} is VALID [2022-02-20 17:59:26,756 INFO L290 TraceCheckUtils]: 1: Hoare triple {389#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {389#true} is VALID [2022-02-20 17:59:26,756 INFO L290 TraceCheckUtils]: 2: Hoare triple {389#true} assume true; {389#true} is VALID [2022-02-20 17:59:26,756 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {389#true} {390#false} #1146#return; {390#false} is VALID [2022-02-20 17:59:26,757 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 17:59:26,759 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:26,763 INFO L290 TraceCheckUtils]: 0: Hoare triple {389#true} ~handle := #in~handle;havoc ~retValue_acc~29; {389#true} is VALID [2022-02-20 17:59:26,763 INFO L290 TraceCheckUtils]: 1: Hoare triple {389#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {389#true} is VALID [2022-02-20 17:59:26,763 INFO L290 TraceCheckUtils]: 2: Hoare triple {389#true} assume true; {389#true} is VALID [2022-02-20 17:59:26,763 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {389#true} {390#false} #1148#return; {390#false} is VALID [2022-02-20 17:59:26,764 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2022-02-20 17:59:26,768 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:26,772 INFO L290 TraceCheckUtils]: 0: Hoare triple {448#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {389#true} is VALID [2022-02-20 17:59:26,772 INFO L290 TraceCheckUtils]: 1: Hoare triple {389#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {389#true} is VALID [2022-02-20 17:59:26,773 INFO L290 TraceCheckUtils]: 2: Hoare triple {389#true} assume true; {389#true} is VALID [2022-02-20 17:59:26,773 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {389#true} {390#false} #1172#return; {390#false} is VALID [2022-02-20 17:59:26,774 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 17:59:26,775 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:26,784 INFO L290 TraceCheckUtils]: 0: Hoare triple {389#true} ~handle := #in~handle;havoc ~retValue_acc~20; {389#true} is VALID [2022-02-20 17:59:26,785 INFO L290 TraceCheckUtils]: 1: Hoare triple {389#true} assume 1 == ~handle;~retValue_acc~20 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~20; {389#true} is VALID [2022-02-20 17:59:26,785 INFO L290 TraceCheckUtils]: 2: Hoare triple {389#true} assume true; {389#true} is VALID [2022-02-20 17:59:26,788 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {389#true} {390#false} #1174#return; {390#false} is VALID [2022-02-20 17:59:26,788 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 17:59:26,790 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:26,796 INFO L290 TraceCheckUtils]: 0: Hoare triple {389#true} ~handle := #in~handle;havoc ~retValue_acc~35; {389#true} is VALID [2022-02-20 17:59:26,796 INFO L290 TraceCheckUtils]: 1: Hoare triple {389#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {389#true} is VALID [2022-02-20 17:59:26,797 INFO L290 TraceCheckUtils]: 2: Hoare triple {389#true} assume true; {389#true} is VALID [2022-02-20 17:59:26,797 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {389#true} {390#false} #1176#return; {390#false} is VALID [2022-02-20 17:59:26,803 INFO L290 TraceCheckUtils]: 0: Hoare triple {389#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(16, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(34, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(20, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(13, 38);~head~0.base, ~head~0.offset := 0, 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {389#true} is VALID [2022-02-20 17:59:26,804 INFO L290 TraceCheckUtils]: 1: Hoare triple {389#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret72#1, main_~retValue_acc~23#1, main_~tmp~15#1;havoc main_~retValue_acc~23#1;havoc main_~tmp~15#1;assume { :begin_inline_select_helpers } true; {389#true} is VALID [2022-02-20 17:59:26,804 INFO L290 TraceCheckUtils]: 2: Hoare triple {389#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {389#true} is VALID [2022-02-20 17:59:26,805 INFO L290 TraceCheckUtils]: 3: Hoare triple {389#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~25#1;havoc valid_product_~retValue_acc~25#1;valid_product_~retValue_acc~25#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~25#1; {389#true} is VALID [2022-02-20 17:59:26,805 INFO L290 TraceCheckUtils]: 4: Hoare triple {389#true} main_#t~ret72#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret72#1 && main_#t~ret72#1 <= 2147483647;main_~tmp~15#1 := main_#t~ret72#1;havoc main_#t~ret72#1; {389#true} is VALID [2022-02-20 17:59:26,805 INFO L290 TraceCheckUtils]: 5: Hoare triple {389#true} assume 0 != main_~tmp~15#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet69#1, setup_#t~nondet70#1, setup_#t~nondet71#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {389#true} is VALID [2022-02-20 17:59:26,807 INFO L272 TraceCheckUtils]: 6: Hoare triple {389#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {444#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:26,807 INFO L290 TraceCheckUtils]: 7: Hoare triple {444#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {389#true} is VALID [2022-02-20 17:59:26,807 INFO L290 TraceCheckUtils]: 8: Hoare triple {389#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {389#true} is VALID [2022-02-20 17:59:26,807 INFO L290 TraceCheckUtils]: 9: Hoare triple {389#true} assume true; {389#true} is VALID [2022-02-20 17:59:26,807 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {389#true} {389#true} #1208#return; {389#true} is VALID [2022-02-20 17:59:26,808 INFO L290 TraceCheckUtils]: 11: Hoare triple {389#true} assume { :end_inline_setup_bob__wrappee__Base } true; {389#true} is VALID [2022-02-20 17:59:26,809 INFO L272 TraceCheckUtils]: 12: Hoare triple {389#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {445#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:26,809 INFO L290 TraceCheckUtils]: 13: Hoare triple {445#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {389#true} is VALID [2022-02-20 17:59:26,809 INFO L290 TraceCheckUtils]: 14: Hoare triple {389#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {389#true} is VALID [2022-02-20 17:59:26,809 INFO L290 TraceCheckUtils]: 15: Hoare triple {389#true} assume true; {389#true} is VALID [2022-02-20 17:59:26,810 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {389#true} {389#true} #1210#return; {389#true} is VALID [2022-02-20 17:59:26,811 INFO L290 TraceCheckUtils]: 17: Hoare triple {389#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet69#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {399#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:59:26,812 INFO L272 TraceCheckUtils]: 18: Hoare triple {399#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {444#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:26,812 INFO L290 TraceCheckUtils]: 19: Hoare triple {444#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {446#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:26,813 INFO L290 TraceCheckUtils]: 20: Hoare triple {446#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {447#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:26,813 INFO L290 TraceCheckUtils]: 21: Hoare triple {447#(= |setClientId_#in~handle| 1)} assume true; {447#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:26,814 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {447#(= |setClientId_#in~handle| 1)} {399#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1212#return; {390#false} is VALID [2022-02-20 17:59:26,815 INFO L290 TraceCheckUtils]: 23: Hoare triple {390#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {390#false} is VALID [2022-02-20 17:59:26,815 INFO L272 TraceCheckUtils]: 24: Hoare triple {390#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {445#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:26,816 INFO L290 TraceCheckUtils]: 25: Hoare triple {445#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {389#true} is VALID [2022-02-20 17:59:26,816 INFO L290 TraceCheckUtils]: 26: Hoare triple {389#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {389#true} is VALID [2022-02-20 17:59:26,816 INFO L290 TraceCheckUtils]: 27: Hoare triple {389#true} assume true; {389#true} is VALID [2022-02-20 17:59:26,817 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {389#true} {390#false} #1214#return; {390#false} is VALID [2022-02-20 17:59:26,818 INFO L290 TraceCheckUtils]: 29: Hoare triple {390#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 33, 0;havoc setup_#t~nondet70#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {390#false} is VALID [2022-02-20 17:59:26,819 INFO L272 TraceCheckUtils]: 30: Hoare triple {390#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {444#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:26,819 INFO L290 TraceCheckUtils]: 31: Hoare triple {444#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {389#true} is VALID [2022-02-20 17:59:26,820 INFO L290 TraceCheckUtils]: 32: Hoare triple {389#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {389#true} is VALID [2022-02-20 17:59:26,820 INFO L290 TraceCheckUtils]: 33: Hoare triple {389#true} assume true; {389#true} is VALID [2022-02-20 17:59:26,820 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {389#true} {390#false} #1216#return; {390#false} is VALID [2022-02-20 17:59:26,820 INFO L290 TraceCheckUtils]: 35: Hoare triple {390#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {390#false} is VALID [2022-02-20 17:59:26,820 INFO L272 TraceCheckUtils]: 36: Hoare triple {390#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {445#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:26,821 INFO L290 TraceCheckUtils]: 37: Hoare triple {445#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {389#true} is VALID [2022-02-20 17:59:26,821 INFO L290 TraceCheckUtils]: 38: Hoare triple {389#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {389#true} is VALID [2022-02-20 17:59:26,821 INFO L290 TraceCheckUtils]: 39: Hoare triple {389#true} assume true; {389#true} is VALID [2022-02-20 17:59:26,821 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {389#true} {390#false} #1218#return; {390#false} is VALID [2022-02-20 17:59:26,821 INFO L290 TraceCheckUtils]: 41: Hoare triple {390#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 34, 0;havoc setup_#t~nondet71#1; {390#false} is VALID [2022-02-20 17:59:26,822 INFO L290 TraceCheckUtils]: 42: Hoare triple {390#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {390#false} is VALID [2022-02-20 17:59:26,822 INFO L290 TraceCheckUtils]: 43: Hoare triple {390#false} assume false; {390#false} is VALID [2022-02-20 17:59:26,822 INFO L290 TraceCheckUtils]: 44: Hoare triple {390#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret64#1, bobToRjh_#t~ret65#1, bobToRjh_#t~ret66#1, bobToRjh_#t~ret67#1, bobToRjh_~tmp~14#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~14#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret64#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret64#1 && bobToRjh_#t~ret64#1 <= 2147483647;havoc bobToRjh_#t~ret64#1; {390#false} is VALID [2022-02-20 17:59:26,823 INFO L272 TraceCheckUtils]: 45: Hoare triple {390#false} call sendEmail(~bob~0, ~rjh~0); {390#false} is VALID [2022-02-20 17:59:26,823 INFO L290 TraceCheckUtils]: 46: Hoare triple {390#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~11#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~6#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~6#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {390#false} is VALID [2022-02-20 17:59:26,823 INFO L272 TraceCheckUtils]: 47: Hoare triple {390#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {448#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:26,825 INFO L290 TraceCheckUtils]: 48: Hoare triple {448#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {389#true} is VALID [2022-02-20 17:59:26,826 INFO L290 TraceCheckUtils]: 49: Hoare triple {389#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {389#true} is VALID [2022-02-20 17:59:26,826 INFO L290 TraceCheckUtils]: 50: Hoare triple {389#true} assume true; {389#true} is VALID [2022-02-20 17:59:26,826 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {389#true} {390#false} #1166#return; {390#false} is VALID [2022-02-20 17:59:26,827 INFO L272 TraceCheckUtils]: 52: Hoare triple {390#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {449#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:26,827 INFO L290 TraceCheckUtils]: 53: Hoare triple {449#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {389#true} is VALID [2022-02-20 17:59:26,827 INFO L290 TraceCheckUtils]: 54: Hoare triple {389#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {389#true} is VALID [2022-02-20 17:59:26,827 INFO L290 TraceCheckUtils]: 55: Hoare triple {389#true} assume true; {389#true} is VALID [2022-02-20 17:59:26,827 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {389#true} {390#false} #1168#return; {390#false} is VALID [2022-02-20 17:59:26,828 INFO L290 TraceCheckUtils]: 57: Hoare triple {390#false} createEmail_~retValue_acc~6#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~6#1; {390#false} is VALID [2022-02-20 17:59:26,828 INFO L290 TraceCheckUtils]: 58: Hoare triple {390#false} #t~ret54#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret54#1 && #t~ret54#1 <= 2147483647;~tmp~11#1 := #t~ret54#1;havoc #t~ret54#1;~email~0#1 := ~tmp~11#1; {390#false} is VALID [2022-02-20 17:59:26,830 INFO L272 TraceCheckUtils]: 59: Hoare triple {390#false} call outgoing(~sender#1, ~email~0#1); {390#false} is VALID [2022-02-20 17:59:26,830 INFO L290 TraceCheckUtils]: 60: Hoare triple {390#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret56#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~12#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~12#1; {390#false} is VALID [2022-02-20 17:59:26,830 INFO L272 TraceCheckUtils]: 61: Hoare triple {390#false} call sign_#t~ret56#1 := getClientPrivateKey(sign_~client#1); {389#true} is VALID [2022-02-20 17:59:26,830 INFO L290 TraceCheckUtils]: 62: Hoare triple {389#true} ~handle := #in~handle;havoc ~retValue_acc~35; {389#true} is VALID [2022-02-20 17:59:26,831 INFO L290 TraceCheckUtils]: 63: Hoare triple {389#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {389#true} is VALID [2022-02-20 17:59:26,831 INFO L290 TraceCheckUtils]: 64: Hoare triple {389#true} assume true; {389#true} is VALID [2022-02-20 17:59:26,831 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {389#true} {390#false} #1146#return; {390#false} is VALID [2022-02-20 17:59:26,831 INFO L290 TraceCheckUtils]: 66: Hoare triple {390#false} assume -2147483648 <= sign_#t~ret56#1 && sign_#t~ret56#1 <= 2147483647;sign_~tmp~12#1 := sign_#t~ret56#1;havoc sign_#t~ret56#1;sign_~privkey~0#1 := sign_~tmp~12#1; {390#false} is VALID [2022-02-20 17:59:26,832 INFO L290 TraceCheckUtils]: 67: Hoare triple {390#false} assume 0 == sign_~privkey~0#1; {390#false} is VALID [2022-02-20 17:59:26,832 INFO L290 TraceCheckUtils]: 68: Hoare triple {390#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret45#1, outgoing__wrappee__AddressBook_#t~ret46#1, outgoing__wrappee__AddressBook_#t~ret47#1, outgoing__wrappee__AddressBook_#t~ret48#1, outgoing__wrappee__AddressBook_#t~ret49#1, outgoing__wrappee__AddressBook_#t~ret50#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~8#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~2#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~1#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~8#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~2#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~1#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {390#false} is VALID [2022-02-20 17:59:26,832 INFO L272 TraceCheckUtils]: 69: Hoare triple {390#false} call outgoing__wrappee__AddressBook_#t~ret45#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {389#true} is VALID [2022-02-20 17:59:26,832 INFO L290 TraceCheckUtils]: 70: Hoare triple {389#true} ~handle := #in~handle;havoc ~retValue_acc~29; {389#true} is VALID [2022-02-20 17:59:26,832 INFO L290 TraceCheckUtils]: 71: Hoare triple {389#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {389#true} is VALID [2022-02-20 17:59:26,833 INFO L290 TraceCheckUtils]: 72: Hoare triple {389#true} assume true; {389#true} is VALID [2022-02-20 17:59:26,833 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {389#true} {390#false} #1148#return; {390#false} is VALID [2022-02-20 17:59:26,833 INFO L290 TraceCheckUtils]: 74: Hoare triple {390#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret45#1 && outgoing__wrappee__AddressBook_#t~ret45#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~8#1 := outgoing__wrappee__AddressBook_#t~ret45#1;havoc outgoing__wrappee__AddressBook_#t~ret45#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~8#1; {390#false} is VALID [2022-02-20 17:59:26,833 INFO L290 TraceCheckUtils]: 75: Hoare triple {390#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {390#false} is VALID [2022-02-20 17:59:26,834 INFO L272 TraceCheckUtils]: 76: Hoare triple {390#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {390#false} is VALID [2022-02-20 17:59:26,834 INFO L290 TraceCheckUtils]: 77: Hoare triple {390#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {390#false} is VALID [2022-02-20 17:59:26,834 INFO L290 TraceCheckUtils]: 78: Hoare triple {390#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {390#false} is VALID [2022-02-20 17:59:26,834 INFO L290 TraceCheckUtils]: 79: Hoare triple {390#false} #t~ret44#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret44#1 && #t~ret44#1 <= 2147483647;~tmp~7#1 := #t~ret44#1;havoc #t~ret44#1; {390#false} is VALID [2022-02-20 17:59:26,835 INFO L272 TraceCheckUtils]: 80: Hoare triple {390#false} call setEmailFrom(~msg#1, ~tmp~7#1); {448#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:26,835 INFO L290 TraceCheckUtils]: 81: Hoare triple {448#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {389#true} is VALID [2022-02-20 17:59:26,835 INFO L290 TraceCheckUtils]: 82: Hoare triple {389#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {389#true} is VALID [2022-02-20 17:59:26,835 INFO L290 TraceCheckUtils]: 83: Hoare triple {389#true} assume true; {389#true} is VALID [2022-02-20 17:59:26,835 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {389#true} {390#false} #1172#return; {390#false} is VALID [2022-02-20 17:59:26,836 INFO L290 TraceCheckUtils]: 85: Hoare triple {390#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret42#1, mail_#t~ret43#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret84#1, __utac_acc__SignForward_spec__1_#t~ret85#1, __utac_acc__SignForward_spec__1_#t~ret86#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~17#1, __utac_acc__SignForward_spec__1_~tmp___0~6#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~17#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~6#1;call __utac_acc__SignForward_spec__1_#t~ret84#1 := puts(38, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret84#1 && __utac_acc__SignForward_spec__1_#t~ret84#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret84#1; {390#false} is VALID [2022-02-20 17:59:26,836 INFO L272 TraceCheckUtils]: 86: Hoare triple {390#false} call __utac_acc__SignForward_spec__1_#t~ret85#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {389#true} is VALID [2022-02-20 17:59:26,836 INFO L290 TraceCheckUtils]: 87: Hoare triple {389#true} ~handle := #in~handle;havoc ~retValue_acc~20; {389#true} is VALID [2022-02-20 17:59:26,836 INFO L290 TraceCheckUtils]: 88: Hoare triple {389#true} assume 1 == ~handle;~retValue_acc~20 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~20; {389#true} is VALID [2022-02-20 17:59:26,837 INFO L290 TraceCheckUtils]: 89: Hoare triple {389#true} assume true; {389#true} is VALID [2022-02-20 17:59:26,837 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {389#true} {390#false} #1174#return; {390#false} is VALID [2022-02-20 17:59:26,837 INFO L290 TraceCheckUtils]: 91: Hoare triple {390#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret85#1 && __utac_acc__SignForward_spec__1_#t~ret85#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~6#1 := __utac_acc__SignForward_spec__1_#t~ret85#1;havoc __utac_acc__SignForward_spec__1_#t~ret85#1; {390#false} is VALID [2022-02-20 17:59:26,837 INFO L290 TraceCheckUtils]: 92: Hoare triple {390#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~6#1; {390#false} is VALID [2022-02-20 17:59:26,837 INFO L272 TraceCheckUtils]: 93: Hoare triple {390#false} call __utac_acc__SignForward_spec__1_#t~ret86#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {389#true} is VALID [2022-02-20 17:59:26,838 INFO L290 TraceCheckUtils]: 94: Hoare triple {389#true} ~handle := #in~handle;havoc ~retValue_acc~35; {389#true} is VALID [2022-02-20 17:59:26,838 INFO L290 TraceCheckUtils]: 95: Hoare triple {389#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {389#true} is VALID [2022-02-20 17:59:26,838 INFO L290 TraceCheckUtils]: 96: Hoare triple {389#true} assume true; {389#true} is VALID [2022-02-20 17:59:26,838 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {389#true} {390#false} #1176#return; {390#false} is VALID [2022-02-20 17:59:26,838 INFO L290 TraceCheckUtils]: 98: Hoare triple {390#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret86#1 && __utac_acc__SignForward_spec__1_#t~ret86#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~17#1 := __utac_acc__SignForward_spec__1_#t~ret86#1;havoc __utac_acc__SignForward_spec__1_#t~ret86#1; {390#false} is VALID [2022-02-20 17:59:26,839 INFO L290 TraceCheckUtils]: 99: Hoare triple {390#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~17#1;assume { :begin_inline___automaton_fail } true; {390#false} is VALID [2022-02-20 17:59:26,839 INFO L290 TraceCheckUtils]: 100: Hoare triple {390#false} assume !false; {390#false} is VALID [2022-02-20 17:59:26,840 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 26 trivial. 0 not checked. [2022-02-20 17:59:26,840 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:26,841 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [696797822] [2022-02-20 17:59:26,841 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [696797822] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:59:26,842 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1533320905] [2022-02-20 17:59:26,842 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:26,842 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:26,842 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:59:26,844 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:59:26,873 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 17:59:27,186 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:27,192 INFO L263 TraceCheckSpWp]: Trace formula consists of 1038 conjuncts, 1 conjunts are in the unsatisfiable core [2022-02-20 17:59:27,255 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:27,265 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:59:27,542 INFO L290 TraceCheckUtils]: 0: Hoare triple {389#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(16, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(34, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(20, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(13, 38);~head~0.base, ~head~0.offset := 0, 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {389#true} is VALID [2022-02-20 17:59:27,543 INFO L290 TraceCheckUtils]: 1: Hoare triple {389#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret72#1, main_~retValue_acc~23#1, main_~tmp~15#1;havoc main_~retValue_acc~23#1;havoc main_~tmp~15#1;assume { :begin_inline_select_helpers } true; {389#true} is VALID [2022-02-20 17:59:27,543 INFO L290 TraceCheckUtils]: 2: Hoare triple {389#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {389#true} is VALID [2022-02-20 17:59:27,543 INFO L290 TraceCheckUtils]: 3: Hoare triple {389#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~25#1;havoc valid_product_~retValue_acc~25#1;valid_product_~retValue_acc~25#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~25#1; {389#true} is VALID [2022-02-20 17:59:27,544 INFO L290 TraceCheckUtils]: 4: Hoare triple {389#true} main_#t~ret72#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret72#1 && main_#t~ret72#1 <= 2147483647;main_~tmp~15#1 := main_#t~ret72#1;havoc main_#t~ret72#1; {389#true} is VALID [2022-02-20 17:59:27,545 INFO L290 TraceCheckUtils]: 5: Hoare triple {389#true} assume 0 != main_~tmp~15#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet69#1, setup_#t~nondet70#1, setup_#t~nondet71#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {389#true} is VALID [2022-02-20 17:59:27,545 INFO L272 TraceCheckUtils]: 6: Hoare triple {389#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {389#true} is VALID [2022-02-20 17:59:27,545 INFO L290 TraceCheckUtils]: 7: Hoare triple {389#true} ~handle := #in~handle;~value := #in~value; {389#true} is VALID [2022-02-20 17:59:27,545 INFO L290 TraceCheckUtils]: 8: Hoare triple {389#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {389#true} is VALID [2022-02-20 17:59:27,546 INFO L290 TraceCheckUtils]: 9: Hoare triple {389#true} assume true; {389#true} is VALID [2022-02-20 17:59:27,546 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {389#true} {389#true} #1208#return; {389#true} is VALID [2022-02-20 17:59:27,546 INFO L290 TraceCheckUtils]: 11: Hoare triple {389#true} assume { :end_inline_setup_bob__wrappee__Base } true; {389#true} is VALID [2022-02-20 17:59:27,546 INFO L272 TraceCheckUtils]: 12: Hoare triple {389#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {389#true} is VALID [2022-02-20 17:59:27,547 INFO L290 TraceCheckUtils]: 13: Hoare triple {389#true} ~handle := #in~handle;~value := #in~value; {389#true} is VALID [2022-02-20 17:59:27,547 INFO L290 TraceCheckUtils]: 14: Hoare triple {389#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {389#true} is VALID [2022-02-20 17:59:27,547 INFO L290 TraceCheckUtils]: 15: Hoare triple {389#true} assume true; {389#true} is VALID [2022-02-20 17:59:27,547 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {389#true} {389#true} #1210#return; {389#true} is VALID [2022-02-20 17:59:27,549 INFO L290 TraceCheckUtils]: 17: Hoare triple {389#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet69#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {389#true} is VALID [2022-02-20 17:59:27,550 INFO L272 TraceCheckUtils]: 18: Hoare triple {389#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {389#true} is VALID [2022-02-20 17:59:27,550 INFO L290 TraceCheckUtils]: 19: Hoare triple {389#true} ~handle := #in~handle;~value := #in~value; {389#true} is VALID [2022-02-20 17:59:27,550 INFO L290 TraceCheckUtils]: 20: Hoare triple {389#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {389#true} is VALID [2022-02-20 17:59:27,550 INFO L290 TraceCheckUtils]: 21: Hoare triple {389#true} assume true; {389#true} is VALID [2022-02-20 17:59:27,551 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {389#true} {389#true} #1212#return; {389#true} is VALID [2022-02-20 17:59:27,551 INFO L290 TraceCheckUtils]: 23: Hoare triple {389#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {389#true} is VALID [2022-02-20 17:59:27,552 INFO L272 TraceCheckUtils]: 24: Hoare triple {389#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {389#true} is VALID [2022-02-20 17:59:27,553 INFO L290 TraceCheckUtils]: 25: Hoare triple {389#true} ~handle := #in~handle;~value := #in~value; {389#true} is VALID [2022-02-20 17:59:27,554 INFO L290 TraceCheckUtils]: 26: Hoare triple {389#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {389#true} is VALID [2022-02-20 17:59:27,554 INFO L290 TraceCheckUtils]: 27: Hoare triple {389#true} assume true; {389#true} is VALID [2022-02-20 17:59:27,556 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {389#true} {389#true} #1214#return; {389#true} is VALID [2022-02-20 17:59:27,557 INFO L290 TraceCheckUtils]: 29: Hoare triple {389#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 33, 0;havoc setup_#t~nondet70#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {389#true} is VALID [2022-02-20 17:59:27,557 INFO L272 TraceCheckUtils]: 30: Hoare triple {389#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {389#true} is VALID [2022-02-20 17:59:27,557 INFO L290 TraceCheckUtils]: 31: Hoare triple {389#true} ~handle := #in~handle;~value := #in~value; {389#true} is VALID [2022-02-20 17:59:27,557 INFO L290 TraceCheckUtils]: 32: Hoare triple {389#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {389#true} is VALID [2022-02-20 17:59:27,558 INFO L290 TraceCheckUtils]: 33: Hoare triple {389#true} assume true; {389#true} is VALID [2022-02-20 17:59:27,558 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {389#true} {389#true} #1216#return; {389#true} is VALID [2022-02-20 17:59:27,558 INFO L290 TraceCheckUtils]: 35: Hoare triple {389#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {389#true} is VALID [2022-02-20 17:59:27,558 INFO L272 TraceCheckUtils]: 36: Hoare triple {389#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {389#true} is VALID [2022-02-20 17:59:27,558 INFO L290 TraceCheckUtils]: 37: Hoare triple {389#true} ~handle := #in~handle;~value := #in~value; {389#true} is VALID [2022-02-20 17:59:27,559 INFO L290 TraceCheckUtils]: 38: Hoare triple {389#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {389#true} is VALID [2022-02-20 17:59:27,559 INFO L290 TraceCheckUtils]: 39: Hoare triple {389#true} assume true; {389#true} is VALID [2022-02-20 17:59:27,559 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {389#true} {389#true} #1218#return; {389#true} is VALID [2022-02-20 17:59:27,559 INFO L290 TraceCheckUtils]: 41: Hoare triple {389#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 34, 0;havoc setup_#t~nondet71#1; {389#true} is VALID [2022-02-20 17:59:27,560 INFO L290 TraceCheckUtils]: 42: Hoare triple {389#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {389#true} is VALID [2022-02-20 17:59:27,560 INFO L290 TraceCheckUtils]: 43: Hoare triple {389#true} assume false; {390#false} is VALID [2022-02-20 17:59:27,564 INFO L290 TraceCheckUtils]: 44: Hoare triple {390#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret64#1, bobToRjh_#t~ret65#1, bobToRjh_#t~ret66#1, bobToRjh_#t~ret67#1, bobToRjh_~tmp~14#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~14#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret64#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret64#1 && bobToRjh_#t~ret64#1 <= 2147483647;havoc bobToRjh_#t~ret64#1; {390#false} is VALID [2022-02-20 17:59:27,564 INFO L272 TraceCheckUtils]: 45: Hoare triple {390#false} call sendEmail(~bob~0, ~rjh~0); {390#false} is VALID [2022-02-20 17:59:27,565 INFO L290 TraceCheckUtils]: 46: Hoare triple {390#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~11#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~6#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~6#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {390#false} is VALID [2022-02-20 17:59:27,565 INFO L272 TraceCheckUtils]: 47: Hoare triple {390#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {390#false} is VALID [2022-02-20 17:59:27,565 INFO L290 TraceCheckUtils]: 48: Hoare triple {390#false} ~handle := #in~handle;~value := #in~value; {390#false} is VALID [2022-02-20 17:59:27,566 INFO L290 TraceCheckUtils]: 49: Hoare triple {390#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {390#false} is VALID [2022-02-20 17:59:27,566 INFO L290 TraceCheckUtils]: 50: Hoare triple {390#false} assume true; {390#false} is VALID [2022-02-20 17:59:27,566 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {390#false} {390#false} #1166#return; {390#false} is VALID [2022-02-20 17:59:27,566 INFO L272 TraceCheckUtils]: 52: Hoare triple {390#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {390#false} is VALID [2022-02-20 17:59:27,567 INFO L290 TraceCheckUtils]: 53: Hoare triple {390#false} ~handle := #in~handle;~value := #in~value; {390#false} is VALID [2022-02-20 17:59:27,567 INFO L290 TraceCheckUtils]: 54: Hoare triple {390#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {390#false} is VALID [2022-02-20 17:59:27,567 INFO L290 TraceCheckUtils]: 55: Hoare triple {390#false} assume true; {390#false} is VALID [2022-02-20 17:59:27,567 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {390#false} {390#false} #1168#return; {390#false} is VALID [2022-02-20 17:59:27,567 INFO L290 TraceCheckUtils]: 57: Hoare triple {390#false} createEmail_~retValue_acc~6#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~6#1; {390#false} is VALID [2022-02-20 17:59:27,568 INFO L290 TraceCheckUtils]: 58: Hoare triple {390#false} #t~ret54#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret54#1 && #t~ret54#1 <= 2147483647;~tmp~11#1 := #t~ret54#1;havoc #t~ret54#1;~email~0#1 := ~tmp~11#1; {390#false} is VALID [2022-02-20 17:59:27,568 INFO L272 TraceCheckUtils]: 59: Hoare triple {390#false} call outgoing(~sender#1, ~email~0#1); {390#false} is VALID [2022-02-20 17:59:27,568 INFO L290 TraceCheckUtils]: 60: Hoare triple {390#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret56#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~12#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~12#1; {390#false} is VALID [2022-02-20 17:59:27,568 INFO L272 TraceCheckUtils]: 61: Hoare triple {390#false} call sign_#t~ret56#1 := getClientPrivateKey(sign_~client#1); {390#false} is VALID [2022-02-20 17:59:27,569 INFO L290 TraceCheckUtils]: 62: Hoare triple {390#false} ~handle := #in~handle;havoc ~retValue_acc~35; {390#false} is VALID [2022-02-20 17:59:27,569 INFO L290 TraceCheckUtils]: 63: Hoare triple {390#false} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {390#false} is VALID [2022-02-20 17:59:27,569 INFO L290 TraceCheckUtils]: 64: Hoare triple {390#false} assume true; {390#false} is VALID [2022-02-20 17:59:27,569 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {390#false} {390#false} #1146#return; {390#false} is VALID [2022-02-20 17:59:27,570 INFO L290 TraceCheckUtils]: 66: Hoare triple {390#false} assume -2147483648 <= sign_#t~ret56#1 && sign_#t~ret56#1 <= 2147483647;sign_~tmp~12#1 := sign_#t~ret56#1;havoc sign_#t~ret56#1;sign_~privkey~0#1 := sign_~tmp~12#1; {390#false} is VALID [2022-02-20 17:59:27,570 INFO L290 TraceCheckUtils]: 67: Hoare triple {390#false} assume 0 == sign_~privkey~0#1; {390#false} is VALID [2022-02-20 17:59:27,570 INFO L290 TraceCheckUtils]: 68: Hoare triple {390#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret45#1, outgoing__wrappee__AddressBook_#t~ret46#1, outgoing__wrappee__AddressBook_#t~ret47#1, outgoing__wrappee__AddressBook_#t~ret48#1, outgoing__wrappee__AddressBook_#t~ret49#1, outgoing__wrappee__AddressBook_#t~ret50#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~8#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~2#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~1#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~8#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~2#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~1#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {390#false} is VALID [2022-02-20 17:59:27,570 INFO L272 TraceCheckUtils]: 69: Hoare triple {390#false} call outgoing__wrappee__AddressBook_#t~ret45#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {390#false} is VALID [2022-02-20 17:59:27,570 INFO L290 TraceCheckUtils]: 70: Hoare triple {390#false} ~handle := #in~handle;havoc ~retValue_acc~29; {390#false} is VALID [2022-02-20 17:59:27,571 INFO L290 TraceCheckUtils]: 71: Hoare triple {390#false} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {390#false} is VALID [2022-02-20 17:59:27,571 INFO L290 TraceCheckUtils]: 72: Hoare triple {390#false} assume true; {390#false} is VALID [2022-02-20 17:59:27,571 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {390#false} {390#false} #1148#return; {390#false} is VALID [2022-02-20 17:59:27,572 INFO L290 TraceCheckUtils]: 74: Hoare triple {390#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret45#1 && outgoing__wrappee__AddressBook_#t~ret45#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~8#1 := outgoing__wrappee__AddressBook_#t~ret45#1;havoc outgoing__wrappee__AddressBook_#t~ret45#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~8#1; {390#false} is VALID [2022-02-20 17:59:27,572 INFO L290 TraceCheckUtils]: 75: Hoare triple {390#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {390#false} is VALID [2022-02-20 17:59:27,572 INFO L272 TraceCheckUtils]: 76: Hoare triple {390#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {390#false} is VALID [2022-02-20 17:59:27,573 INFO L290 TraceCheckUtils]: 77: Hoare triple {390#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {390#false} is VALID [2022-02-20 17:59:27,573 INFO L290 TraceCheckUtils]: 78: Hoare triple {390#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {390#false} is VALID [2022-02-20 17:59:27,573 INFO L290 TraceCheckUtils]: 79: Hoare triple {390#false} #t~ret44#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret44#1 && #t~ret44#1 <= 2147483647;~tmp~7#1 := #t~ret44#1;havoc #t~ret44#1; {390#false} is VALID [2022-02-20 17:59:27,573 INFO L272 TraceCheckUtils]: 80: Hoare triple {390#false} call setEmailFrom(~msg#1, ~tmp~7#1); {390#false} is VALID [2022-02-20 17:59:27,573 INFO L290 TraceCheckUtils]: 81: Hoare triple {390#false} ~handle := #in~handle;~value := #in~value; {390#false} is VALID [2022-02-20 17:59:27,574 INFO L290 TraceCheckUtils]: 82: Hoare triple {390#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {390#false} is VALID [2022-02-20 17:59:27,574 INFO L290 TraceCheckUtils]: 83: Hoare triple {390#false} assume true; {390#false} is VALID [2022-02-20 17:59:27,574 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {390#false} {390#false} #1172#return; {390#false} is VALID [2022-02-20 17:59:27,574 INFO L290 TraceCheckUtils]: 85: Hoare triple {390#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret42#1, mail_#t~ret43#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret84#1, __utac_acc__SignForward_spec__1_#t~ret85#1, __utac_acc__SignForward_spec__1_#t~ret86#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~17#1, __utac_acc__SignForward_spec__1_~tmp___0~6#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~17#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~6#1;call __utac_acc__SignForward_spec__1_#t~ret84#1 := puts(38, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret84#1 && __utac_acc__SignForward_spec__1_#t~ret84#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret84#1; {390#false} is VALID [2022-02-20 17:59:27,579 INFO L272 TraceCheckUtils]: 86: Hoare triple {390#false} call __utac_acc__SignForward_spec__1_#t~ret85#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {390#false} is VALID [2022-02-20 17:59:27,580 INFO L290 TraceCheckUtils]: 87: Hoare triple {390#false} ~handle := #in~handle;havoc ~retValue_acc~20; {390#false} is VALID [2022-02-20 17:59:27,581 INFO L290 TraceCheckUtils]: 88: Hoare triple {390#false} assume 1 == ~handle;~retValue_acc~20 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~20; {390#false} is VALID [2022-02-20 17:59:27,581 INFO L290 TraceCheckUtils]: 89: Hoare triple {390#false} assume true; {390#false} is VALID [2022-02-20 17:59:27,584 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {390#false} {390#false} #1174#return; {390#false} is VALID [2022-02-20 17:59:27,585 INFO L290 TraceCheckUtils]: 91: Hoare triple {390#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret85#1 && __utac_acc__SignForward_spec__1_#t~ret85#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~6#1 := __utac_acc__SignForward_spec__1_#t~ret85#1;havoc __utac_acc__SignForward_spec__1_#t~ret85#1; {390#false} is VALID [2022-02-20 17:59:27,585 INFO L290 TraceCheckUtils]: 92: Hoare triple {390#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~6#1; {390#false} is VALID [2022-02-20 17:59:27,586 INFO L272 TraceCheckUtils]: 93: Hoare triple {390#false} call __utac_acc__SignForward_spec__1_#t~ret86#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {390#false} is VALID [2022-02-20 17:59:27,586 INFO L290 TraceCheckUtils]: 94: Hoare triple {390#false} ~handle := #in~handle;havoc ~retValue_acc~35; {390#false} is VALID [2022-02-20 17:59:27,586 INFO L290 TraceCheckUtils]: 95: Hoare triple {390#false} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {390#false} is VALID [2022-02-20 17:59:27,588 INFO L290 TraceCheckUtils]: 96: Hoare triple {390#false} assume true; {390#false} is VALID [2022-02-20 17:59:27,588 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {390#false} {390#false} #1176#return; {390#false} is VALID [2022-02-20 17:59:27,592 INFO L290 TraceCheckUtils]: 98: Hoare triple {390#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret86#1 && __utac_acc__SignForward_spec__1_#t~ret86#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~17#1 := __utac_acc__SignForward_spec__1_#t~ret86#1;havoc __utac_acc__SignForward_spec__1_#t~ret86#1; {390#false} is VALID [2022-02-20 17:59:27,592 INFO L290 TraceCheckUtils]: 99: Hoare triple {390#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~17#1;assume { :begin_inline___automaton_fail } true; {390#false} is VALID [2022-02-20 17:59:27,592 INFO L290 TraceCheckUtils]: 100: Hoare triple {390#false} assume !false; {390#false} is VALID [2022-02-20 17:59:27,595 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 32 trivial. 0 not checked. [2022-02-20 17:59:27,595 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:59:27,596 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1533320905] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:27,596 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:59:27,596 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [9] total 9 [2022-02-20 17:59:27,599 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [900366855] [2022-02-20 17:59:27,600 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:27,609 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 27.0) internal successors, (54), 2 states have internal predecessors, (54), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) Word has length 101 [2022-02-20 17:59:27,611 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:27,615 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 27.0) internal successors, (54), 2 states have internal predecessors, (54), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:59:27,697 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 83 edges. 83 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:27,697 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 17:59:27,698 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:27,722 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 17:59:27,723 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:59:27,729 INFO L87 Difference]: Start difference. First operand has 386 states, 306 states have (on average 1.565359477124183) internal successors, (479), 309 states have internal predecessors, (479), 56 states have call successors, (56), 22 states have call predecessors, (56), 22 states have return successors, (56), 55 states have call predecessors, (56), 56 states have call successors, (56) Second operand has 2 states, 2 states have (on average 27.0) internal successors, (54), 2 states have internal predecessors, (54), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:59:28,113 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:28,114 INFO L93 Difference]: Finished difference Result 579 states and 872 transitions. [2022-02-20 17:59:28,114 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 17:59:28,114 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 27.0) internal successors, (54), 2 states have internal predecessors, (54), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) Word has length 101 [2022-02-20 17:59:28,115 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:28,116 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 27.0) internal successors, (54), 2 states have internal predecessors, (54), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:59:28,138 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 872 transitions. [2022-02-20 17:59:28,138 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 27.0) internal successors, (54), 2 states have internal predecessors, (54), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:59:28,154 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 872 transitions. [2022-02-20 17:59:28,155 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 872 transitions. [2022-02-20 17:59:28,870 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 872 edges. 872 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:28,902 INFO L225 Difference]: With dead ends: 579 [2022-02-20 17:59:28,902 INFO L226 Difference]: Without dead ends: 379 [2022-02-20 17:59:28,907 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 130 GetRequests, 123 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:59:28,910 INFO L933 BasicCegarLoop]: 587 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 587 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:28,911 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 587 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:59:28,927 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 379 states. [2022-02-20 17:59:28,957 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 379 to 379. [2022-02-20 17:59:28,957 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:28,960 INFO L82 GeneralOperation]: Start isEquivalent. First operand 379 states. Second operand has 379 states, 300 states have (on average 1.56) internal successors, (468), 302 states have internal predecessors, (468), 56 states have call successors, (56), 22 states have call predecessors, (56), 22 states have return successors, (55), 54 states have call predecessors, (55), 55 states have call successors, (55) [2022-02-20 17:59:28,963 INFO L74 IsIncluded]: Start isIncluded. First operand 379 states. Second operand has 379 states, 300 states have (on average 1.56) internal successors, (468), 302 states have internal predecessors, (468), 56 states have call successors, (56), 22 states have call predecessors, (56), 22 states have return successors, (55), 54 states have call predecessors, (55), 55 states have call successors, (55) [2022-02-20 17:59:28,965 INFO L87 Difference]: Start difference. First operand 379 states. Second operand has 379 states, 300 states have (on average 1.56) internal successors, (468), 302 states have internal predecessors, (468), 56 states have call successors, (56), 22 states have call predecessors, (56), 22 states have return successors, (55), 54 states have call predecessors, (55), 55 states have call successors, (55) [2022-02-20 17:59:28,989 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:28,989 INFO L93 Difference]: Finished difference Result 379 states and 579 transitions. [2022-02-20 17:59:28,989 INFO L276 IsEmpty]: Start isEmpty. Operand 379 states and 579 transitions. [2022-02-20 17:59:28,994 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:28,994 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:28,996 INFO L74 IsIncluded]: Start isIncluded. First operand has 379 states, 300 states have (on average 1.56) internal successors, (468), 302 states have internal predecessors, (468), 56 states have call successors, (56), 22 states have call predecessors, (56), 22 states have return successors, (55), 54 states have call predecessors, (55), 55 states have call successors, (55) Second operand 379 states. [2022-02-20 17:59:28,997 INFO L87 Difference]: Start difference. First operand has 379 states, 300 states have (on average 1.56) internal successors, (468), 302 states have internal predecessors, (468), 56 states have call successors, (56), 22 states have call predecessors, (56), 22 states have return successors, (55), 54 states have call predecessors, (55), 55 states have call successors, (55) Second operand 379 states. [2022-02-20 17:59:29,018 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:29,018 INFO L93 Difference]: Finished difference Result 379 states and 579 transitions. [2022-02-20 17:59:29,018 INFO L276 IsEmpty]: Start isEmpty. Operand 379 states and 579 transitions. [2022-02-20 17:59:29,020 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:29,021 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:29,021 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:29,021 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:29,023 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 379 states, 300 states have (on average 1.56) internal successors, (468), 302 states have internal predecessors, (468), 56 states have call successors, (56), 22 states have call predecessors, (56), 22 states have return successors, (55), 54 states have call predecessors, (55), 55 states have call successors, (55) [2022-02-20 17:59:29,042 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 379 states to 379 states and 579 transitions. [2022-02-20 17:59:29,043 INFO L78 Accepts]: Start accepts. Automaton has 379 states and 579 transitions. Word has length 101 [2022-02-20 17:59:29,044 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:29,044 INFO L470 AbstractCegarLoop]: Abstraction has 379 states and 579 transitions. [2022-02-20 17:59:29,044 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 27.0) internal successors, (54), 2 states have internal predecessors, (54), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:59:29,045 INFO L276 IsEmpty]: Start isEmpty. Operand 379 states and 579 transitions. [2022-02-20 17:59:29,048 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 103 [2022-02-20 17:59:29,048 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:29,048 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:29,079 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Ended with exit code 0 [2022-02-20 17:59:29,272 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable0 [2022-02-20 17:59:29,273 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:29,273 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:29,274 INFO L85 PathProgramCache]: Analyzing trace with hash 1896002271, now seen corresponding path program 1 times [2022-02-20 17:59:29,274 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:29,274 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1020581700] [2022-02-20 17:59:29,274 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:29,274 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:29,307 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:29,359 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:59:29,361 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:29,365 INFO L290 TraceCheckUtils]: 0: Hoare triple {2883#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2828#true} is VALID [2022-02-20 17:59:29,367 INFO L290 TraceCheckUtils]: 1: Hoare triple {2828#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2828#true} is VALID [2022-02-20 17:59:29,387 INFO L290 TraceCheckUtils]: 2: Hoare triple {2828#true} assume true; {2828#true} is VALID [2022-02-20 17:59:29,387 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2828#true} {2828#true} #1208#return; {2828#true} is VALID [2022-02-20 17:59:29,394 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:59:29,396 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:29,398 INFO L290 TraceCheckUtils]: 0: Hoare triple {2884#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2828#true} is VALID [2022-02-20 17:59:29,398 INFO L290 TraceCheckUtils]: 1: Hoare triple {2828#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2828#true} is VALID [2022-02-20 17:59:29,399 INFO L290 TraceCheckUtils]: 2: Hoare triple {2828#true} assume true; {2828#true} is VALID [2022-02-20 17:59:29,399 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2828#true} {2828#true} #1210#return; {2828#true} is VALID [2022-02-20 17:59:29,399 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:29,401 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:29,418 INFO L290 TraceCheckUtils]: 0: Hoare triple {2883#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2885#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:29,419 INFO L290 TraceCheckUtils]: 1: Hoare triple {2885#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2886#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:29,419 INFO L290 TraceCheckUtils]: 2: Hoare triple {2886#(= |setClientId_#in~handle| 1)} assume true; {2886#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:29,420 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2886#(= |setClientId_#in~handle| 1)} {2838#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1212#return; {2829#false} is VALID [2022-02-20 17:59:29,420 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:59:29,422 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:29,424 INFO L290 TraceCheckUtils]: 0: Hoare triple {2884#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2828#true} is VALID [2022-02-20 17:59:29,425 INFO L290 TraceCheckUtils]: 1: Hoare triple {2828#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2828#true} is VALID [2022-02-20 17:59:29,425 INFO L290 TraceCheckUtils]: 2: Hoare triple {2828#true} assume true; {2828#true} is VALID [2022-02-20 17:59:29,425 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2828#true} {2829#false} #1214#return; {2829#false} is VALID [2022-02-20 17:59:29,425 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:59:29,427 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:29,430 INFO L290 TraceCheckUtils]: 0: Hoare triple {2883#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2828#true} is VALID [2022-02-20 17:59:29,430 INFO L290 TraceCheckUtils]: 1: Hoare triple {2828#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2828#true} is VALID [2022-02-20 17:59:29,430 INFO L290 TraceCheckUtils]: 2: Hoare triple {2828#true} assume true; {2828#true} is VALID [2022-02-20 17:59:29,430 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2828#true} {2829#false} #1216#return; {2829#false} is VALID [2022-02-20 17:59:29,431 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:59:29,432 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:29,436 INFO L290 TraceCheckUtils]: 0: Hoare triple {2884#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2828#true} is VALID [2022-02-20 17:59:29,436 INFO L290 TraceCheckUtils]: 1: Hoare triple {2828#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2828#true} is VALID [2022-02-20 17:59:29,437 INFO L290 TraceCheckUtils]: 2: Hoare triple {2828#true} assume true; {2828#true} is VALID [2022-02-20 17:59:29,437 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2828#true} {2829#false} #1218#return; {2829#false} is VALID [2022-02-20 17:59:29,445 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-02-20 17:59:29,447 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:29,449 INFO L290 TraceCheckUtils]: 0: Hoare triple {2887#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2828#true} is VALID [2022-02-20 17:59:29,449 INFO L290 TraceCheckUtils]: 1: Hoare triple {2828#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2828#true} is VALID [2022-02-20 17:59:29,450 INFO L290 TraceCheckUtils]: 2: Hoare triple {2828#true} assume true; {2828#true} is VALID [2022-02-20 17:59:29,450 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2828#true} {2829#false} #1166#return; {2829#false} is VALID [2022-02-20 17:59:29,458 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 53 [2022-02-20 17:59:29,460 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:29,465 INFO L290 TraceCheckUtils]: 0: Hoare triple {2888#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2828#true} is VALID [2022-02-20 17:59:29,466 INFO L290 TraceCheckUtils]: 1: Hoare triple {2828#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2828#true} is VALID [2022-02-20 17:59:29,466 INFO L290 TraceCheckUtils]: 2: Hoare triple {2828#true} assume true; {2828#true} is VALID [2022-02-20 17:59:29,466 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2828#true} {2829#false} #1168#return; {2829#false} is VALID [2022-02-20 17:59:29,466 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 17:59:29,467 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:29,470 INFO L290 TraceCheckUtils]: 0: Hoare triple {2828#true} ~handle := #in~handle;havoc ~retValue_acc~35; {2828#true} is VALID [2022-02-20 17:59:29,470 INFO L290 TraceCheckUtils]: 1: Hoare triple {2828#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {2828#true} is VALID [2022-02-20 17:59:29,471 INFO L290 TraceCheckUtils]: 2: Hoare triple {2828#true} assume true; {2828#true} is VALID [2022-02-20 17:59:29,471 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2828#true} {2829#false} #1146#return; {2829#false} is VALID [2022-02-20 17:59:29,471 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-02-20 17:59:29,473 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:29,486 INFO L290 TraceCheckUtils]: 0: Hoare triple {2828#true} ~handle := #in~handle;havoc ~retValue_acc~29; {2828#true} is VALID [2022-02-20 17:59:29,486 INFO L290 TraceCheckUtils]: 1: Hoare triple {2828#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {2828#true} is VALID [2022-02-20 17:59:29,486 INFO L290 TraceCheckUtils]: 2: Hoare triple {2828#true} assume true; {2828#true} is VALID [2022-02-20 17:59:29,487 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2828#true} {2829#false} #1148#return; {2829#false} is VALID [2022-02-20 17:59:29,487 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81 [2022-02-20 17:59:29,488 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:29,491 INFO L290 TraceCheckUtils]: 0: Hoare triple {2887#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2828#true} is VALID [2022-02-20 17:59:29,491 INFO L290 TraceCheckUtils]: 1: Hoare triple {2828#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2828#true} is VALID [2022-02-20 17:59:29,492 INFO L290 TraceCheckUtils]: 2: Hoare triple {2828#true} assume true; {2828#true} is VALID [2022-02-20 17:59:29,492 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2828#true} {2829#false} #1172#return; {2829#false} is VALID [2022-02-20 17:59:29,492 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 17:59:29,493 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:29,496 INFO L290 TraceCheckUtils]: 0: Hoare triple {2828#true} ~handle := #in~handle;havoc ~retValue_acc~20; {2828#true} is VALID [2022-02-20 17:59:29,496 INFO L290 TraceCheckUtils]: 1: Hoare triple {2828#true} assume 1 == ~handle;~retValue_acc~20 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~20; {2828#true} is VALID [2022-02-20 17:59:29,496 INFO L290 TraceCheckUtils]: 2: Hoare triple {2828#true} assume true; {2828#true} is VALID [2022-02-20 17:59:29,496 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2828#true} {2829#false} #1174#return; {2829#false} is VALID [2022-02-20 17:59:29,497 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 17:59:29,498 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:29,502 INFO L290 TraceCheckUtils]: 0: Hoare triple {2828#true} ~handle := #in~handle;havoc ~retValue_acc~35; {2828#true} is VALID [2022-02-20 17:59:29,502 INFO L290 TraceCheckUtils]: 1: Hoare triple {2828#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {2828#true} is VALID [2022-02-20 17:59:29,503 INFO L290 TraceCheckUtils]: 2: Hoare triple {2828#true} assume true; {2828#true} is VALID [2022-02-20 17:59:29,503 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2828#true} {2829#false} #1176#return; {2829#false} is VALID [2022-02-20 17:59:29,503 INFO L290 TraceCheckUtils]: 0: Hoare triple {2828#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(16, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(34, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(20, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(13, 38);~head~0.base, ~head~0.offset := 0, 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {2828#true} is VALID [2022-02-20 17:59:29,503 INFO L290 TraceCheckUtils]: 1: Hoare triple {2828#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret72#1, main_~retValue_acc~23#1, main_~tmp~15#1;havoc main_~retValue_acc~23#1;havoc main_~tmp~15#1;assume { :begin_inline_select_helpers } true; {2828#true} is VALID [2022-02-20 17:59:29,503 INFO L290 TraceCheckUtils]: 2: Hoare triple {2828#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2828#true} is VALID [2022-02-20 17:59:29,504 INFO L290 TraceCheckUtils]: 3: Hoare triple {2828#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~25#1;havoc valid_product_~retValue_acc~25#1;valid_product_~retValue_acc~25#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~25#1; {2828#true} is VALID [2022-02-20 17:59:29,504 INFO L290 TraceCheckUtils]: 4: Hoare triple {2828#true} main_#t~ret72#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret72#1 && main_#t~ret72#1 <= 2147483647;main_~tmp~15#1 := main_#t~ret72#1;havoc main_#t~ret72#1; {2828#true} is VALID [2022-02-20 17:59:29,504 INFO L290 TraceCheckUtils]: 5: Hoare triple {2828#true} assume 0 != main_~tmp~15#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet69#1, setup_#t~nondet70#1, setup_#t~nondet71#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2828#true} is VALID [2022-02-20 17:59:29,505 INFO L272 TraceCheckUtils]: 6: Hoare triple {2828#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2883#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:29,505 INFO L290 TraceCheckUtils]: 7: Hoare triple {2883#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2828#true} is VALID [2022-02-20 17:59:29,505 INFO L290 TraceCheckUtils]: 8: Hoare triple {2828#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2828#true} is VALID [2022-02-20 17:59:29,505 INFO L290 TraceCheckUtils]: 9: Hoare triple {2828#true} assume true; {2828#true} is VALID [2022-02-20 17:59:29,506 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2828#true} {2828#true} #1208#return; {2828#true} is VALID [2022-02-20 17:59:29,506 INFO L290 TraceCheckUtils]: 11: Hoare triple {2828#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2828#true} is VALID [2022-02-20 17:59:29,506 INFO L272 TraceCheckUtils]: 12: Hoare triple {2828#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2884#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:29,507 INFO L290 TraceCheckUtils]: 13: Hoare triple {2884#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2828#true} is VALID [2022-02-20 17:59:29,507 INFO L290 TraceCheckUtils]: 14: Hoare triple {2828#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2828#true} is VALID [2022-02-20 17:59:29,507 INFO L290 TraceCheckUtils]: 15: Hoare triple {2828#true} assume true; {2828#true} is VALID [2022-02-20 17:59:29,507 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2828#true} {2828#true} #1210#return; {2828#true} is VALID [2022-02-20 17:59:29,508 INFO L290 TraceCheckUtils]: 17: Hoare triple {2828#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet69#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2838#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:59:29,508 INFO L272 TraceCheckUtils]: 18: Hoare triple {2838#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2883#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:29,509 INFO L290 TraceCheckUtils]: 19: Hoare triple {2883#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2885#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:29,514 INFO L290 TraceCheckUtils]: 20: Hoare triple {2885#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2886#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:29,515 INFO L290 TraceCheckUtils]: 21: Hoare triple {2886#(= |setClientId_#in~handle| 1)} assume true; {2886#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:29,515 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {2886#(= |setClientId_#in~handle| 1)} {2838#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1212#return; {2829#false} is VALID [2022-02-20 17:59:29,516 INFO L290 TraceCheckUtils]: 23: Hoare triple {2829#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {2829#false} is VALID [2022-02-20 17:59:29,516 INFO L272 TraceCheckUtils]: 24: Hoare triple {2829#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2884#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:29,516 INFO L290 TraceCheckUtils]: 25: Hoare triple {2884#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2828#true} is VALID [2022-02-20 17:59:29,516 INFO L290 TraceCheckUtils]: 26: Hoare triple {2828#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2828#true} is VALID [2022-02-20 17:59:29,516 INFO L290 TraceCheckUtils]: 27: Hoare triple {2828#true} assume true; {2828#true} is VALID [2022-02-20 17:59:29,516 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2828#true} {2829#false} #1214#return; {2829#false} is VALID [2022-02-20 17:59:29,517 INFO L290 TraceCheckUtils]: 29: Hoare triple {2829#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 33, 0;havoc setup_#t~nondet70#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2829#false} is VALID [2022-02-20 17:59:29,517 INFO L272 TraceCheckUtils]: 30: Hoare triple {2829#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2883#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:29,517 INFO L290 TraceCheckUtils]: 31: Hoare triple {2883#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2828#true} is VALID [2022-02-20 17:59:29,517 INFO L290 TraceCheckUtils]: 32: Hoare triple {2828#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2828#true} is VALID [2022-02-20 17:59:29,517 INFO L290 TraceCheckUtils]: 33: Hoare triple {2828#true} assume true; {2828#true} is VALID [2022-02-20 17:59:29,518 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {2828#true} {2829#false} #1216#return; {2829#false} is VALID [2022-02-20 17:59:29,518 INFO L290 TraceCheckUtils]: 35: Hoare triple {2829#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {2829#false} is VALID [2022-02-20 17:59:29,518 INFO L272 TraceCheckUtils]: 36: Hoare triple {2829#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2884#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:29,518 INFO L290 TraceCheckUtils]: 37: Hoare triple {2884#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2828#true} is VALID [2022-02-20 17:59:29,518 INFO L290 TraceCheckUtils]: 38: Hoare triple {2828#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2828#true} is VALID [2022-02-20 17:59:29,518 INFO L290 TraceCheckUtils]: 39: Hoare triple {2828#true} assume true; {2828#true} is VALID [2022-02-20 17:59:29,519 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2828#true} {2829#false} #1218#return; {2829#false} is VALID [2022-02-20 17:59:29,519 INFO L290 TraceCheckUtils]: 41: Hoare triple {2829#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 34, 0;havoc setup_#t~nondet71#1; {2829#false} is VALID [2022-02-20 17:59:29,519 INFO L290 TraceCheckUtils]: 42: Hoare triple {2829#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {2829#false} is VALID [2022-02-20 17:59:29,519 INFO L290 TraceCheckUtils]: 43: Hoare triple {2829#false} assume !false; {2829#false} is VALID [2022-02-20 17:59:29,519 INFO L290 TraceCheckUtils]: 44: Hoare triple {2829#false} assume !(test_~splverifierCounter~0#1 < 4); {2829#false} is VALID [2022-02-20 17:59:29,520 INFO L290 TraceCheckUtils]: 45: Hoare triple {2829#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret64#1, bobToRjh_#t~ret65#1, bobToRjh_#t~ret66#1, bobToRjh_#t~ret67#1, bobToRjh_~tmp~14#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~14#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret64#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret64#1 && bobToRjh_#t~ret64#1 <= 2147483647;havoc bobToRjh_#t~ret64#1; {2829#false} is VALID [2022-02-20 17:59:29,520 INFO L272 TraceCheckUtils]: 46: Hoare triple {2829#false} call sendEmail(~bob~0, ~rjh~0); {2829#false} is VALID [2022-02-20 17:59:29,520 INFO L290 TraceCheckUtils]: 47: Hoare triple {2829#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~11#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~6#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~6#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2829#false} is VALID [2022-02-20 17:59:29,520 INFO L272 TraceCheckUtils]: 48: Hoare triple {2829#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2887#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:29,520 INFO L290 TraceCheckUtils]: 49: Hoare triple {2887#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2828#true} is VALID [2022-02-20 17:59:29,521 INFO L290 TraceCheckUtils]: 50: Hoare triple {2828#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2828#true} is VALID [2022-02-20 17:59:29,521 INFO L290 TraceCheckUtils]: 51: Hoare triple {2828#true} assume true; {2828#true} is VALID [2022-02-20 17:59:29,521 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {2828#true} {2829#false} #1166#return; {2829#false} is VALID [2022-02-20 17:59:29,521 INFO L272 TraceCheckUtils]: 53: Hoare triple {2829#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {2888#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:29,521 INFO L290 TraceCheckUtils]: 54: Hoare triple {2888#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2828#true} is VALID [2022-02-20 17:59:29,521 INFO L290 TraceCheckUtils]: 55: Hoare triple {2828#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2828#true} is VALID [2022-02-20 17:59:29,522 INFO L290 TraceCheckUtils]: 56: Hoare triple {2828#true} assume true; {2828#true} is VALID [2022-02-20 17:59:29,522 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {2828#true} {2829#false} #1168#return; {2829#false} is VALID [2022-02-20 17:59:29,522 INFO L290 TraceCheckUtils]: 58: Hoare triple {2829#false} createEmail_~retValue_acc~6#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~6#1; {2829#false} is VALID [2022-02-20 17:59:29,522 INFO L290 TraceCheckUtils]: 59: Hoare triple {2829#false} #t~ret54#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret54#1 && #t~ret54#1 <= 2147483647;~tmp~11#1 := #t~ret54#1;havoc #t~ret54#1;~email~0#1 := ~tmp~11#1; {2829#false} is VALID [2022-02-20 17:59:29,523 INFO L272 TraceCheckUtils]: 60: Hoare triple {2829#false} call outgoing(~sender#1, ~email~0#1); {2829#false} is VALID [2022-02-20 17:59:29,523 INFO L290 TraceCheckUtils]: 61: Hoare triple {2829#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret56#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~12#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~12#1; {2829#false} is VALID [2022-02-20 17:59:29,524 INFO L272 TraceCheckUtils]: 62: Hoare triple {2829#false} call sign_#t~ret56#1 := getClientPrivateKey(sign_~client#1); {2828#true} is VALID [2022-02-20 17:59:29,524 INFO L290 TraceCheckUtils]: 63: Hoare triple {2828#true} ~handle := #in~handle;havoc ~retValue_acc~35; {2828#true} is VALID [2022-02-20 17:59:29,526 INFO L290 TraceCheckUtils]: 64: Hoare triple {2828#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {2828#true} is VALID [2022-02-20 17:59:29,527 INFO L290 TraceCheckUtils]: 65: Hoare triple {2828#true} assume true; {2828#true} is VALID [2022-02-20 17:59:29,527 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {2828#true} {2829#false} #1146#return; {2829#false} is VALID [2022-02-20 17:59:29,528 INFO L290 TraceCheckUtils]: 67: Hoare triple {2829#false} assume -2147483648 <= sign_#t~ret56#1 && sign_#t~ret56#1 <= 2147483647;sign_~tmp~12#1 := sign_#t~ret56#1;havoc sign_#t~ret56#1;sign_~privkey~0#1 := sign_~tmp~12#1; {2829#false} is VALID [2022-02-20 17:59:29,528 INFO L290 TraceCheckUtils]: 68: Hoare triple {2829#false} assume 0 == sign_~privkey~0#1; {2829#false} is VALID [2022-02-20 17:59:29,528 INFO L290 TraceCheckUtils]: 69: Hoare triple {2829#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret45#1, outgoing__wrappee__AddressBook_#t~ret46#1, outgoing__wrappee__AddressBook_#t~ret47#1, outgoing__wrappee__AddressBook_#t~ret48#1, outgoing__wrappee__AddressBook_#t~ret49#1, outgoing__wrappee__AddressBook_#t~ret50#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~8#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~2#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~1#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~8#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~2#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~1#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {2829#false} is VALID [2022-02-20 17:59:29,528 INFO L272 TraceCheckUtils]: 70: Hoare triple {2829#false} call outgoing__wrappee__AddressBook_#t~ret45#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {2828#true} is VALID [2022-02-20 17:59:29,528 INFO L290 TraceCheckUtils]: 71: Hoare triple {2828#true} ~handle := #in~handle;havoc ~retValue_acc~29; {2828#true} is VALID [2022-02-20 17:59:29,528 INFO L290 TraceCheckUtils]: 72: Hoare triple {2828#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {2828#true} is VALID [2022-02-20 17:59:29,529 INFO L290 TraceCheckUtils]: 73: Hoare triple {2828#true} assume true; {2828#true} is VALID [2022-02-20 17:59:29,529 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {2828#true} {2829#false} #1148#return; {2829#false} is VALID [2022-02-20 17:59:29,529 INFO L290 TraceCheckUtils]: 75: Hoare triple {2829#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret45#1 && outgoing__wrappee__AddressBook_#t~ret45#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~8#1 := outgoing__wrappee__AddressBook_#t~ret45#1;havoc outgoing__wrappee__AddressBook_#t~ret45#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~8#1; {2829#false} is VALID [2022-02-20 17:59:29,529 INFO L290 TraceCheckUtils]: 76: Hoare triple {2829#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {2829#false} is VALID [2022-02-20 17:59:29,529 INFO L272 TraceCheckUtils]: 77: Hoare triple {2829#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {2829#false} is VALID [2022-02-20 17:59:29,529 INFO L290 TraceCheckUtils]: 78: Hoare triple {2829#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {2829#false} is VALID [2022-02-20 17:59:29,530 INFO L290 TraceCheckUtils]: 79: Hoare triple {2829#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {2829#false} is VALID [2022-02-20 17:59:29,530 INFO L290 TraceCheckUtils]: 80: Hoare triple {2829#false} #t~ret44#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret44#1 && #t~ret44#1 <= 2147483647;~tmp~7#1 := #t~ret44#1;havoc #t~ret44#1; {2829#false} is VALID [2022-02-20 17:59:29,530 INFO L272 TraceCheckUtils]: 81: Hoare triple {2829#false} call setEmailFrom(~msg#1, ~tmp~7#1); {2887#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:29,531 INFO L290 TraceCheckUtils]: 82: Hoare triple {2887#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2828#true} is VALID [2022-02-20 17:59:29,531 INFO L290 TraceCheckUtils]: 83: Hoare triple {2828#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2828#true} is VALID [2022-02-20 17:59:29,531 INFO L290 TraceCheckUtils]: 84: Hoare triple {2828#true} assume true; {2828#true} is VALID [2022-02-20 17:59:29,531 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {2828#true} {2829#false} #1172#return; {2829#false} is VALID [2022-02-20 17:59:29,531 INFO L290 TraceCheckUtils]: 86: Hoare triple {2829#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret42#1, mail_#t~ret43#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret84#1, __utac_acc__SignForward_spec__1_#t~ret85#1, __utac_acc__SignForward_spec__1_#t~ret86#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~17#1, __utac_acc__SignForward_spec__1_~tmp___0~6#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~17#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~6#1;call __utac_acc__SignForward_spec__1_#t~ret84#1 := puts(38, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret84#1 && __utac_acc__SignForward_spec__1_#t~ret84#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret84#1; {2829#false} is VALID [2022-02-20 17:59:29,531 INFO L272 TraceCheckUtils]: 87: Hoare triple {2829#false} call __utac_acc__SignForward_spec__1_#t~ret85#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {2828#true} is VALID [2022-02-20 17:59:29,532 INFO L290 TraceCheckUtils]: 88: Hoare triple {2828#true} ~handle := #in~handle;havoc ~retValue_acc~20; {2828#true} is VALID [2022-02-20 17:59:29,532 INFO L290 TraceCheckUtils]: 89: Hoare triple {2828#true} assume 1 == ~handle;~retValue_acc~20 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~20; {2828#true} is VALID [2022-02-20 17:59:29,532 INFO L290 TraceCheckUtils]: 90: Hoare triple {2828#true} assume true; {2828#true} is VALID [2022-02-20 17:59:29,532 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {2828#true} {2829#false} #1174#return; {2829#false} is VALID [2022-02-20 17:59:29,532 INFO L290 TraceCheckUtils]: 92: Hoare triple {2829#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret85#1 && __utac_acc__SignForward_spec__1_#t~ret85#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~6#1 := __utac_acc__SignForward_spec__1_#t~ret85#1;havoc __utac_acc__SignForward_spec__1_#t~ret85#1; {2829#false} is VALID [2022-02-20 17:59:29,532 INFO L290 TraceCheckUtils]: 93: Hoare triple {2829#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~6#1; {2829#false} is VALID [2022-02-20 17:59:29,533 INFO L272 TraceCheckUtils]: 94: Hoare triple {2829#false} call __utac_acc__SignForward_spec__1_#t~ret86#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {2828#true} is VALID [2022-02-20 17:59:29,533 INFO L290 TraceCheckUtils]: 95: Hoare triple {2828#true} ~handle := #in~handle;havoc ~retValue_acc~35; {2828#true} is VALID [2022-02-20 17:59:29,533 INFO L290 TraceCheckUtils]: 96: Hoare triple {2828#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {2828#true} is VALID [2022-02-20 17:59:29,533 INFO L290 TraceCheckUtils]: 97: Hoare triple {2828#true} assume true; {2828#true} is VALID [2022-02-20 17:59:29,533 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {2828#true} {2829#false} #1176#return; {2829#false} is VALID [2022-02-20 17:59:29,533 INFO L290 TraceCheckUtils]: 99: Hoare triple {2829#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret86#1 && __utac_acc__SignForward_spec__1_#t~ret86#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~17#1 := __utac_acc__SignForward_spec__1_#t~ret86#1;havoc __utac_acc__SignForward_spec__1_#t~ret86#1; {2829#false} is VALID [2022-02-20 17:59:29,534 INFO L290 TraceCheckUtils]: 100: Hoare triple {2829#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~17#1;assume { :begin_inline___automaton_fail } true; {2829#false} is VALID [2022-02-20 17:59:29,534 INFO L290 TraceCheckUtils]: 101: Hoare triple {2829#false} assume !false; {2829#false} is VALID [2022-02-20 17:59:29,534 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 26 trivial. 0 not checked. [2022-02-20 17:59:29,535 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:29,535 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1020581700] [2022-02-20 17:59:29,535 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1020581700] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:59:29,535 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1084000413] [2022-02-20 17:59:29,536 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:29,536 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:29,536 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:59:29,537 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:59:29,551 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 17:59:29,783 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:29,788 INFO L263 TraceCheckSpWp]: Trace formula consists of 1039 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 17:59:29,858 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:29,861 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:59:30,110 INFO L290 TraceCheckUtils]: 0: Hoare triple {2828#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(16, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(34, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(20, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(13, 38);~head~0.base, ~head~0.offset := 0, 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {2828#true} is VALID [2022-02-20 17:59:30,110 INFO L290 TraceCheckUtils]: 1: Hoare triple {2828#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret72#1, main_~retValue_acc~23#1, main_~tmp~15#1;havoc main_~retValue_acc~23#1;havoc main_~tmp~15#1;assume { :begin_inline_select_helpers } true; {2828#true} is VALID [2022-02-20 17:59:30,111 INFO L290 TraceCheckUtils]: 2: Hoare triple {2828#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2828#true} is VALID [2022-02-20 17:59:30,111 INFO L290 TraceCheckUtils]: 3: Hoare triple {2828#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~25#1;havoc valid_product_~retValue_acc~25#1;valid_product_~retValue_acc~25#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~25#1; {2828#true} is VALID [2022-02-20 17:59:30,111 INFO L290 TraceCheckUtils]: 4: Hoare triple {2828#true} main_#t~ret72#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret72#1 && main_#t~ret72#1 <= 2147483647;main_~tmp~15#1 := main_#t~ret72#1;havoc main_#t~ret72#1; {2828#true} is VALID [2022-02-20 17:59:30,111 INFO L290 TraceCheckUtils]: 5: Hoare triple {2828#true} assume 0 != main_~tmp~15#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet69#1, setup_#t~nondet70#1, setup_#t~nondet71#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2828#true} is VALID [2022-02-20 17:59:30,111 INFO L272 TraceCheckUtils]: 6: Hoare triple {2828#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2828#true} is VALID [2022-02-20 17:59:30,111 INFO L290 TraceCheckUtils]: 7: Hoare triple {2828#true} ~handle := #in~handle;~value := #in~value; {2828#true} is VALID [2022-02-20 17:59:30,112 INFO L290 TraceCheckUtils]: 8: Hoare triple {2828#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2828#true} is VALID [2022-02-20 17:59:30,112 INFO L290 TraceCheckUtils]: 9: Hoare triple {2828#true} assume true; {2828#true} is VALID [2022-02-20 17:59:30,112 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2828#true} {2828#true} #1208#return; {2828#true} is VALID [2022-02-20 17:59:30,112 INFO L290 TraceCheckUtils]: 11: Hoare triple {2828#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2828#true} is VALID [2022-02-20 17:59:30,112 INFO L272 TraceCheckUtils]: 12: Hoare triple {2828#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2828#true} is VALID [2022-02-20 17:59:30,112 INFO L290 TraceCheckUtils]: 13: Hoare triple {2828#true} ~handle := #in~handle;~value := #in~value; {2828#true} is VALID [2022-02-20 17:59:30,112 INFO L290 TraceCheckUtils]: 14: Hoare triple {2828#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2828#true} is VALID [2022-02-20 17:59:30,113 INFO L290 TraceCheckUtils]: 15: Hoare triple {2828#true} assume true; {2828#true} is VALID [2022-02-20 17:59:30,113 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2828#true} {2828#true} #1210#return; {2828#true} is VALID [2022-02-20 17:59:30,113 INFO L290 TraceCheckUtils]: 17: Hoare triple {2828#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet69#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2828#true} is VALID [2022-02-20 17:59:30,113 INFO L272 TraceCheckUtils]: 18: Hoare triple {2828#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2828#true} is VALID [2022-02-20 17:59:30,113 INFO L290 TraceCheckUtils]: 19: Hoare triple {2828#true} ~handle := #in~handle;~value := #in~value; {2828#true} is VALID [2022-02-20 17:59:30,113 INFO L290 TraceCheckUtils]: 20: Hoare triple {2828#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2828#true} is VALID [2022-02-20 17:59:30,113 INFO L290 TraceCheckUtils]: 21: Hoare triple {2828#true} assume true; {2828#true} is VALID [2022-02-20 17:59:30,114 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {2828#true} {2828#true} #1212#return; {2828#true} is VALID [2022-02-20 17:59:30,114 INFO L290 TraceCheckUtils]: 23: Hoare triple {2828#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {2828#true} is VALID [2022-02-20 17:59:30,114 INFO L272 TraceCheckUtils]: 24: Hoare triple {2828#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2828#true} is VALID [2022-02-20 17:59:30,114 INFO L290 TraceCheckUtils]: 25: Hoare triple {2828#true} ~handle := #in~handle;~value := #in~value; {2828#true} is VALID [2022-02-20 17:59:30,114 INFO L290 TraceCheckUtils]: 26: Hoare triple {2828#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2828#true} is VALID [2022-02-20 17:59:30,114 INFO L290 TraceCheckUtils]: 27: Hoare triple {2828#true} assume true; {2828#true} is VALID [2022-02-20 17:59:30,114 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2828#true} {2828#true} #1214#return; {2828#true} is VALID [2022-02-20 17:59:30,115 INFO L290 TraceCheckUtils]: 29: Hoare triple {2828#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 33, 0;havoc setup_#t~nondet70#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2828#true} is VALID [2022-02-20 17:59:30,115 INFO L272 TraceCheckUtils]: 30: Hoare triple {2828#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2828#true} is VALID [2022-02-20 17:59:30,115 INFO L290 TraceCheckUtils]: 31: Hoare triple {2828#true} ~handle := #in~handle;~value := #in~value; {2828#true} is VALID [2022-02-20 17:59:30,115 INFO L290 TraceCheckUtils]: 32: Hoare triple {2828#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2828#true} is VALID [2022-02-20 17:59:30,115 INFO L290 TraceCheckUtils]: 33: Hoare triple {2828#true} assume true; {2828#true} is VALID [2022-02-20 17:59:30,115 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {2828#true} {2828#true} #1216#return; {2828#true} is VALID [2022-02-20 17:59:30,116 INFO L290 TraceCheckUtils]: 35: Hoare triple {2828#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {2828#true} is VALID [2022-02-20 17:59:30,116 INFO L272 TraceCheckUtils]: 36: Hoare triple {2828#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2828#true} is VALID [2022-02-20 17:59:30,116 INFO L290 TraceCheckUtils]: 37: Hoare triple {2828#true} ~handle := #in~handle;~value := #in~value; {2828#true} is VALID [2022-02-20 17:59:30,116 INFO L290 TraceCheckUtils]: 38: Hoare triple {2828#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2828#true} is VALID [2022-02-20 17:59:30,116 INFO L290 TraceCheckUtils]: 39: Hoare triple {2828#true} assume true; {2828#true} is VALID [2022-02-20 17:59:30,116 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2828#true} {2828#true} #1218#return; {2828#true} is VALID [2022-02-20 17:59:30,116 INFO L290 TraceCheckUtils]: 41: Hoare triple {2828#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 34, 0;havoc setup_#t~nondet71#1; {2828#true} is VALID [2022-02-20 17:59:30,117 INFO L290 TraceCheckUtils]: 42: Hoare triple {2828#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {3018#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:59:30,117 INFO L290 TraceCheckUtils]: 43: Hoare triple {3018#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {3018#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:59:30,118 INFO L290 TraceCheckUtils]: 44: Hoare triple {3018#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {2829#false} is VALID [2022-02-20 17:59:30,118 INFO L290 TraceCheckUtils]: 45: Hoare triple {2829#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret64#1, bobToRjh_#t~ret65#1, bobToRjh_#t~ret66#1, bobToRjh_#t~ret67#1, bobToRjh_~tmp~14#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~14#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret64#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret64#1 && bobToRjh_#t~ret64#1 <= 2147483647;havoc bobToRjh_#t~ret64#1; {2829#false} is VALID [2022-02-20 17:59:30,118 INFO L272 TraceCheckUtils]: 46: Hoare triple {2829#false} call sendEmail(~bob~0, ~rjh~0); {2829#false} is VALID [2022-02-20 17:59:30,118 INFO L290 TraceCheckUtils]: 47: Hoare triple {2829#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~11#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~6#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~6#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2829#false} is VALID [2022-02-20 17:59:30,118 INFO L272 TraceCheckUtils]: 48: Hoare triple {2829#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2829#false} is VALID [2022-02-20 17:59:30,119 INFO L290 TraceCheckUtils]: 49: Hoare triple {2829#false} ~handle := #in~handle;~value := #in~value; {2829#false} is VALID [2022-02-20 17:59:30,119 INFO L290 TraceCheckUtils]: 50: Hoare triple {2829#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2829#false} is VALID [2022-02-20 17:59:30,119 INFO L290 TraceCheckUtils]: 51: Hoare triple {2829#false} assume true; {2829#false} is VALID [2022-02-20 17:59:30,119 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {2829#false} {2829#false} #1166#return; {2829#false} is VALID [2022-02-20 17:59:30,119 INFO L272 TraceCheckUtils]: 53: Hoare triple {2829#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {2829#false} is VALID [2022-02-20 17:59:30,119 INFO L290 TraceCheckUtils]: 54: Hoare triple {2829#false} ~handle := #in~handle;~value := #in~value; {2829#false} is VALID [2022-02-20 17:59:30,120 INFO L290 TraceCheckUtils]: 55: Hoare triple {2829#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2829#false} is VALID [2022-02-20 17:59:30,120 INFO L290 TraceCheckUtils]: 56: Hoare triple {2829#false} assume true; {2829#false} is VALID [2022-02-20 17:59:30,120 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {2829#false} {2829#false} #1168#return; {2829#false} is VALID [2022-02-20 17:59:30,120 INFO L290 TraceCheckUtils]: 58: Hoare triple {2829#false} createEmail_~retValue_acc~6#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~6#1; {2829#false} is VALID [2022-02-20 17:59:30,120 INFO L290 TraceCheckUtils]: 59: Hoare triple {2829#false} #t~ret54#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret54#1 && #t~ret54#1 <= 2147483647;~tmp~11#1 := #t~ret54#1;havoc #t~ret54#1;~email~0#1 := ~tmp~11#1; {2829#false} is VALID [2022-02-20 17:59:30,120 INFO L272 TraceCheckUtils]: 60: Hoare triple {2829#false} call outgoing(~sender#1, ~email~0#1); {2829#false} is VALID [2022-02-20 17:59:30,120 INFO L290 TraceCheckUtils]: 61: Hoare triple {2829#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret56#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~12#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~12#1; {2829#false} is VALID [2022-02-20 17:59:30,121 INFO L272 TraceCheckUtils]: 62: Hoare triple {2829#false} call sign_#t~ret56#1 := getClientPrivateKey(sign_~client#1); {2829#false} is VALID [2022-02-20 17:59:30,121 INFO L290 TraceCheckUtils]: 63: Hoare triple {2829#false} ~handle := #in~handle;havoc ~retValue_acc~35; {2829#false} is VALID [2022-02-20 17:59:30,121 INFO L290 TraceCheckUtils]: 64: Hoare triple {2829#false} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {2829#false} is VALID [2022-02-20 17:59:30,121 INFO L290 TraceCheckUtils]: 65: Hoare triple {2829#false} assume true; {2829#false} is VALID [2022-02-20 17:59:30,121 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {2829#false} {2829#false} #1146#return; {2829#false} is VALID [2022-02-20 17:59:30,121 INFO L290 TraceCheckUtils]: 67: Hoare triple {2829#false} assume -2147483648 <= sign_#t~ret56#1 && sign_#t~ret56#1 <= 2147483647;sign_~tmp~12#1 := sign_#t~ret56#1;havoc sign_#t~ret56#1;sign_~privkey~0#1 := sign_~tmp~12#1; {2829#false} is VALID [2022-02-20 17:59:30,122 INFO L290 TraceCheckUtils]: 68: Hoare triple {2829#false} assume 0 == sign_~privkey~0#1; {2829#false} is VALID [2022-02-20 17:59:30,122 INFO L290 TraceCheckUtils]: 69: Hoare triple {2829#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret45#1, outgoing__wrappee__AddressBook_#t~ret46#1, outgoing__wrappee__AddressBook_#t~ret47#1, outgoing__wrappee__AddressBook_#t~ret48#1, outgoing__wrappee__AddressBook_#t~ret49#1, outgoing__wrappee__AddressBook_#t~ret50#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~8#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~2#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~1#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~8#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~2#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~1#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {2829#false} is VALID [2022-02-20 17:59:30,122 INFO L272 TraceCheckUtils]: 70: Hoare triple {2829#false} call outgoing__wrappee__AddressBook_#t~ret45#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {2829#false} is VALID [2022-02-20 17:59:30,122 INFO L290 TraceCheckUtils]: 71: Hoare triple {2829#false} ~handle := #in~handle;havoc ~retValue_acc~29; {2829#false} is VALID [2022-02-20 17:59:30,122 INFO L290 TraceCheckUtils]: 72: Hoare triple {2829#false} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {2829#false} is VALID [2022-02-20 17:59:30,122 INFO L290 TraceCheckUtils]: 73: Hoare triple {2829#false} assume true; {2829#false} is VALID [2022-02-20 17:59:30,123 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {2829#false} {2829#false} #1148#return; {2829#false} is VALID [2022-02-20 17:59:30,123 INFO L290 TraceCheckUtils]: 75: Hoare triple {2829#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret45#1 && outgoing__wrappee__AddressBook_#t~ret45#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~8#1 := outgoing__wrappee__AddressBook_#t~ret45#1;havoc outgoing__wrappee__AddressBook_#t~ret45#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~8#1; {2829#false} is VALID [2022-02-20 17:59:30,123 INFO L290 TraceCheckUtils]: 76: Hoare triple {2829#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {2829#false} is VALID [2022-02-20 17:59:30,123 INFO L272 TraceCheckUtils]: 77: Hoare triple {2829#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {2829#false} is VALID [2022-02-20 17:59:30,123 INFO L290 TraceCheckUtils]: 78: Hoare triple {2829#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {2829#false} is VALID [2022-02-20 17:59:30,123 INFO L290 TraceCheckUtils]: 79: Hoare triple {2829#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {2829#false} is VALID [2022-02-20 17:59:30,123 INFO L290 TraceCheckUtils]: 80: Hoare triple {2829#false} #t~ret44#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret44#1 && #t~ret44#1 <= 2147483647;~tmp~7#1 := #t~ret44#1;havoc #t~ret44#1; {2829#false} is VALID [2022-02-20 17:59:30,124 INFO L272 TraceCheckUtils]: 81: Hoare triple {2829#false} call setEmailFrom(~msg#1, ~tmp~7#1); {2829#false} is VALID [2022-02-20 17:59:30,124 INFO L290 TraceCheckUtils]: 82: Hoare triple {2829#false} ~handle := #in~handle;~value := #in~value; {2829#false} is VALID [2022-02-20 17:59:30,124 INFO L290 TraceCheckUtils]: 83: Hoare triple {2829#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2829#false} is VALID [2022-02-20 17:59:30,124 INFO L290 TraceCheckUtils]: 84: Hoare triple {2829#false} assume true; {2829#false} is VALID [2022-02-20 17:59:30,124 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {2829#false} {2829#false} #1172#return; {2829#false} is VALID [2022-02-20 17:59:30,124 INFO L290 TraceCheckUtils]: 86: Hoare triple {2829#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret42#1, mail_#t~ret43#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret84#1, __utac_acc__SignForward_spec__1_#t~ret85#1, __utac_acc__SignForward_spec__1_#t~ret86#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~17#1, __utac_acc__SignForward_spec__1_~tmp___0~6#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~17#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~6#1;call __utac_acc__SignForward_spec__1_#t~ret84#1 := puts(38, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret84#1 && __utac_acc__SignForward_spec__1_#t~ret84#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret84#1; {2829#false} is VALID [2022-02-20 17:59:30,125 INFO L272 TraceCheckUtils]: 87: Hoare triple {2829#false} call __utac_acc__SignForward_spec__1_#t~ret85#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {2829#false} is VALID [2022-02-20 17:59:30,125 INFO L290 TraceCheckUtils]: 88: Hoare triple {2829#false} ~handle := #in~handle;havoc ~retValue_acc~20; {2829#false} is VALID [2022-02-20 17:59:30,125 INFO L290 TraceCheckUtils]: 89: Hoare triple {2829#false} assume 1 == ~handle;~retValue_acc~20 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~20; {2829#false} is VALID [2022-02-20 17:59:30,125 INFO L290 TraceCheckUtils]: 90: Hoare triple {2829#false} assume true; {2829#false} is VALID [2022-02-20 17:59:30,125 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {2829#false} {2829#false} #1174#return; {2829#false} is VALID [2022-02-20 17:59:30,125 INFO L290 TraceCheckUtils]: 92: Hoare triple {2829#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret85#1 && __utac_acc__SignForward_spec__1_#t~ret85#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~6#1 := __utac_acc__SignForward_spec__1_#t~ret85#1;havoc __utac_acc__SignForward_spec__1_#t~ret85#1; {2829#false} is VALID [2022-02-20 17:59:30,126 INFO L290 TraceCheckUtils]: 93: Hoare triple {2829#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~6#1; {2829#false} is VALID [2022-02-20 17:59:30,126 INFO L272 TraceCheckUtils]: 94: Hoare triple {2829#false} call __utac_acc__SignForward_spec__1_#t~ret86#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {2829#false} is VALID [2022-02-20 17:59:30,126 INFO L290 TraceCheckUtils]: 95: Hoare triple {2829#false} ~handle := #in~handle;havoc ~retValue_acc~35; {2829#false} is VALID [2022-02-20 17:59:30,126 INFO L290 TraceCheckUtils]: 96: Hoare triple {2829#false} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {2829#false} is VALID [2022-02-20 17:59:30,126 INFO L290 TraceCheckUtils]: 97: Hoare triple {2829#false} assume true; {2829#false} is VALID [2022-02-20 17:59:30,126 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {2829#false} {2829#false} #1176#return; {2829#false} is VALID [2022-02-20 17:59:30,126 INFO L290 TraceCheckUtils]: 99: Hoare triple {2829#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret86#1 && __utac_acc__SignForward_spec__1_#t~ret86#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~17#1 := __utac_acc__SignForward_spec__1_#t~ret86#1;havoc __utac_acc__SignForward_spec__1_#t~ret86#1; {2829#false} is VALID [2022-02-20 17:59:30,127 INFO L290 TraceCheckUtils]: 100: Hoare triple {2829#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~17#1;assume { :begin_inline___automaton_fail } true; {2829#false} is VALID [2022-02-20 17:59:30,127 INFO L290 TraceCheckUtils]: 101: Hoare triple {2829#false} assume !false; {2829#false} is VALID [2022-02-20 17:59:30,127 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 32 trivial. 0 not checked. [2022-02-20 17:59:30,127 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:59:30,128 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1084000413] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:30,128 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:59:30,128 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 17:59:30,128 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1710441249] [2022-02-20 17:59:30,128 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:30,129 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 18.333333333333332) internal successors, (55), 3 states have internal predecessors, (55), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) Word has length 102 [2022-02-20 17:59:30,130 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:30,130 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 18.333333333333332) internal successors, (55), 3 states have internal predecessors, (55), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:59:30,206 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 84 edges. 84 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:30,206 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 17:59:30,206 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:30,207 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 17:59:30,207 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:59:30,207 INFO L87 Difference]: Start difference. First operand 379 states and 579 transitions. Second operand has 3 states, 3 states have (on average 18.333333333333332) internal successors, (55), 3 states have internal predecessors, (55), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:59:30,800 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:30,800 INFO L93 Difference]: Finished difference Result 569 states and 850 transitions. [2022-02-20 17:59:30,801 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 17:59:30,801 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 18.333333333333332) internal successors, (55), 3 states have internal predecessors, (55), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) Word has length 102 [2022-02-20 17:59:30,801 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:30,802 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 18.333333333333332) internal successors, (55), 3 states have internal predecessors, (55), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:59:30,812 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 850 transitions. [2022-02-20 17:59:30,813 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 18.333333333333332) internal successors, (55), 3 states have internal predecessors, (55), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:59:30,823 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 850 transitions. [2022-02-20 17:59:30,823 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 850 transitions. [2022-02-20 17:59:31,466 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 850 edges. 850 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:31,480 INFO L225 Difference]: With dead ends: 569 [2022-02-20 17:59:31,480 INFO L226 Difference]: Without dead ends: 382 [2022-02-20 17:59:31,481 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 131 GetRequests, 123 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:59:31,482 INFO L933 BasicCegarLoop]: 577 mSDtfsCounter, 1 mSDsluCounter, 575 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 1152 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:31,482 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 1152 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:59:31,484 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 382 states. [2022-02-20 17:59:31,499 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 382 to 381. [2022-02-20 17:59:31,500 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:31,501 INFO L82 GeneralOperation]: Start isEquivalent. First operand 382 states. Second operand has 381 states, 302 states have (on average 1.5562913907284768) internal successors, (470), 304 states have internal predecessors, (470), 56 states have call successors, (56), 22 states have call predecessors, (56), 22 states have return successors, (55), 54 states have call predecessors, (55), 55 states have call successors, (55) [2022-02-20 17:59:31,502 INFO L74 IsIncluded]: Start isIncluded. First operand 382 states. Second operand has 381 states, 302 states have (on average 1.5562913907284768) internal successors, (470), 304 states have internal predecessors, (470), 56 states have call successors, (56), 22 states have call predecessors, (56), 22 states have return successors, (55), 54 states have call predecessors, (55), 55 states have call successors, (55) [2022-02-20 17:59:31,503 INFO L87 Difference]: Start difference. First operand 382 states. Second operand has 381 states, 302 states have (on average 1.5562913907284768) internal successors, (470), 304 states have internal predecessors, (470), 56 states have call successors, (56), 22 states have call predecessors, (56), 22 states have return successors, (55), 54 states have call predecessors, (55), 55 states have call successors, (55) [2022-02-20 17:59:31,521 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:31,521 INFO L93 Difference]: Finished difference Result 382 states and 582 transitions. [2022-02-20 17:59:31,521 INFO L276 IsEmpty]: Start isEmpty. Operand 382 states and 582 transitions. [2022-02-20 17:59:31,523 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:31,523 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:31,525 INFO L74 IsIncluded]: Start isIncluded. First operand has 381 states, 302 states have (on average 1.5562913907284768) internal successors, (470), 304 states have internal predecessors, (470), 56 states have call successors, (56), 22 states have call predecessors, (56), 22 states have return successors, (55), 54 states have call predecessors, (55), 55 states have call successors, (55) Second operand 382 states. [2022-02-20 17:59:31,526 INFO L87 Difference]: Start difference. First operand has 381 states, 302 states have (on average 1.5562913907284768) internal successors, (470), 304 states have internal predecessors, (470), 56 states have call successors, (56), 22 states have call predecessors, (56), 22 states have return successors, (55), 54 states have call predecessors, (55), 55 states have call successors, (55) Second operand 382 states. [2022-02-20 17:59:31,543 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:31,544 INFO L93 Difference]: Finished difference Result 382 states and 582 transitions. [2022-02-20 17:59:31,544 INFO L276 IsEmpty]: Start isEmpty. Operand 382 states and 582 transitions. [2022-02-20 17:59:31,545 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:31,546 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:31,546 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:31,546 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:31,547 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 381 states, 302 states have (on average 1.5562913907284768) internal successors, (470), 304 states have internal predecessors, (470), 56 states have call successors, (56), 22 states have call predecessors, (56), 22 states have return successors, (55), 54 states have call predecessors, (55), 55 states have call successors, (55) [2022-02-20 17:59:31,566 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 381 states to 381 states and 581 transitions. [2022-02-20 17:59:31,566 INFO L78 Accepts]: Start accepts. Automaton has 381 states and 581 transitions. Word has length 102 [2022-02-20 17:59:31,566 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:31,567 INFO L470 AbstractCegarLoop]: Abstraction has 381 states and 581 transitions. [2022-02-20 17:59:31,567 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 18.333333333333332) internal successors, (55), 3 states have internal predecessors, (55), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:59:31,567 INFO L276 IsEmpty]: Start isEmpty. Operand 381 states and 581 transitions. [2022-02-20 17:59:31,569 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 109 [2022-02-20 17:59:31,569 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:31,569 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:31,588 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-02-20 17:59:31,775 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable1 [2022-02-20 17:59:31,776 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:31,776 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:31,776 INFO L85 PathProgramCache]: Analyzing trace with hash 2026309608, now seen corresponding path program 1 times [2022-02-20 17:59:31,776 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:31,776 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [686863853] [2022-02-20 17:59:31,776 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:31,777 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:31,829 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,874 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:59:31,876 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,880 INFO L290 TraceCheckUtils]: 0: Hoare triple {5319#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5264#true} is VALID [2022-02-20 17:59:31,880 INFO L290 TraceCheckUtils]: 1: Hoare triple {5264#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5264#true} is VALID [2022-02-20 17:59:31,880 INFO L290 TraceCheckUtils]: 2: Hoare triple {5264#true} assume true; {5264#true} is VALID [2022-02-20 17:59:31,880 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5264#true} {5264#true} #1208#return; {5264#true} is VALID [2022-02-20 17:59:31,886 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:59:31,888 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,891 INFO L290 TraceCheckUtils]: 0: Hoare triple {5320#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5264#true} is VALID [2022-02-20 17:59:31,891 INFO L290 TraceCheckUtils]: 1: Hoare triple {5264#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5264#true} is VALID [2022-02-20 17:59:31,891 INFO L290 TraceCheckUtils]: 2: Hoare triple {5264#true} assume true; {5264#true} is VALID [2022-02-20 17:59:31,891 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5264#true} {5264#true} #1210#return; {5264#true} is VALID [2022-02-20 17:59:31,892 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:31,894 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,908 INFO L290 TraceCheckUtils]: 0: Hoare triple {5319#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5321#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:31,908 INFO L290 TraceCheckUtils]: 1: Hoare triple {5321#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5322#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:31,909 INFO L290 TraceCheckUtils]: 2: Hoare triple {5322#(= |setClientId_#in~handle| 1)} assume true; {5322#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:31,909 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5322#(= |setClientId_#in~handle| 1)} {5274#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1212#return; {5265#false} is VALID [2022-02-20 17:59:31,909 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:59:31,911 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,915 INFO L290 TraceCheckUtils]: 0: Hoare triple {5320#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5264#true} is VALID [2022-02-20 17:59:31,915 INFO L290 TraceCheckUtils]: 1: Hoare triple {5264#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5264#true} is VALID [2022-02-20 17:59:31,915 INFO L290 TraceCheckUtils]: 2: Hoare triple {5264#true} assume true; {5264#true} is VALID [2022-02-20 17:59:31,915 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5264#true} {5265#false} #1214#return; {5265#false} is VALID [2022-02-20 17:59:31,916 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:59:31,918 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,921 INFO L290 TraceCheckUtils]: 0: Hoare triple {5319#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5264#true} is VALID [2022-02-20 17:59:31,921 INFO L290 TraceCheckUtils]: 1: Hoare triple {5264#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5264#true} is VALID [2022-02-20 17:59:31,921 INFO L290 TraceCheckUtils]: 2: Hoare triple {5264#true} assume true; {5264#true} is VALID [2022-02-20 17:59:31,921 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5264#true} {5265#false} #1216#return; {5265#false} is VALID [2022-02-20 17:59:31,922 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:59:31,924 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,926 INFO L290 TraceCheckUtils]: 0: Hoare triple {5320#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5264#true} is VALID [2022-02-20 17:59:31,926 INFO L290 TraceCheckUtils]: 1: Hoare triple {5264#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5264#true} is VALID [2022-02-20 17:59:31,926 INFO L290 TraceCheckUtils]: 2: Hoare triple {5264#true} assume true; {5264#true} is VALID [2022-02-20 17:59:31,926 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5264#true} {5265#false} #1218#return; {5265#false} is VALID [2022-02-20 17:59:31,933 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 54 [2022-02-20 17:59:31,934 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,937 INFO L290 TraceCheckUtils]: 0: Hoare triple {5323#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5264#true} is VALID [2022-02-20 17:59:31,937 INFO L290 TraceCheckUtils]: 1: Hoare triple {5264#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5264#true} is VALID [2022-02-20 17:59:31,937 INFO L290 TraceCheckUtils]: 2: Hoare triple {5264#true} assume true; {5264#true} is VALID [2022-02-20 17:59:31,937 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5264#true} {5265#false} #1166#return; {5265#false} is VALID [2022-02-20 17:59:31,944 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 17:59:31,946 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,952 INFO L290 TraceCheckUtils]: 0: Hoare triple {5324#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {5264#true} is VALID [2022-02-20 17:59:31,952 INFO L290 TraceCheckUtils]: 1: Hoare triple {5264#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5264#true} is VALID [2022-02-20 17:59:31,952 INFO L290 TraceCheckUtils]: 2: Hoare triple {5264#true} assume true; {5264#true} is VALID [2022-02-20 17:59:31,953 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5264#true} {5265#false} #1168#return; {5265#false} is VALID [2022-02-20 17:59:31,953 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 17:59:31,954 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,957 INFO L290 TraceCheckUtils]: 0: Hoare triple {5264#true} ~handle := #in~handle;havoc ~retValue_acc~35; {5264#true} is VALID [2022-02-20 17:59:31,957 INFO L290 TraceCheckUtils]: 1: Hoare triple {5264#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {5264#true} is VALID [2022-02-20 17:59:31,957 INFO L290 TraceCheckUtils]: 2: Hoare triple {5264#true} assume true; {5264#true} is VALID [2022-02-20 17:59:31,957 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5264#true} {5265#false} #1146#return; {5265#false} is VALID [2022-02-20 17:59:31,957 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 76 [2022-02-20 17:59:31,958 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,960 INFO L290 TraceCheckUtils]: 0: Hoare triple {5264#true} ~handle := #in~handle;havoc ~retValue_acc~29; {5264#true} is VALID [2022-02-20 17:59:31,960 INFO L290 TraceCheckUtils]: 1: Hoare triple {5264#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {5264#true} is VALID [2022-02-20 17:59:31,961 INFO L290 TraceCheckUtils]: 2: Hoare triple {5264#true} assume true; {5264#true} is VALID [2022-02-20 17:59:31,961 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5264#true} {5265#false} #1148#return; {5265#false} is VALID [2022-02-20 17:59:31,961 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 17:59:31,962 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,964 INFO L290 TraceCheckUtils]: 0: Hoare triple {5323#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5264#true} is VALID [2022-02-20 17:59:31,964 INFO L290 TraceCheckUtils]: 1: Hoare triple {5264#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5264#true} is VALID [2022-02-20 17:59:31,964 INFO L290 TraceCheckUtils]: 2: Hoare triple {5264#true} assume true; {5264#true} is VALID [2022-02-20 17:59:31,964 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5264#true} {5265#false} #1172#return; {5265#false} is VALID [2022-02-20 17:59:31,965 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 17:59:31,966 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,968 INFO L290 TraceCheckUtils]: 0: Hoare triple {5264#true} ~handle := #in~handle;havoc ~retValue_acc~20; {5264#true} is VALID [2022-02-20 17:59:31,968 INFO L290 TraceCheckUtils]: 1: Hoare triple {5264#true} assume 1 == ~handle;~retValue_acc~20 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~20; {5264#true} is VALID [2022-02-20 17:59:31,969 INFO L290 TraceCheckUtils]: 2: Hoare triple {5264#true} assume true; {5264#true} is VALID [2022-02-20 17:59:31,969 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5264#true} {5265#false} #1174#return; {5265#false} is VALID [2022-02-20 17:59:31,970 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2022-02-20 17:59:31,970 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,972 INFO L290 TraceCheckUtils]: 0: Hoare triple {5264#true} ~handle := #in~handle;havoc ~retValue_acc~35; {5264#true} is VALID [2022-02-20 17:59:31,973 INFO L290 TraceCheckUtils]: 1: Hoare triple {5264#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {5264#true} is VALID [2022-02-20 17:59:31,973 INFO L290 TraceCheckUtils]: 2: Hoare triple {5264#true} assume true; {5264#true} is VALID [2022-02-20 17:59:31,973 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5264#true} {5265#false} #1176#return; {5265#false} is VALID [2022-02-20 17:59:31,973 INFO L290 TraceCheckUtils]: 0: Hoare triple {5264#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(16, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(34, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(20, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(13, 38);~head~0.base, ~head~0.offset := 0, 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {5264#true} is VALID [2022-02-20 17:59:31,973 INFO L290 TraceCheckUtils]: 1: Hoare triple {5264#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret72#1, main_~retValue_acc~23#1, main_~tmp~15#1;havoc main_~retValue_acc~23#1;havoc main_~tmp~15#1;assume { :begin_inline_select_helpers } true; {5264#true} is VALID [2022-02-20 17:59:31,974 INFO L290 TraceCheckUtils]: 2: Hoare triple {5264#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5264#true} is VALID [2022-02-20 17:59:31,974 INFO L290 TraceCheckUtils]: 3: Hoare triple {5264#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~25#1;havoc valid_product_~retValue_acc~25#1;valid_product_~retValue_acc~25#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~25#1; {5264#true} is VALID [2022-02-20 17:59:31,974 INFO L290 TraceCheckUtils]: 4: Hoare triple {5264#true} main_#t~ret72#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret72#1 && main_#t~ret72#1 <= 2147483647;main_~tmp~15#1 := main_#t~ret72#1;havoc main_#t~ret72#1; {5264#true} is VALID [2022-02-20 17:59:31,974 INFO L290 TraceCheckUtils]: 5: Hoare triple {5264#true} assume 0 != main_~tmp~15#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet69#1, setup_#t~nondet70#1, setup_#t~nondet71#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {5264#true} is VALID [2022-02-20 17:59:31,975 INFO L272 TraceCheckUtils]: 6: Hoare triple {5264#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {5319#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:31,975 INFO L290 TraceCheckUtils]: 7: Hoare triple {5319#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5264#true} is VALID [2022-02-20 17:59:31,975 INFO L290 TraceCheckUtils]: 8: Hoare triple {5264#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5264#true} is VALID [2022-02-20 17:59:31,975 INFO L290 TraceCheckUtils]: 9: Hoare triple {5264#true} assume true; {5264#true} is VALID [2022-02-20 17:59:31,976 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {5264#true} {5264#true} #1208#return; {5264#true} is VALID [2022-02-20 17:59:31,976 INFO L290 TraceCheckUtils]: 11: Hoare triple {5264#true} assume { :end_inline_setup_bob__wrappee__Base } true; {5264#true} is VALID [2022-02-20 17:59:31,976 INFO L272 TraceCheckUtils]: 12: Hoare triple {5264#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {5320#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:31,977 INFO L290 TraceCheckUtils]: 13: Hoare triple {5320#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5264#true} is VALID [2022-02-20 17:59:31,977 INFO L290 TraceCheckUtils]: 14: Hoare triple {5264#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5264#true} is VALID [2022-02-20 17:59:31,977 INFO L290 TraceCheckUtils]: 15: Hoare triple {5264#true} assume true; {5264#true} is VALID [2022-02-20 17:59:31,977 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {5264#true} {5264#true} #1210#return; {5264#true} is VALID [2022-02-20 17:59:31,978 INFO L290 TraceCheckUtils]: 17: Hoare triple {5264#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet69#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {5274#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:59:31,978 INFO L272 TraceCheckUtils]: 18: Hoare triple {5274#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {5319#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:31,979 INFO L290 TraceCheckUtils]: 19: Hoare triple {5319#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5321#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:31,979 INFO L290 TraceCheckUtils]: 20: Hoare triple {5321#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5322#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:31,979 INFO L290 TraceCheckUtils]: 21: Hoare triple {5322#(= |setClientId_#in~handle| 1)} assume true; {5322#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:31,980 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {5322#(= |setClientId_#in~handle| 1)} {5274#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1212#return; {5265#false} is VALID [2022-02-20 17:59:31,980 INFO L290 TraceCheckUtils]: 23: Hoare triple {5265#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {5265#false} is VALID [2022-02-20 17:59:31,980 INFO L272 TraceCheckUtils]: 24: Hoare triple {5265#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {5320#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:31,980 INFO L290 TraceCheckUtils]: 25: Hoare triple {5320#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5264#true} is VALID [2022-02-20 17:59:31,981 INFO L290 TraceCheckUtils]: 26: Hoare triple {5264#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5264#true} is VALID [2022-02-20 17:59:31,981 INFO L290 TraceCheckUtils]: 27: Hoare triple {5264#true} assume true; {5264#true} is VALID [2022-02-20 17:59:31,981 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {5264#true} {5265#false} #1214#return; {5265#false} is VALID [2022-02-20 17:59:31,981 INFO L290 TraceCheckUtils]: 29: Hoare triple {5265#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 33, 0;havoc setup_#t~nondet70#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {5265#false} is VALID [2022-02-20 17:59:31,981 INFO L272 TraceCheckUtils]: 30: Hoare triple {5265#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {5319#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:31,981 INFO L290 TraceCheckUtils]: 31: Hoare triple {5319#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5264#true} is VALID [2022-02-20 17:59:31,982 INFO L290 TraceCheckUtils]: 32: Hoare triple {5264#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5264#true} is VALID [2022-02-20 17:59:31,982 INFO L290 TraceCheckUtils]: 33: Hoare triple {5264#true} assume true; {5264#true} is VALID [2022-02-20 17:59:31,982 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {5264#true} {5265#false} #1216#return; {5265#false} is VALID [2022-02-20 17:59:31,982 INFO L290 TraceCheckUtils]: 35: Hoare triple {5265#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {5265#false} is VALID [2022-02-20 17:59:31,982 INFO L272 TraceCheckUtils]: 36: Hoare triple {5265#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {5320#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:31,982 INFO L290 TraceCheckUtils]: 37: Hoare triple {5320#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5264#true} is VALID [2022-02-20 17:59:31,983 INFO L290 TraceCheckUtils]: 38: Hoare triple {5264#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5264#true} is VALID [2022-02-20 17:59:31,983 INFO L290 TraceCheckUtils]: 39: Hoare triple {5264#true} assume true; {5264#true} is VALID [2022-02-20 17:59:31,983 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {5264#true} {5265#false} #1218#return; {5265#false} is VALID [2022-02-20 17:59:31,983 INFO L290 TraceCheckUtils]: 41: Hoare triple {5265#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 34, 0;havoc setup_#t~nondet71#1; {5265#false} is VALID [2022-02-20 17:59:31,983 INFO L290 TraceCheckUtils]: 42: Hoare triple {5265#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {5265#false} is VALID [2022-02-20 17:59:31,983 INFO L290 TraceCheckUtils]: 43: Hoare triple {5265#false} assume !false; {5265#false} is VALID [2022-02-20 17:59:31,984 INFO L290 TraceCheckUtils]: 44: Hoare triple {5265#false} assume test_~splverifierCounter~0#1 < 4; {5265#false} is VALID [2022-02-20 17:59:31,984 INFO L290 TraceCheckUtils]: 45: Hoare triple {5265#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {5265#false} is VALID [2022-02-20 17:59:31,984 INFO L290 TraceCheckUtils]: 46: Hoare triple {5265#false} assume !(0 == test_~op1~0#1); {5265#false} is VALID [2022-02-20 17:59:31,984 INFO L290 TraceCheckUtils]: 47: Hoare triple {5265#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet88#1 && test_#t~nondet88#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet88#1;havoc test_#t~nondet88#1; {5265#false} is VALID [2022-02-20 17:59:31,984 INFO L290 TraceCheckUtils]: 48: Hoare triple {5265#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {5265#false} is VALID [2022-02-20 17:59:31,984 INFO L290 TraceCheckUtils]: 49: Hoare triple {5265#false} assume !false; {5265#false} is VALID [2022-02-20 17:59:31,985 INFO L290 TraceCheckUtils]: 50: Hoare triple {5265#false} assume !(test_~splverifierCounter~0#1 < 4); {5265#false} is VALID [2022-02-20 17:59:31,985 INFO L290 TraceCheckUtils]: 51: Hoare triple {5265#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret64#1, bobToRjh_#t~ret65#1, bobToRjh_#t~ret66#1, bobToRjh_#t~ret67#1, bobToRjh_~tmp~14#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~14#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret64#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret64#1 && bobToRjh_#t~ret64#1 <= 2147483647;havoc bobToRjh_#t~ret64#1; {5265#false} is VALID [2022-02-20 17:59:31,985 INFO L272 TraceCheckUtils]: 52: Hoare triple {5265#false} call sendEmail(~bob~0, ~rjh~0); {5265#false} is VALID [2022-02-20 17:59:31,985 INFO L290 TraceCheckUtils]: 53: Hoare triple {5265#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~11#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~6#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~6#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {5265#false} is VALID [2022-02-20 17:59:31,985 INFO L272 TraceCheckUtils]: 54: Hoare triple {5265#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {5323#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:31,985 INFO L290 TraceCheckUtils]: 55: Hoare triple {5323#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5264#true} is VALID [2022-02-20 17:59:31,986 INFO L290 TraceCheckUtils]: 56: Hoare triple {5264#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5264#true} is VALID [2022-02-20 17:59:31,986 INFO L290 TraceCheckUtils]: 57: Hoare triple {5264#true} assume true; {5264#true} is VALID [2022-02-20 17:59:31,986 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {5264#true} {5265#false} #1166#return; {5265#false} is VALID [2022-02-20 17:59:31,986 INFO L272 TraceCheckUtils]: 59: Hoare triple {5265#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {5324#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:31,986 INFO L290 TraceCheckUtils]: 60: Hoare triple {5324#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {5264#true} is VALID [2022-02-20 17:59:31,986 INFO L290 TraceCheckUtils]: 61: Hoare triple {5264#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5264#true} is VALID [2022-02-20 17:59:31,986 INFO L290 TraceCheckUtils]: 62: Hoare triple {5264#true} assume true; {5264#true} is VALID [2022-02-20 17:59:31,987 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {5264#true} {5265#false} #1168#return; {5265#false} is VALID [2022-02-20 17:59:31,987 INFO L290 TraceCheckUtils]: 64: Hoare triple {5265#false} createEmail_~retValue_acc~6#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~6#1; {5265#false} is VALID [2022-02-20 17:59:31,987 INFO L290 TraceCheckUtils]: 65: Hoare triple {5265#false} #t~ret54#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret54#1 && #t~ret54#1 <= 2147483647;~tmp~11#1 := #t~ret54#1;havoc #t~ret54#1;~email~0#1 := ~tmp~11#1; {5265#false} is VALID [2022-02-20 17:59:31,987 INFO L272 TraceCheckUtils]: 66: Hoare triple {5265#false} call outgoing(~sender#1, ~email~0#1); {5265#false} is VALID [2022-02-20 17:59:31,987 INFO L290 TraceCheckUtils]: 67: Hoare triple {5265#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret56#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~12#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~12#1; {5265#false} is VALID [2022-02-20 17:59:31,987 INFO L272 TraceCheckUtils]: 68: Hoare triple {5265#false} call sign_#t~ret56#1 := getClientPrivateKey(sign_~client#1); {5264#true} is VALID [2022-02-20 17:59:31,988 INFO L290 TraceCheckUtils]: 69: Hoare triple {5264#true} ~handle := #in~handle;havoc ~retValue_acc~35; {5264#true} is VALID [2022-02-20 17:59:31,988 INFO L290 TraceCheckUtils]: 70: Hoare triple {5264#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {5264#true} is VALID [2022-02-20 17:59:31,988 INFO L290 TraceCheckUtils]: 71: Hoare triple {5264#true} assume true; {5264#true} is VALID [2022-02-20 17:59:31,988 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {5264#true} {5265#false} #1146#return; {5265#false} is VALID [2022-02-20 17:59:31,988 INFO L290 TraceCheckUtils]: 73: Hoare triple {5265#false} assume -2147483648 <= sign_#t~ret56#1 && sign_#t~ret56#1 <= 2147483647;sign_~tmp~12#1 := sign_#t~ret56#1;havoc sign_#t~ret56#1;sign_~privkey~0#1 := sign_~tmp~12#1; {5265#false} is VALID [2022-02-20 17:59:31,988 INFO L290 TraceCheckUtils]: 74: Hoare triple {5265#false} assume 0 == sign_~privkey~0#1; {5265#false} is VALID [2022-02-20 17:59:31,989 INFO L290 TraceCheckUtils]: 75: Hoare triple {5265#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret45#1, outgoing__wrappee__AddressBook_#t~ret46#1, outgoing__wrappee__AddressBook_#t~ret47#1, outgoing__wrappee__AddressBook_#t~ret48#1, outgoing__wrappee__AddressBook_#t~ret49#1, outgoing__wrappee__AddressBook_#t~ret50#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~8#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~2#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~1#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~8#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~2#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~1#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {5265#false} is VALID [2022-02-20 17:59:31,989 INFO L272 TraceCheckUtils]: 76: Hoare triple {5265#false} call outgoing__wrappee__AddressBook_#t~ret45#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {5264#true} is VALID [2022-02-20 17:59:31,989 INFO L290 TraceCheckUtils]: 77: Hoare triple {5264#true} ~handle := #in~handle;havoc ~retValue_acc~29; {5264#true} is VALID [2022-02-20 17:59:31,989 INFO L290 TraceCheckUtils]: 78: Hoare triple {5264#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {5264#true} is VALID [2022-02-20 17:59:31,989 INFO L290 TraceCheckUtils]: 79: Hoare triple {5264#true} assume true; {5264#true} is VALID [2022-02-20 17:59:31,989 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {5264#true} {5265#false} #1148#return; {5265#false} is VALID [2022-02-20 17:59:31,989 INFO L290 TraceCheckUtils]: 81: Hoare triple {5265#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret45#1 && outgoing__wrappee__AddressBook_#t~ret45#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~8#1 := outgoing__wrappee__AddressBook_#t~ret45#1;havoc outgoing__wrappee__AddressBook_#t~ret45#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~8#1; {5265#false} is VALID [2022-02-20 17:59:31,990 INFO L290 TraceCheckUtils]: 82: Hoare triple {5265#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {5265#false} is VALID [2022-02-20 17:59:31,990 INFO L272 TraceCheckUtils]: 83: Hoare triple {5265#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {5265#false} is VALID [2022-02-20 17:59:31,990 INFO L290 TraceCheckUtils]: 84: Hoare triple {5265#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {5265#false} is VALID [2022-02-20 17:59:31,990 INFO L290 TraceCheckUtils]: 85: Hoare triple {5265#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {5265#false} is VALID [2022-02-20 17:59:31,990 INFO L290 TraceCheckUtils]: 86: Hoare triple {5265#false} #t~ret44#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret44#1 && #t~ret44#1 <= 2147483647;~tmp~7#1 := #t~ret44#1;havoc #t~ret44#1; {5265#false} is VALID [2022-02-20 17:59:31,991 INFO L272 TraceCheckUtils]: 87: Hoare triple {5265#false} call setEmailFrom(~msg#1, ~tmp~7#1); {5323#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:31,991 INFO L290 TraceCheckUtils]: 88: Hoare triple {5323#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5264#true} is VALID [2022-02-20 17:59:31,991 INFO L290 TraceCheckUtils]: 89: Hoare triple {5264#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5264#true} is VALID [2022-02-20 17:59:31,991 INFO L290 TraceCheckUtils]: 90: Hoare triple {5264#true} assume true; {5264#true} is VALID [2022-02-20 17:59:31,991 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {5264#true} {5265#false} #1172#return; {5265#false} is VALID [2022-02-20 17:59:31,991 INFO L290 TraceCheckUtils]: 92: Hoare triple {5265#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret42#1, mail_#t~ret43#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret84#1, __utac_acc__SignForward_spec__1_#t~ret85#1, __utac_acc__SignForward_spec__1_#t~ret86#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~17#1, __utac_acc__SignForward_spec__1_~tmp___0~6#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~17#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~6#1;call __utac_acc__SignForward_spec__1_#t~ret84#1 := puts(38, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret84#1 && __utac_acc__SignForward_spec__1_#t~ret84#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret84#1; {5265#false} is VALID [2022-02-20 17:59:31,992 INFO L272 TraceCheckUtils]: 93: Hoare triple {5265#false} call __utac_acc__SignForward_spec__1_#t~ret85#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {5264#true} is VALID [2022-02-20 17:59:31,992 INFO L290 TraceCheckUtils]: 94: Hoare triple {5264#true} ~handle := #in~handle;havoc ~retValue_acc~20; {5264#true} is VALID [2022-02-20 17:59:31,992 INFO L290 TraceCheckUtils]: 95: Hoare triple {5264#true} assume 1 == ~handle;~retValue_acc~20 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~20; {5264#true} is VALID [2022-02-20 17:59:31,992 INFO L290 TraceCheckUtils]: 96: Hoare triple {5264#true} assume true; {5264#true} is VALID [2022-02-20 17:59:31,992 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {5264#true} {5265#false} #1174#return; {5265#false} is VALID [2022-02-20 17:59:31,992 INFO L290 TraceCheckUtils]: 98: Hoare triple {5265#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret85#1 && __utac_acc__SignForward_spec__1_#t~ret85#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~6#1 := __utac_acc__SignForward_spec__1_#t~ret85#1;havoc __utac_acc__SignForward_spec__1_#t~ret85#1; {5265#false} is VALID [2022-02-20 17:59:31,993 INFO L290 TraceCheckUtils]: 99: Hoare triple {5265#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~6#1; {5265#false} is VALID [2022-02-20 17:59:31,993 INFO L272 TraceCheckUtils]: 100: Hoare triple {5265#false} call __utac_acc__SignForward_spec__1_#t~ret86#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {5264#true} is VALID [2022-02-20 17:59:31,993 INFO L290 TraceCheckUtils]: 101: Hoare triple {5264#true} ~handle := #in~handle;havoc ~retValue_acc~35; {5264#true} is VALID [2022-02-20 17:59:31,993 INFO L290 TraceCheckUtils]: 102: Hoare triple {5264#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {5264#true} is VALID [2022-02-20 17:59:31,993 INFO L290 TraceCheckUtils]: 103: Hoare triple {5264#true} assume true; {5264#true} is VALID [2022-02-20 17:59:31,993 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {5264#true} {5265#false} #1176#return; {5265#false} is VALID [2022-02-20 17:59:31,993 INFO L290 TraceCheckUtils]: 105: Hoare triple {5265#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret86#1 && __utac_acc__SignForward_spec__1_#t~ret86#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~17#1 := __utac_acc__SignForward_spec__1_#t~ret86#1;havoc __utac_acc__SignForward_spec__1_#t~ret86#1; {5265#false} is VALID [2022-02-20 17:59:31,994 INFO L290 TraceCheckUtils]: 106: Hoare triple {5265#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~17#1;assume { :begin_inline___automaton_fail } true; {5265#false} is VALID [2022-02-20 17:59:31,994 INFO L290 TraceCheckUtils]: 107: Hoare triple {5265#false} assume !false; {5265#false} is VALID [2022-02-20 17:59:31,994 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 17:59:31,994 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:31,995 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [686863853] [2022-02-20 17:59:31,995 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [686863853] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:59:31,995 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1337734137] [2022-02-20 17:59:31,995 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:31,995 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:31,996 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:59:31,997 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:59:32,024 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-02-20 17:59:32,248 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:32,251 INFO L263 TraceCheckSpWp]: Trace formula consists of 1053 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 17:59:32,297 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:32,299 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:59:32,547 INFO L290 TraceCheckUtils]: 0: Hoare triple {5264#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(16, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(34, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(20, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(13, 38);~head~0.base, ~head~0.offset := 0, 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {5264#true} is VALID [2022-02-20 17:59:32,548 INFO L290 TraceCheckUtils]: 1: Hoare triple {5264#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret72#1, main_~retValue_acc~23#1, main_~tmp~15#1;havoc main_~retValue_acc~23#1;havoc main_~tmp~15#1;assume { :begin_inline_select_helpers } true; {5264#true} is VALID [2022-02-20 17:59:32,548 INFO L290 TraceCheckUtils]: 2: Hoare triple {5264#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5264#true} is VALID [2022-02-20 17:59:32,548 INFO L290 TraceCheckUtils]: 3: Hoare triple {5264#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~25#1;havoc valid_product_~retValue_acc~25#1;valid_product_~retValue_acc~25#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~25#1; {5264#true} is VALID [2022-02-20 17:59:32,548 INFO L290 TraceCheckUtils]: 4: Hoare triple {5264#true} main_#t~ret72#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret72#1 && main_#t~ret72#1 <= 2147483647;main_~tmp~15#1 := main_#t~ret72#1;havoc main_#t~ret72#1; {5264#true} is VALID [2022-02-20 17:59:32,548 INFO L290 TraceCheckUtils]: 5: Hoare triple {5264#true} assume 0 != main_~tmp~15#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet69#1, setup_#t~nondet70#1, setup_#t~nondet71#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {5264#true} is VALID [2022-02-20 17:59:32,548 INFO L272 TraceCheckUtils]: 6: Hoare triple {5264#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {5264#true} is VALID [2022-02-20 17:59:32,549 INFO L290 TraceCheckUtils]: 7: Hoare triple {5264#true} ~handle := #in~handle;~value := #in~value; {5264#true} is VALID [2022-02-20 17:59:32,549 INFO L290 TraceCheckUtils]: 8: Hoare triple {5264#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5264#true} is VALID [2022-02-20 17:59:32,549 INFO L290 TraceCheckUtils]: 9: Hoare triple {5264#true} assume true; {5264#true} is VALID [2022-02-20 17:59:32,549 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {5264#true} {5264#true} #1208#return; {5264#true} is VALID [2022-02-20 17:59:32,549 INFO L290 TraceCheckUtils]: 11: Hoare triple {5264#true} assume { :end_inline_setup_bob__wrappee__Base } true; {5264#true} is VALID [2022-02-20 17:59:32,549 INFO L272 TraceCheckUtils]: 12: Hoare triple {5264#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {5264#true} is VALID [2022-02-20 17:59:32,550 INFO L290 TraceCheckUtils]: 13: Hoare triple {5264#true} ~handle := #in~handle;~value := #in~value; {5264#true} is VALID [2022-02-20 17:59:32,550 INFO L290 TraceCheckUtils]: 14: Hoare triple {5264#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5264#true} is VALID [2022-02-20 17:59:32,550 INFO L290 TraceCheckUtils]: 15: Hoare triple {5264#true} assume true; {5264#true} is VALID [2022-02-20 17:59:32,550 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {5264#true} {5264#true} #1210#return; {5264#true} is VALID [2022-02-20 17:59:32,550 INFO L290 TraceCheckUtils]: 17: Hoare triple {5264#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet69#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {5264#true} is VALID [2022-02-20 17:59:32,551 INFO L272 TraceCheckUtils]: 18: Hoare triple {5264#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {5264#true} is VALID [2022-02-20 17:59:32,551 INFO L290 TraceCheckUtils]: 19: Hoare triple {5264#true} ~handle := #in~handle;~value := #in~value; {5264#true} is VALID [2022-02-20 17:59:32,551 INFO L290 TraceCheckUtils]: 20: Hoare triple {5264#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5264#true} is VALID [2022-02-20 17:59:32,551 INFO L290 TraceCheckUtils]: 21: Hoare triple {5264#true} assume true; {5264#true} is VALID [2022-02-20 17:59:32,551 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {5264#true} {5264#true} #1212#return; {5264#true} is VALID [2022-02-20 17:59:32,551 INFO L290 TraceCheckUtils]: 23: Hoare triple {5264#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {5264#true} is VALID [2022-02-20 17:59:32,552 INFO L272 TraceCheckUtils]: 24: Hoare triple {5264#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {5264#true} is VALID [2022-02-20 17:59:32,552 INFO L290 TraceCheckUtils]: 25: Hoare triple {5264#true} ~handle := #in~handle;~value := #in~value; {5264#true} is VALID [2022-02-20 17:59:32,552 INFO L290 TraceCheckUtils]: 26: Hoare triple {5264#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5264#true} is VALID [2022-02-20 17:59:32,552 INFO L290 TraceCheckUtils]: 27: Hoare triple {5264#true} assume true; {5264#true} is VALID [2022-02-20 17:59:32,552 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {5264#true} {5264#true} #1214#return; {5264#true} is VALID [2022-02-20 17:59:32,552 INFO L290 TraceCheckUtils]: 29: Hoare triple {5264#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 33, 0;havoc setup_#t~nondet70#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {5264#true} is VALID [2022-02-20 17:59:32,553 INFO L272 TraceCheckUtils]: 30: Hoare triple {5264#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {5264#true} is VALID [2022-02-20 17:59:32,553 INFO L290 TraceCheckUtils]: 31: Hoare triple {5264#true} ~handle := #in~handle;~value := #in~value; {5264#true} is VALID [2022-02-20 17:59:32,553 INFO L290 TraceCheckUtils]: 32: Hoare triple {5264#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5264#true} is VALID [2022-02-20 17:59:32,553 INFO L290 TraceCheckUtils]: 33: Hoare triple {5264#true} assume true; {5264#true} is VALID [2022-02-20 17:59:32,553 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {5264#true} {5264#true} #1216#return; {5264#true} is VALID [2022-02-20 17:59:32,553 INFO L290 TraceCheckUtils]: 35: Hoare triple {5264#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {5264#true} is VALID [2022-02-20 17:59:32,554 INFO L272 TraceCheckUtils]: 36: Hoare triple {5264#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {5264#true} is VALID [2022-02-20 17:59:32,554 INFO L290 TraceCheckUtils]: 37: Hoare triple {5264#true} ~handle := #in~handle;~value := #in~value; {5264#true} is VALID [2022-02-20 17:59:32,554 INFO L290 TraceCheckUtils]: 38: Hoare triple {5264#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5264#true} is VALID [2022-02-20 17:59:32,554 INFO L290 TraceCheckUtils]: 39: Hoare triple {5264#true} assume true; {5264#true} is VALID [2022-02-20 17:59:32,554 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {5264#true} {5264#true} #1218#return; {5264#true} is VALID [2022-02-20 17:59:32,554 INFO L290 TraceCheckUtils]: 41: Hoare triple {5264#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 34, 0;havoc setup_#t~nondet71#1; {5264#true} is VALID [2022-02-20 17:59:32,555 INFO L290 TraceCheckUtils]: 42: Hoare triple {5264#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {5454#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:59:32,555 INFO L290 TraceCheckUtils]: 43: Hoare triple {5454#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !false; {5454#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:59:32,556 INFO L290 TraceCheckUtils]: 44: Hoare triple {5454#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {5454#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:59:32,556 INFO L290 TraceCheckUtils]: 45: Hoare triple {5454#(= |ULTIMATE.start_test_~op1~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {5454#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:59:32,557 INFO L290 TraceCheckUtils]: 46: Hoare triple {5454#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !(0 == test_~op1~0#1); {5265#false} is VALID [2022-02-20 17:59:32,557 INFO L290 TraceCheckUtils]: 47: Hoare triple {5265#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet88#1 && test_#t~nondet88#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet88#1;havoc test_#t~nondet88#1; {5265#false} is VALID [2022-02-20 17:59:32,557 INFO L290 TraceCheckUtils]: 48: Hoare triple {5265#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {5265#false} is VALID [2022-02-20 17:59:32,557 INFO L290 TraceCheckUtils]: 49: Hoare triple {5265#false} assume !false; {5265#false} is VALID [2022-02-20 17:59:32,557 INFO L290 TraceCheckUtils]: 50: Hoare triple {5265#false} assume !(test_~splverifierCounter~0#1 < 4); {5265#false} is VALID [2022-02-20 17:59:32,558 INFO L290 TraceCheckUtils]: 51: Hoare triple {5265#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret64#1, bobToRjh_#t~ret65#1, bobToRjh_#t~ret66#1, bobToRjh_#t~ret67#1, bobToRjh_~tmp~14#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~14#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret64#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret64#1 && bobToRjh_#t~ret64#1 <= 2147483647;havoc bobToRjh_#t~ret64#1; {5265#false} is VALID [2022-02-20 17:59:32,558 INFO L272 TraceCheckUtils]: 52: Hoare triple {5265#false} call sendEmail(~bob~0, ~rjh~0); {5265#false} is VALID [2022-02-20 17:59:32,558 INFO L290 TraceCheckUtils]: 53: Hoare triple {5265#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~11#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~6#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~6#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {5265#false} is VALID [2022-02-20 17:59:32,558 INFO L272 TraceCheckUtils]: 54: Hoare triple {5265#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {5265#false} is VALID [2022-02-20 17:59:32,558 INFO L290 TraceCheckUtils]: 55: Hoare triple {5265#false} ~handle := #in~handle;~value := #in~value; {5265#false} is VALID [2022-02-20 17:59:32,558 INFO L290 TraceCheckUtils]: 56: Hoare triple {5265#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5265#false} is VALID [2022-02-20 17:59:32,559 INFO L290 TraceCheckUtils]: 57: Hoare triple {5265#false} assume true; {5265#false} is VALID [2022-02-20 17:59:32,559 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {5265#false} {5265#false} #1166#return; {5265#false} is VALID [2022-02-20 17:59:32,559 INFO L272 TraceCheckUtils]: 59: Hoare triple {5265#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {5265#false} is VALID [2022-02-20 17:59:32,559 INFO L290 TraceCheckUtils]: 60: Hoare triple {5265#false} ~handle := #in~handle;~value := #in~value; {5265#false} is VALID [2022-02-20 17:59:32,559 INFO L290 TraceCheckUtils]: 61: Hoare triple {5265#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5265#false} is VALID [2022-02-20 17:59:32,559 INFO L290 TraceCheckUtils]: 62: Hoare triple {5265#false} assume true; {5265#false} is VALID [2022-02-20 17:59:32,560 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {5265#false} {5265#false} #1168#return; {5265#false} is VALID [2022-02-20 17:59:32,560 INFO L290 TraceCheckUtils]: 64: Hoare triple {5265#false} createEmail_~retValue_acc~6#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~6#1; {5265#false} is VALID [2022-02-20 17:59:32,560 INFO L290 TraceCheckUtils]: 65: Hoare triple {5265#false} #t~ret54#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret54#1 && #t~ret54#1 <= 2147483647;~tmp~11#1 := #t~ret54#1;havoc #t~ret54#1;~email~0#1 := ~tmp~11#1; {5265#false} is VALID [2022-02-20 17:59:32,560 INFO L272 TraceCheckUtils]: 66: Hoare triple {5265#false} call outgoing(~sender#1, ~email~0#1); {5265#false} is VALID [2022-02-20 17:59:32,560 INFO L290 TraceCheckUtils]: 67: Hoare triple {5265#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret56#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~12#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~12#1; {5265#false} is VALID [2022-02-20 17:59:32,560 INFO L272 TraceCheckUtils]: 68: Hoare triple {5265#false} call sign_#t~ret56#1 := getClientPrivateKey(sign_~client#1); {5265#false} is VALID [2022-02-20 17:59:32,561 INFO L290 TraceCheckUtils]: 69: Hoare triple {5265#false} ~handle := #in~handle;havoc ~retValue_acc~35; {5265#false} is VALID [2022-02-20 17:59:32,561 INFO L290 TraceCheckUtils]: 70: Hoare triple {5265#false} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {5265#false} is VALID [2022-02-20 17:59:32,561 INFO L290 TraceCheckUtils]: 71: Hoare triple {5265#false} assume true; {5265#false} is VALID [2022-02-20 17:59:32,561 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {5265#false} {5265#false} #1146#return; {5265#false} is VALID [2022-02-20 17:59:32,561 INFO L290 TraceCheckUtils]: 73: Hoare triple {5265#false} assume -2147483648 <= sign_#t~ret56#1 && sign_#t~ret56#1 <= 2147483647;sign_~tmp~12#1 := sign_#t~ret56#1;havoc sign_#t~ret56#1;sign_~privkey~0#1 := sign_~tmp~12#1; {5265#false} is VALID [2022-02-20 17:59:32,561 INFO L290 TraceCheckUtils]: 74: Hoare triple {5265#false} assume 0 == sign_~privkey~0#1; {5265#false} is VALID [2022-02-20 17:59:32,562 INFO L290 TraceCheckUtils]: 75: Hoare triple {5265#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret45#1, outgoing__wrappee__AddressBook_#t~ret46#1, outgoing__wrappee__AddressBook_#t~ret47#1, outgoing__wrappee__AddressBook_#t~ret48#1, outgoing__wrappee__AddressBook_#t~ret49#1, outgoing__wrappee__AddressBook_#t~ret50#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~8#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~2#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~1#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~8#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~2#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~1#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {5265#false} is VALID [2022-02-20 17:59:32,562 INFO L272 TraceCheckUtils]: 76: Hoare triple {5265#false} call outgoing__wrappee__AddressBook_#t~ret45#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {5265#false} is VALID [2022-02-20 17:59:32,562 INFO L290 TraceCheckUtils]: 77: Hoare triple {5265#false} ~handle := #in~handle;havoc ~retValue_acc~29; {5265#false} is VALID [2022-02-20 17:59:32,562 INFO L290 TraceCheckUtils]: 78: Hoare triple {5265#false} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {5265#false} is VALID [2022-02-20 17:59:32,562 INFO L290 TraceCheckUtils]: 79: Hoare triple {5265#false} assume true; {5265#false} is VALID [2022-02-20 17:59:32,562 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {5265#false} {5265#false} #1148#return; {5265#false} is VALID [2022-02-20 17:59:32,563 INFO L290 TraceCheckUtils]: 81: Hoare triple {5265#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret45#1 && outgoing__wrappee__AddressBook_#t~ret45#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~8#1 := outgoing__wrappee__AddressBook_#t~ret45#1;havoc outgoing__wrappee__AddressBook_#t~ret45#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~8#1; {5265#false} is VALID [2022-02-20 17:59:32,563 INFO L290 TraceCheckUtils]: 82: Hoare triple {5265#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {5265#false} is VALID [2022-02-20 17:59:32,563 INFO L272 TraceCheckUtils]: 83: Hoare triple {5265#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {5265#false} is VALID [2022-02-20 17:59:32,563 INFO L290 TraceCheckUtils]: 84: Hoare triple {5265#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {5265#false} is VALID [2022-02-20 17:59:32,563 INFO L290 TraceCheckUtils]: 85: Hoare triple {5265#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {5265#false} is VALID [2022-02-20 17:59:32,563 INFO L290 TraceCheckUtils]: 86: Hoare triple {5265#false} #t~ret44#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret44#1 && #t~ret44#1 <= 2147483647;~tmp~7#1 := #t~ret44#1;havoc #t~ret44#1; {5265#false} is VALID [2022-02-20 17:59:32,564 INFO L272 TraceCheckUtils]: 87: Hoare triple {5265#false} call setEmailFrom(~msg#1, ~tmp~7#1); {5265#false} is VALID [2022-02-20 17:59:32,564 INFO L290 TraceCheckUtils]: 88: Hoare triple {5265#false} ~handle := #in~handle;~value := #in~value; {5265#false} is VALID [2022-02-20 17:59:32,564 INFO L290 TraceCheckUtils]: 89: Hoare triple {5265#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5265#false} is VALID [2022-02-20 17:59:32,564 INFO L290 TraceCheckUtils]: 90: Hoare triple {5265#false} assume true; {5265#false} is VALID [2022-02-20 17:59:32,564 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {5265#false} {5265#false} #1172#return; {5265#false} is VALID [2022-02-20 17:59:32,564 INFO L290 TraceCheckUtils]: 92: Hoare triple {5265#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret42#1, mail_#t~ret43#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret84#1, __utac_acc__SignForward_spec__1_#t~ret85#1, __utac_acc__SignForward_spec__1_#t~ret86#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~17#1, __utac_acc__SignForward_spec__1_~tmp___0~6#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~17#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~6#1;call __utac_acc__SignForward_spec__1_#t~ret84#1 := puts(38, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret84#1 && __utac_acc__SignForward_spec__1_#t~ret84#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret84#1; {5265#false} is VALID [2022-02-20 17:59:32,565 INFO L272 TraceCheckUtils]: 93: Hoare triple {5265#false} call __utac_acc__SignForward_spec__1_#t~ret85#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {5265#false} is VALID [2022-02-20 17:59:32,565 INFO L290 TraceCheckUtils]: 94: Hoare triple {5265#false} ~handle := #in~handle;havoc ~retValue_acc~20; {5265#false} is VALID [2022-02-20 17:59:32,565 INFO L290 TraceCheckUtils]: 95: Hoare triple {5265#false} assume 1 == ~handle;~retValue_acc~20 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~20; {5265#false} is VALID [2022-02-20 17:59:32,565 INFO L290 TraceCheckUtils]: 96: Hoare triple {5265#false} assume true; {5265#false} is VALID [2022-02-20 17:59:32,565 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {5265#false} {5265#false} #1174#return; {5265#false} is VALID [2022-02-20 17:59:32,565 INFO L290 TraceCheckUtils]: 98: Hoare triple {5265#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret85#1 && __utac_acc__SignForward_spec__1_#t~ret85#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~6#1 := __utac_acc__SignForward_spec__1_#t~ret85#1;havoc __utac_acc__SignForward_spec__1_#t~ret85#1; {5265#false} is VALID [2022-02-20 17:59:32,565 INFO L290 TraceCheckUtils]: 99: Hoare triple {5265#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~6#1; {5265#false} is VALID [2022-02-20 17:59:32,566 INFO L272 TraceCheckUtils]: 100: Hoare triple {5265#false} call __utac_acc__SignForward_spec__1_#t~ret86#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {5265#false} is VALID [2022-02-20 17:59:32,566 INFO L290 TraceCheckUtils]: 101: Hoare triple {5265#false} ~handle := #in~handle;havoc ~retValue_acc~35; {5265#false} is VALID [2022-02-20 17:59:32,566 INFO L290 TraceCheckUtils]: 102: Hoare triple {5265#false} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {5265#false} is VALID [2022-02-20 17:59:32,566 INFO L290 TraceCheckUtils]: 103: Hoare triple {5265#false} assume true; {5265#false} is VALID [2022-02-20 17:59:32,566 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {5265#false} {5265#false} #1176#return; {5265#false} is VALID [2022-02-20 17:59:32,566 INFO L290 TraceCheckUtils]: 105: Hoare triple {5265#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret86#1 && __utac_acc__SignForward_spec__1_#t~ret86#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~17#1 := __utac_acc__SignForward_spec__1_#t~ret86#1;havoc __utac_acc__SignForward_spec__1_#t~ret86#1; {5265#false} is VALID [2022-02-20 17:59:32,567 INFO L290 TraceCheckUtils]: 106: Hoare triple {5265#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~17#1;assume { :begin_inline___automaton_fail } true; {5265#false} is VALID [2022-02-20 17:59:32,567 INFO L290 TraceCheckUtils]: 107: Hoare triple {5265#false} assume !false; {5265#false} is VALID [2022-02-20 17:59:32,567 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 32 trivial. 0 not checked. [2022-02-20 17:59:32,567 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:59:32,567 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1337734137] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:32,568 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:59:32,568 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 17:59:32,568 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2064543925] [2022-02-20 17:59:32,568 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:32,569 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 20.333333333333332) internal successors, (61), 3 states have internal predecessors, (61), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) Word has length 108 [2022-02-20 17:59:32,569 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:32,570 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 20.333333333333332) internal successors, (61), 3 states have internal predecessors, (61), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:59:32,631 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 90 edges. 90 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:32,631 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 17:59:32,631 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:32,632 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 17:59:32,632 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:59:32,632 INFO L87 Difference]: Start difference. First operand 381 states and 581 transitions. Second operand has 3 states, 3 states have (on average 20.333333333333332) internal successors, (61), 3 states have internal predecessors, (61), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:59:33,247 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:33,247 INFO L93 Difference]: Finished difference Result 810 states and 1254 transitions. [2022-02-20 17:59:33,247 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 17:59:33,248 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 20.333333333333332) internal successors, (61), 3 states have internal predecessors, (61), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) Word has length 108 [2022-02-20 17:59:33,248 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:33,248 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 20.333333333333332) internal successors, (61), 3 states have internal predecessors, (61), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:59:33,275 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1252 transitions. [2022-02-20 17:59:33,275 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 20.333333333333332) internal successors, (61), 3 states have internal predecessors, (61), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:59:33,292 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1252 transitions. [2022-02-20 17:59:33,292 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1252 transitions. [2022-02-20 17:59:34,163 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1252 edges. 1252 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:34,181 INFO L225 Difference]: With dead ends: 810 [2022-02-20 17:59:34,181 INFO L226 Difference]: Without dead ends: 456 [2022-02-20 17:59:34,182 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 137 GetRequests, 129 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:59:34,183 INFO L933 BasicCegarLoop]: 596 mSDtfsCounter, 134 mSDsluCounter, 530 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 152 SdHoareTripleChecker+Valid, 1126 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:34,184 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [152 Valid, 1126 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:59:34,185 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 456 states. [2022-02-20 17:59:34,199 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 456 to 448. [2022-02-20 17:59:34,200 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:34,201 INFO L82 GeneralOperation]: Start isEquivalent. First operand 456 states. Second operand has 448 states, 355 states have (on average 1.5746478873239436) internal successors, (559), 357 states have internal predecessors, (559), 70 states have call successors, (70), 22 states have call predecessors, (70), 22 states have return successors, (69), 68 states have call predecessors, (69), 69 states have call successors, (69) [2022-02-20 17:59:34,202 INFO L74 IsIncluded]: Start isIncluded. First operand 456 states. Second operand has 448 states, 355 states have (on average 1.5746478873239436) internal successors, (559), 357 states have internal predecessors, (559), 70 states have call successors, (70), 22 states have call predecessors, (70), 22 states have return successors, (69), 68 states have call predecessors, (69), 69 states have call successors, (69) [2022-02-20 17:59:34,203 INFO L87 Difference]: Start difference. First operand 456 states. Second operand has 448 states, 355 states have (on average 1.5746478873239436) internal successors, (559), 357 states have internal predecessors, (559), 70 states have call successors, (70), 22 states have call predecessors, (70), 22 states have return successors, (69), 68 states have call predecessors, (69), 69 states have call successors, (69) [2022-02-20 17:59:34,221 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:34,221 INFO L93 Difference]: Finished difference Result 456 states and 707 transitions. [2022-02-20 17:59:34,221 INFO L276 IsEmpty]: Start isEmpty. Operand 456 states and 707 transitions. [2022-02-20 17:59:34,224 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:34,224 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:34,226 INFO L74 IsIncluded]: Start isIncluded. First operand has 448 states, 355 states have (on average 1.5746478873239436) internal successors, (559), 357 states have internal predecessors, (559), 70 states have call successors, (70), 22 states have call predecessors, (70), 22 states have return successors, (69), 68 states have call predecessors, (69), 69 states have call successors, (69) Second operand 456 states. [2022-02-20 17:59:34,227 INFO L87 Difference]: Start difference. First operand has 448 states, 355 states have (on average 1.5746478873239436) internal successors, (559), 357 states have internal predecessors, (559), 70 states have call successors, (70), 22 states have call predecessors, (70), 22 states have return successors, (69), 68 states have call predecessors, (69), 69 states have call successors, (69) Second operand 456 states. [2022-02-20 17:59:34,245 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:34,246 INFO L93 Difference]: Finished difference Result 456 states and 707 transitions. [2022-02-20 17:59:34,246 INFO L276 IsEmpty]: Start isEmpty. Operand 456 states and 707 transitions. [2022-02-20 17:59:34,248 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:34,248 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:34,248 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:34,249 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:34,250 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 448 states, 355 states have (on average 1.5746478873239436) internal successors, (559), 357 states have internal predecessors, (559), 70 states have call successors, (70), 22 states have call predecessors, (70), 22 states have return successors, (69), 68 states have call predecessors, (69), 69 states have call successors, (69) [2022-02-20 17:59:34,270 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 448 states to 448 states and 698 transitions. [2022-02-20 17:59:34,271 INFO L78 Accepts]: Start accepts. Automaton has 448 states and 698 transitions. Word has length 108 [2022-02-20 17:59:34,271 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:34,271 INFO L470 AbstractCegarLoop]: Abstraction has 448 states and 698 transitions. [2022-02-20 17:59:34,272 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 20.333333333333332) internal successors, (61), 3 states have internal predecessors, (61), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:59:34,272 INFO L276 IsEmpty]: Start isEmpty. Operand 448 states and 698 transitions. [2022-02-20 17:59:34,274 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 110 [2022-02-20 17:59:34,274 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:34,274 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:34,295 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-02-20 17:59:34,487 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:34,488 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:34,488 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:34,488 INFO L85 PathProgramCache]: Analyzing trace with hash 271379103, now seen corresponding path program 1 times [2022-02-20 17:59:34,488 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:34,488 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1780941194] [2022-02-20 17:59:34,488 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:34,488 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:34,538 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:34,564 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:59:34,566 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:34,568 INFO L290 TraceCheckUtils]: 0: Hoare triple {8356#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8301#true} is VALID [2022-02-20 17:59:34,568 INFO L290 TraceCheckUtils]: 1: Hoare triple {8301#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8301#true} is VALID [2022-02-20 17:59:34,568 INFO L290 TraceCheckUtils]: 2: Hoare triple {8301#true} assume true; {8301#true} is VALID [2022-02-20 17:59:34,568 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8301#true} {8301#true} #1208#return; {8301#true} is VALID [2022-02-20 17:59:34,574 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:59:34,575 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:34,577 INFO L290 TraceCheckUtils]: 0: Hoare triple {8357#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8301#true} is VALID [2022-02-20 17:59:34,578 INFO L290 TraceCheckUtils]: 1: Hoare triple {8301#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8301#true} is VALID [2022-02-20 17:59:34,578 INFO L290 TraceCheckUtils]: 2: Hoare triple {8301#true} assume true; {8301#true} is VALID [2022-02-20 17:59:34,578 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8301#true} {8301#true} #1210#return; {8301#true} is VALID [2022-02-20 17:59:34,578 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:34,580 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:34,592 INFO L290 TraceCheckUtils]: 0: Hoare triple {8356#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8358#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:34,593 INFO L290 TraceCheckUtils]: 1: Hoare triple {8358#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8359#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:34,593 INFO L290 TraceCheckUtils]: 2: Hoare triple {8359#(= |setClientId_#in~handle| 1)} assume true; {8359#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:34,594 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8359#(= |setClientId_#in~handle| 1)} {8311#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1212#return; {8302#false} is VALID [2022-02-20 17:59:34,594 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:59:34,596 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:34,598 INFO L290 TraceCheckUtils]: 0: Hoare triple {8357#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8301#true} is VALID [2022-02-20 17:59:34,598 INFO L290 TraceCheckUtils]: 1: Hoare triple {8301#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8301#true} is VALID [2022-02-20 17:59:34,598 INFO L290 TraceCheckUtils]: 2: Hoare triple {8301#true} assume true; {8301#true} is VALID [2022-02-20 17:59:34,599 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8301#true} {8302#false} #1214#return; {8302#false} is VALID [2022-02-20 17:59:34,599 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:59:34,600 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:34,602 INFO L290 TraceCheckUtils]: 0: Hoare triple {8356#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8301#true} is VALID [2022-02-20 17:59:34,603 INFO L290 TraceCheckUtils]: 1: Hoare triple {8301#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8301#true} is VALID [2022-02-20 17:59:34,603 INFO L290 TraceCheckUtils]: 2: Hoare triple {8301#true} assume true; {8301#true} is VALID [2022-02-20 17:59:34,603 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8301#true} {8302#false} #1216#return; {8302#false} is VALID [2022-02-20 17:59:34,603 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:59:34,605 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:34,607 INFO L290 TraceCheckUtils]: 0: Hoare triple {8357#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8301#true} is VALID [2022-02-20 17:59:34,607 INFO L290 TraceCheckUtils]: 1: Hoare triple {8301#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8301#true} is VALID [2022-02-20 17:59:34,607 INFO L290 TraceCheckUtils]: 2: Hoare triple {8301#true} assume true; {8301#true} is VALID [2022-02-20 17:59:34,607 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8301#true} {8302#false} #1218#return; {8302#false} is VALID [2022-02-20 17:59:34,614 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 55 [2022-02-20 17:59:34,615 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:34,617 INFO L290 TraceCheckUtils]: 0: Hoare triple {8360#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8301#true} is VALID [2022-02-20 17:59:34,617 INFO L290 TraceCheckUtils]: 1: Hoare triple {8301#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8301#true} is VALID [2022-02-20 17:59:34,617 INFO L290 TraceCheckUtils]: 2: Hoare triple {8301#true} assume true; {8301#true} is VALID [2022-02-20 17:59:34,617 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8301#true} {8302#false} #1166#return; {8302#false} is VALID [2022-02-20 17:59:34,624 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-02-20 17:59:34,626 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:34,628 INFO L290 TraceCheckUtils]: 0: Hoare triple {8361#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {8301#true} is VALID [2022-02-20 17:59:34,628 INFO L290 TraceCheckUtils]: 1: Hoare triple {8301#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8301#true} is VALID [2022-02-20 17:59:34,628 INFO L290 TraceCheckUtils]: 2: Hoare triple {8301#true} assume true; {8301#true} is VALID [2022-02-20 17:59:34,628 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8301#true} {8302#false} #1168#return; {8302#false} is VALID [2022-02-20 17:59:34,629 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 17:59:34,629 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:34,631 INFO L290 TraceCheckUtils]: 0: Hoare triple {8301#true} ~handle := #in~handle;havoc ~retValue_acc~35; {8301#true} is VALID [2022-02-20 17:59:34,631 INFO L290 TraceCheckUtils]: 1: Hoare triple {8301#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {8301#true} is VALID [2022-02-20 17:59:34,631 INFO L290 TraceCheckUtils]: 2: Hoare triple {8301#true} assume true; {8301#true} is VALID [2022-02-20 17:59:34,632 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8301#true} {8302#false} #1146#return; {8302#false} is VALID [2022-02-20 17:59:34,632 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 17:59:34,633 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:34,635 INFO L290 TraceCheckUtils]: 0: Hoare triple {8301#true} ~handle := #in~handle;havoc ~retValue_acc~29; {8301#true} is VALID [2022-02-20 17:59:34,635 INFO L290 TraceCheckUtils]: 1: Hoare triple {8301#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {8301#true} is VALID [2022-02-20 17:59:34,635 INFO L290 TraceCheckUtils]: 2: Hoare triple {8301#true} assume true; {8301#true} is VALID [2022-02-20 17:59:34,635 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8301#true} {8302#false} #1148#return; {8302#false} is VALID [2022-02-20 17:59:34,635 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 17:59:34,636 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:34,638 INFO L290 TraceCheckUtils]: 0: Hoare triple {8360#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8301#true} is VALID [2022-02-20 17:59:34,638 INFO L290 TraceCheckUtils]: 1: Hoare triple {8301#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8301#true} is VALID [2022-02-20 17:59:34,638 INFO L290 TraceCheckUtils]: 2: Hoare triple {8301#true} assume true; {8301#true} is VALID [2022-02-20 17:59:34,638 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8301#true} {8302#false} #1172#return; {8302#false} is VALID [2022-02-20 17:59:34,639 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 17:59:34,640 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:34,641 INFO L290 TraceCheckUtils]: 0: Hoare triple {8301#true} ~handle := #in~handle;havoc ~retValue_acc~20; {8301#true} is VALID [2022-02-20 17:59:34,642 INFO L290 TraceCheckUtils]: 1: Hoare triple {8301#true} assume 1 == ~handle;~retValue_acc~20 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~20; {8301#true} is VALID [2022-02-20 17:59:34,642 INFO L290 TraceCheckUtils]: 2: Hoare triple {8301#true} assume true; {8301#true} is VALID [2022-02-20 17:59:34,642 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8301#true} {8302#false} #1174#return; {8302#false} is VALID [2022-02-20 17:59:34,642 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 17:59:34,643 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:34,645 INFO L290 TraceCheckUtils]: 0: Hoare triple {8301#true} ~handle := #in~handle;havoc ~retValue_acc~35; {8301#true} is VALID [2022-02-20 17:59:34,645 INFO L290 TraceCheckUtils]: 1: Hoare triple {8301#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {8301#true} is VALID [2022-02-20 17:59:34,645 INFO L290 TraceCheckUtils]: 2: Hoare triple {8301#true} assume true; {8301#true} is VALID [2022-02-20 17:59:34,645 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8301#true} {8302#false} #1176#return; {8302#false} is VALID [2022-02-20 17:59:34,645 INFO L290 TraceCheckUtils]: 0: Hoare triple {8301#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(16, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(34, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(20, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(13, 38);~head~0.base, ~head~0.offset := 0, 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {8301#true} is VALID [2022-02-20 17:59:34,646 INFO L290 TraceCheckUtils]: 1: Hoare triple {8301#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret72#1, main_~retValue_acc~23#1, main_~tmp~15#1;havoc main_~retValue_acc~23#1;havoc main_~tmp~15#1;assume { :begin_inline_select_helpers } true; {8301#true} is VALID [2022-02-20 17:59:34,646 INFO L290 TraceCheckUtils]: 2: Hoare triple {8301#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {8301#true} is VALID [2022-02-20 17:59:34,646 INFO L290 TraceCheckUtils]: 3: Hoare triple {8301#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~25#1;havoc valid_product_~retValue_acc~25#1;valid_product_~retValue_acc~25#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~25#1; {8301#true} is VALID [2022-02-20 17:59:34,646 INFO L290 TraceCheckUtils]: 4: Hoare triple {8301#true} main_#t~ret72#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret72#1 && main_#t~ret72#1 <= 2147483647;main_~tmp~15#1 := main_#t~ret72#1;havoc main_#t~ret72#1; {8301#true} is VALID [2022-02-20 17:59:34,646 INFO L290 TraceCheckUtils]: 5: Hoare triple {8301#true} assume 0 != main_~tmp~15#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet69#1, setup_#t~nondet70#1, setup_#t~nondet71#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {8301#true} is VALID [2022-02-20 17:59:34,647 INFO L272 TraceCheckUtils]: 6: Hoare triple {8301#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {8356#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:34,647 INFO L290 TraceCheckUtils]: 7: Hoare triple {8356#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8301#true} is VALID [2022-02-20 17:59:34,647 INFO L290 TraceCheckUtils]: 8: Hoare triple {8301#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8301#true} is VALID [2022-02-20 17:59:34,648 INFO L290 TraceCheckUtils]: 9: Hoare triple {8301#true} assume true; {8301#true} is VALID [2022-02-20 17:59:34,648 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {8301#true} {8301#true} #1208#return; {8301#true} is VALID [2022-02-20 17:59:34,648 INFO L290 TraceCheckUtils]: 11: Hoare triple {8301#true} assume { :end_inline_setup_bob__wrappee__Base } true; {8301#true} is VALID [2022-02-20 17:59:34,648 INFO L272 TraceCheckUtils]: 12: Hoare triple {8301#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {8357#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:34,649 INFO L290 TraceCheckUtils]: 13: Hoare triple {8357#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8301#true} is VALID [2022-02-20 17:59:34,649 INFO L290 TraceCheckUtils]: 14: Hoare triple {8301#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8301#true} is VALID [2022-02-20 17:59:34,649 INFO L290 TraceCheckUtils]: 15: Hoare triple {8301#true} assume true; {8301#true} is VALID [2022-02-20 17:59:34,649 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {8301#true} {8301#true} #1210#return; {8301#true} is VALID [2022-02-20 17:59:34,650 INFO L290 TraceCheckUtils]: 17: Hoare triple {8301#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet69#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {8311#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:59:34,650 INFO L272 TraceCheckUtils]: 18: Hoare triple {8311#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {8356#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:34,651 INFO L290 TraceCheckUtils]: 19: Hoare triple {8356#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8358#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:34,651 INFO L290 TraceCheckUtils]: 20: Hoare triple {8358#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8359#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:34,651 INFO L290 TraceCheckUtils]: 21: Hoare triple {8359#(= |setClientId_#in~handle| 1)} assume true; {8359#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:34,652 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {8359#(= |setClientId_#in~handle| 1)} {8311#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1212#return; {8302#false} is VALID [2022-02-20 17:59:34,652 INFO L290 TraceCheckUtils]: 23: Hoare triple {8302#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {8302#false} is VALID [2022-02-20 17:59:34,652 INFO L272 TraceCheckUtils]: 24: Hoare triple {8302#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {8357#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:34,652 INFO L290 TraceCheckUtils]: 25: Hoare triple {8357#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8301#true} is VALID [2022-02-20 17:59:34,653 INFO L290 TraceCheckUtils]: 26: Hoare triple {8301#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8301#true} is VALID [2022-02-20 17:59:34,653 INFO L290 TraceCheckUtils]: 27: Hoare triple {8301#true} assume true; {8301#true} is VALID [2022-02-20 17:59:34,653 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {8301#true} {8302#false} #1214#return; {8302#false} is VALID [2022-02-20 17:59:34,653 INFO L290 TraceCheckUtils]: 29: Hoare triple {8302#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 33, 0;havoc setup_#t~nondet70#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {8302#false} is VALID [2022-02-20 17:59:34,653 INFO L272 TraceCheckUtils]: 30: Hoare triple {8302#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {8356#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:34,653 INFO L290 TraceCheckUtils]: 31: Hoare triple {8356#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8301#true} is VALID [2022-02-20 17:59:34,654 INFO L290 TraceCheckUtils]: 32: Hoare triple {8301#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8301#true} is VALID [2022-02-20 17:59:34,654 INFO L290 TraceCheckUtils]: 33: Hoare triple {8301#true} assume true; {8301#true} is VALID [2022-02-20 17:59:34,654 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {8301#true} {8302#false} #1216#return; {8302#false} is VALID [2022-02-20 17:59:34,654 INFO L290 TraceCheckUtils]: 35: Hoare triple {8302#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {8302#false} is VALID [2022-02-20 17:59:34,654 INFO L272 TraceCheckUtils]: 36: Hoare triple {8302#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {8357#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:34,654 INFO L290 TraceCheckUtils]: 37: Hoare triple {8357#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8301#true} is VALID [2022-02-20 17:59:34,654 INFO L290 TraceCheckUtils]: 38: Hoare triple {8301#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8301#true} is VALID [2022-02-20 17:59:34,655 INFO L290 TraceCheckUtils]: 39: Hoare triple {8301#true} assume true; {8301#true} is VALID [2022-02-20 17:59:34,655 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {8301#true} {8302#false} #1218#return; {8302#false} is VALID [2022-02-20 17:59:34,655 INFO L290 TraceCheckUtils]: 41: Hoare triple {8302#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 34, 0;havoc setup_#t~nondet71#1; {8302#false} is VALID [2022-02-20 17:59:34,655 INFO L290 TraceCheckUtils]: 42: Hoare triple {8302#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {8302#false} is VALID [2022-02-20 17:59:34,655 INFO L290 TraceCheckUtils]: 43: Hoare triple {8302#false} assume !false; {8302#false} is VALID [2022-02-20 17:59:34,655 INFO L290 TraceCheckUtils]: 44: Hoare triple {8302#false} assume test_~splverifierCounter~0#1 < 4; {8302#false} is VALID [2022-02-20 17:59:34,656 INFO L290 TraceCheckUtils]: 45: Hoare triple {8302#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {8302#false} is VALID [2022-02-20 17:59:34,656 INFO L290 TraceCheckUtils]: 46: Hoare triple {8302#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet87#1 && test_#t~nondet87#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet87#1;havoc test_#t~nondet87#1; {8302#false} is VALID [2022-02-20 17:59:34,656 INFO L290 TraceCheckUtils]: 47: Hoare triple {8302#false} assume !(0 != test_~tmp___9~0#1); {8302#false} is VALID [2022-02-20 17:59:34,656 INFO L290 TraceCheckUtils]: 48: Hoare triple {8302#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet88#1 && test_#t~nondet88#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet88#1;havoc test_#t~nondet88#1; {8302#false} is VALID [2022-02-20 17:59:34,656 INFO L290 TraceCheckUtils]: 49: Hoare triple {8302#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {8302#false} is VALID [2022-02-20 17:59:34,656 INFO L290 TraceCheckUtils]: 50: Hoare triple {8302#false} assume !false; {8302#false} is VALID [2022-02-20 17:59:34,657 INFO L290 TraceCheckUtils]: 51: Hoare triple {8302#false} assume !(test_~splverifierCounter~0#1 < 4); {8302#false} is VALID [2022-02-20 17:59:34,657 INFO L290 TraceCheckUtils]: 52: Hoare triple {8302#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret64#1, bobToRjh_#t~ret65#1, bobToRjh_#t~ret66#1, bobToRjh_#t~ret67#1, bobToRjh_~tmp~14#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~14#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret64#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret64#1 && bobToRjh_#t~ret64#1 <= 2147483647;havoc bobToRjh_#t~ret64#1; {8302#false} is VALID [2022-02-20 17:59:34,657 INFO L272 TraceCheckUtils]: 53: Hoare triple {8302#false} call sendEmail(~bob~0, ~rjh~0); {8302#false} is VALID [2022-02-20 17:59:34,657 INFO L290 TraceCheckUtils]: 54: Hoare triple {8302#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~11#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~6#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~6#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {8302#false} is VALID [2022-02-20 17:59:34,657 INFO L272 TraceCheckUtils]: 55: Hoare triple {8302#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {8360#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:34,657 INFO L290 TraceCheckUtils]: 56: Hoare triple {8360#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8301#true} is VALID [2022-02-20 17:59:34,657 INFO L290 TraceCheckUtils]: 57: Hoare triple {8301#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8301#true} is VALID [2022-02-20 17:59:34,658 INFO L290 TraceCheckUtils]: 58: Hoare triple {8301#true} assume true; {8301#true} is VALID [2022-02-20 17:59:34,658 INFO L284 TraceCheckUtils]: 59: Hoare quadruple {8301#true} {8302#false} #1166#return; {8302#false} is VALID [2022-02-20 17:59:34,658 INFO L272 TraceCheckUtils]: 60: Hoare triple {8302#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {8361#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:34,658 INFO L290 TraceCheckUtils]: 61: Hoare triple {8361#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {8301#true} is VALID [2022-02-20 17:59:34,658 INFO L290 TraceCheckUtils]: 62: Hoare triple {8301#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8301#true} is VALID [2022-02-20 17:59:34,658 INFO L290 TraceCheckUtils]: 63: Hoare triple {8301#true} assume true; {8301#true} is VALID [2022-02-20 17:59:34,659 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {8301#true} {8302#false} #1168#return; {8302#false} is VALID [2022-02-20 17:59:34,659 INFO L290 TraceCheckUtils]: 65: Hoare triple {8302#false} createEmail_~retValue_acc~6#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~6#1; {8302#false} is VALID [2022-02-20 17:59:34,659 INFO L290 TraceCheckUtils]: 66: Hoare triple {8302#false} #t~ret54#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret54#1 && #t~ret54#1 <= 2147483647;~tmp~11#1 := #t~ret54#1;havoc #t~ret54#1;~email~0#1 := ~tmp~11#1; {8302#false} is VALID [2022-02-20 17:59:34,659 INFO L272 TraceCheckUtils]: 67: Hoare triple {8302#false} call outgoing(~sender#1, ~email~0#1); {8302#false} is VALID [2022-02-20 17:59:34,659 INFO L290 TraceCheckUtils]: 68: Hoare triple {8302#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret56#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~12#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~12#1; {8302#false} is VALID [2022-02-20 17:59:34,659 INFO L272 TraceCheckUtils]: 69: Hoare triple {8302#false} call sign_#t~ret56#1 := getClientPrivateKey(sign_~client#1); {8301#true} is VALID [2022-02-20 17:59:34,660 INFO L290 TraceCheckUtils]: 70: Hoare triple {8301#true} ~handle := #in~handle;havoc ~retValue_acc~35; {8301#true} is VALID [2022-02-20 17:59:34,660 INFO L290 TraceCheckUtils]: 71: Hoare triple {8301#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {8301#true} is VALID [2022-02-20 17:59:34,660 INFO L290 TraceCheckUtils]: 72: Hoare triple {8301#true} assume true; {8301#true} is VALID [2022-02-20 17:59:34,660 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {8301#true} {8302#false} #1146#return; {8302#false} is VALID [2022-02-20 17:59:34,660 INFO L290 TraceCheckUtils]: 74: Hoare triple {8302#false} assume -2147483648 <= sign_#t~ret56#1 && sign_#t~ret56#1 <= 2147483647;sign_~tmp~12#1 := sign_#t~ret56#1;havoc sign_#t~ret56#1;sign_~privkey~0#1 := sign_~tmp~12#1; {8302#false} is VALID [2022-02-20 17:59:34,660 INFO L290 TraceCheckUtils]: 75: Hoare triple {8302#false} assume 0 == sign_~privkey~0#1; {8302#false} is VALID [2022-02-20 17:59:34,660 INFO L290 TraceCheckUtils]: 76: Hoare triple {8302#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret45#1, outgoing__wrappee__AddressBook_#t~ret46#1, outgoing__wrappee__AddressBook_#t~ret47#1, outgoing__wrappee__AddressBook_#t~ret48#1, outgoing__wrappee__AddressBook_#t~ret49#1, outgoing__wrappee__AddressBook_#t~ret50#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~8#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~2#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~1#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~8#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~2#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~1#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {8302#false} is VALID [2022-02-20 17:59:34,661 INFO L272 TraceCheckUtils]: 77: Hoare triple {8302#false} call outgoing__wrappee__AddressBook_#t~ret45#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {8301#true} is VALID [2022-02-20 17:59:34,661 INFO L290 TraceCheckUtils]: 78: Hoare triple {8301#true} ~handle := #in~handle;havoc ~retValue_acc~29; {8301#true} is VALID [2022-02-20 17:59:34,661 INFO L290 TraceCheckUtils]: 79: Hoare triple {8301#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {8301#true} is VALID [2022-02-20 17:59:34,661 INFO L290 TraceCheckUtils]: 80: Hoare triple {8301#true} assume true; {8301#true} is VALID [2022-02-20 17:59:34,661 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {8301#true} {8302#false} #1148#return; {8302#false} is VALID [2022-02-20 17:59:34,661 INFO L290 TraceCheckUtils]: 82: Hoare triple {8302#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret45#1 && outgoing__wrappee__AddressBook_#t~ret45#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~8#1 := outgoing__wrappee__AddressBook_#t~ret45#1;havoc outgoing__wrappee__AddressBook_#t~ret45#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~8#1; {8302#false} is VALID [2022-02-20 17:59:34,662 INFO L290 TraceCheckUtils]: 83: Hoare triple {8302#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {8302#false} is VALID [2022-02-20 17:59:34,662 INFO L272 TraceCheckUtils]: 84: Hoare triple {8302#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {8302#false} is VALID [2022-02-20 17:59:34,662 INFO L290 TraceCheckUtils]: 85: Hoare triple {8302#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {8302#false} is VALID [2022-02-20 17:59:34,662 INFO L290 TraceCheckUtils]: 86: Hoare triple {8302#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {8302#false} is VALID [2022-02-20 17:59:34,662 INFO L290 TraceCheckUtils]: 87: Hoare triple {8302#false} #t~ret44#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret44#1 && #t~ret44#1 <= 2147483647;~tmp~7#1 := #t~ret44#1;havoc #t~ret44#1; {8302#false} is VALID [2022-02-20 17:59:34,662 INFO L272 TraceCheckUtils]: 88: Hoare triple {8302#false} call setEmailFrom(~msg#1, ~tmp~7#1); {8360#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:34,663 INFO L290 TraceCheckUtils]: 89: Hoare triple {8360#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8301#true} is VALID [2022-02-20 17:59:34,663 INFO L290 TraceCheckUtils]: 90: Hoare triple {8301#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8301#true} is VALID [2022-02-20 17:59:34,663 INFO L290 TraceCheckUtils]: 91: Hoare triple {8301#true} assume true; {8301#true} is VALID [2022-02-20 17:59:34,663 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {8301#true} {8302#false} #1172#return; {8302#false} is VALID [2022-02-20 17:59:34,663 INFO L290 TraceCheckUtils]: 93: Hoare triple {8302#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret42#1, mail_#t~ret43#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret84#1, __utac_acc__SignForward_spec__1_#t~ret85#1, __utac_acc__SignForward_spec__1_#t~ret86#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~17#1, __utac_acc__SignForward_spec__1_~tmp___0~6#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~17#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~6#1;call __utac_acc__SignForward_spec__1_#t~ret84#1 := puts(38, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret84#1 && __utac_acc__SignForward_spec__1_#t~ret84#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret84#1; {8302#false} is VALID [2022-02-20 17:59:34,663 INFO L272 TraceCheckUtils]: 94: Hoare triple {8302#false} call __utac_acc__SignForward_spec__1_#t~ret85#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {8301#true} is VALID [2022-02-20 17:59:34,664 INFO L290 TraceCheckUtils]: 95: Hoare triple {8301#true} ~handle := #in~handle;havoc ~retValue_acc~20; {8301#true} is VALID [2022-02-20 17:59:34,664 INFO L290 TraceCheckUtils]: 96: Hoare triple {8301#true} assume 1 == ~handle;~retValue_acc~20 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~20; {8301#true} is VALID [2022-02-20 17:59:34,664 INFO L290 TraceCheckUtils]: 97: Hoare triple {8301#true} assume true; {8301#true} is VALID [2022-02-20 17:59:34,664 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {8301#true} {8302#false} #1174#return; {8302#false} is VALID [2022-02-20 17:59:34,664 INFO L290 TraceCheckUtils]: 99: Hoare triple {8302#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret85#1 && __utac_acc__SignForward_spec__1_#t~ret85#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~6#1 := __utac_acc__SignForward_spec__1_#t~ret85#1;havoc __utac_acc__SignForward_spec__1_#t~ret85#1; {8302#false} is VALID [2022-02-20 17:59:34,664 INFO L290 TraceCheckUtils]: 100: Hoare triple {8302#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~6#1; {8302#false} is VALID [2022-02-20 17:59:34,664 INFO L272 TraceCheckUtils]: 101: Hoare triple {8302#false} call __utac_acc__SignForward_spec__1_#t~ret86#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {8301#true} is VALID [2022-02-20 17:59:34,665 INFO L290 TraceCheckUtils]: 102: Hoare triple {8301#true} ~handle := #in~handle;havoc ~retValue_acc~35; {8301#true} is VALID [2022-02-20 17:59:34,665 INFO L290 TraceCheckUtils]: 103: Hoare triple {8301#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {8301#true} is VALID [2022-02-20 17:59:34,665 INFO L290 TraceCheckUtils]: 104: Hoare triple {8301#true} assume true; {8301#true} is VALID [2022-02-20 17:59:34,665 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {8301#true} {8302#false} #1176#return; {8302#false} is VALID [2022-02-20 17:59:34,665 INFO L290 TraceCheckUtils]: 106: Hoare triple {8302#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret86#1 && __utac_acc__SignForward_spec__1_#t~ret86#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~17#1 := __utac_acc__SignForward_spec__1_#t~ret86#1;havoc __utac_acc__SignForward_spec__1_#t~ret86#1; {8302#false} is VALID [2022-02-20 17:59:34,665 INFO L290 TraceCheckUtils]: 107: Hoare triple {8302#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~17#1;assume { :begin_inline___automaton_fail } true; {8302#false} is VALID [2022-02-20 17:59:34,666 INFO L290 TraceCheckUtils]: 108: Hoare triple {8302#false} assume !false; {8302#false} is VALID [2022-02-20 17:59:34,666 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 17:59:34,666 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:34,666 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1780941194] [2022-02-20 17:59:34,667 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1780941194] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:59:34,667 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1028631520] [2022-02-20 17:59:34,667 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:34,667 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:34,667 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:59:34,668 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:59:34,695 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2022-02-20 17:59:34,929 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:34,933 INFO L263 TraceCheckSpWp]: Trace formula consists of 1060 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 17:59:34,980 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:34,983 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:59:35,295 INFO L290 TraceCheckUtils]: 0: Hoare triple {8301#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(16, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(34, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(20, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(13, 38);~head~0.base, ~head~0.offset := 0, 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {8301#true} is VALID [2022-02-20 17:59:35,296 INFO L290 TraceCheckUtils]: 1: Hoare triple {8301#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret72#1, main_~retValue_acc~23#1, main_~tmp~15#1;havoc main_~retValue_acc~23#1;havoc main_~tmp~15#1;assume { :begin_inline_select_helpers } true; {8301#true} is VALID [2022-02-20 17:59:35,296 INFO L290 TraceCheckUtils]: 2: Hoare triple {8301#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {8301#true} is VALID [2022-02-20 17:59:35,296 INFO L290 TraceCheckUtils]: 3: Hoare triple {8301#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~25#1;havoc valid_product_~retValue_acc~25#1;valid_product_~retValue_acc~25#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~25#1; {8301#true} is VALID [2022-02-20 17:59:35,296 INFO L290 TraceCheckUtils]: 4: Hoare triple {8301#true} main_#t~ret72#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret72#1 && main_#t~ret72#1 <= 2147483647;main_~tmp~15#1 := main_#t~ret72#1;havoc main_#t~ret72#1; {8301#true} is VALID [2022-02-20 17:59:35,296 INFO L290 TraceCheckUtils]: 5: Hoare triple {8301#true} assume 0 != main_~tmp~15#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet69#1, setup_#t~nondet70#1, setup_#t~nondet71#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {8301#true} is VALID [2022-02-20 17:59:35,296 INFO L272 TraceCheckUtils]: 6: Hoare triple {8301#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {8301#true} is VALID [2022-02-20 17:59:35,296 INFO L290 TraceCheckUtils]: 7: Hoare triple {8301#true} ~handle := #in~handle;~value := #in~value; {8301#true} is VALID [2022-02-20 17:59:35,296 INFO L290 TraceCheckUtils]: 8: Hoare triple {8301#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8301#true} is VALID [2022-02-20 17:59:35,296 INFO L290 TraceCheckUtils]: 9: Hoare triple {8301#true} assume true; {8301#true} is VALID [2022-02-20 17:59:35,296 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {8301#true} {8301#true} #1208#return; {8301#true} is VALID [2022-02-20 17:59:35,296 INFO L290 TraceCheckUtils]: 11: Hoare triple {8301#true} assume { :end_inline_setup_bob__wrappee__Base } true; {8301#true} is VALID [2022-02-20 17:59:35,297 INFO L272 TraceCheckUtils]: 12: Hoare triple {8301#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {8301#true} is VALID [2022-02-20 17:59:35,297 INFO L290 TraceCheckUtils]: 13: Hoare triple {8301#true} ~handle := #in~handle;~value := #in~value; {8301#true} is VALID [2022-02-20 17:59:35,297 INFO L290 TraceCheckUtils]: 14: Hoare triple {8301#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8301#true} is VALID [2022-02-20 17:59:35,297 INFO L290 TraceCheckUtils]: 15: Hoare triple {8301#true} assume true; {8301#true} is VALID [2022-02-20 17:59:35,297 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {8301#true} {8301#true} #1210#return; {8301#true} is VALID [2022-02-20 17:59:35,298 INFO L290 TraceCheckUtils]: 17: Hoare triple {8301#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet69#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {8416#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 17:59:35,299 INFO L272 TraceCheckUtils]: 18: Hoare triple {8416#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {8301#true} is VALID [2022-02-20 17:59:35,299 INFO L290 TraceCheckUtils]: 19: Hoare triple {8301#true} ~handle := #in~handle;~value := #in~value; {8423#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID [2022-02-20 17:59:35,299 INFO L290 TraceCheckUtils]: 20: Hoare triple {8423#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8427#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:35,300 INFO L290 TraceCheckUtils]: 21: Hoare triple {8427#(<= |setClientId_#in~handle| 1)} assume true; {8427#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:35,300 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {8427#(<= |setClientId_#in~handle| 1)} {8416#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1212#return; {8302#false} is VALID [2022-02-20 17:59:35,300 INFO L290 TraceCheckUtils]: 23: Hoare triple {8302#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {8302#false} is VALID [2022-02-20 17:59:35,300 INFO L272 TraceCheckUtils]: 24: Hoare triple {8302#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {8302#false} is VALID [2022-02-20 17:59:35,300 INFO L290 TraceCheckUtils]: 25: Hoare triple {8302#false} ~handle := #in~handle;~value := #in~value; {8302#false} is VALID [2022-02-20 17:59:35,301 INFO L290 TraceCheckUtils]: 26: Hoare triple {8302#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8302#false} is VALID [2022-02-20 17:59:35,301 INFO L290 TraceCheckUtils]: 27: Hoare triple {8302#false} assume true; {8302#false} is VALID [2022-02-20 17:59:35,301 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {8302#false} {8302#false} #1214#return; {8302#false} is VALID [2022-02-20 17:59:35,301 INFO L290 TraceCheckUtils]: 29: Hoare triple {8302#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 33, 0;havoc setup_#t~nondet70#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {8302#false} is VALID [2022-02-20 17:59:35,301 INFO L272 TraceCheckUtils]: 30: Hoare triple {8302#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {8302#false} is VALID [2022-02-20 17:59:35,301 INFO L290 TraceCheckUtils]: 31: Hoare triple {8302#false} ~handle := #in~handle;~value := #in~value; {8302#false} is VALID [2022-02-20 17:59:35,301 INFO L290 TraceCheckUtils]: 32: Hoare triple {8302#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8302#false} is VALID [2022-02-20 17:59:35,301 INFO L290 TraceCheckUtils]: 33: Hoare triple {8302#false} assume true; {8302#false} is VALID [2022-02-20 17:59:35,301 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {8302#false} {8302#false} #1216#return; {8302#false} is VALID [2022-02-20 17:59:35,301 INFO L290 TraceCheckUtils]: 35: Hoare triple {8302#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {8302#false} is VALID [2022-02-20 17:59:35,301 INFO L272 TraceCheckUtils]: 36: Hoare triple {8302#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {8302#false} is VALID [2022-02-20 17:59:35,301 INFO L290 TraceCheckUtils]: 37: Hoare triple {8302#false} ~handle := #in~handle;~value := #in~value; {8302#false} is VALID [2022-02-20 17:59:35,302 INFO L290 TraceCheckUtils]: 38: Hoare triple {8302#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8302#false} is VALID [2022-02-20 17:59:35,302 INFO L290 TraceCheckUtils]: 39: Hoare triple {8302#false} assume true; {8302#false} is VALID [2022-02-20 17:59:35,302 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {8302#false} {8302#false} #1218#return; {8302#false} is VALID [2022-02-20 17:59:35,302 INFO L290 TraceCheckUtils]: 41: Hoare triple {8302#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 34, 0;havoc setup_#t~nondet71#1; {8302#false} is VALID [2022-02-20 17:59:35,302 INFO L290 TraceCheckUtils]: 42: Hoare triple {8302#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {8302#false} is VALID [2022-02-20 17:59:35,302 INFO L290 TraceCheckUtils]: 43: Hoare triple {8302#false} assume !false; {8302#false} is VALID [2022-02-20 17:59:35,303 INFO L290 TraceCheckUtils]: 44: Hoare triple {8302#false} assume test_~splverifierCounter~0#1 < 4; {8302#false} is VALID [2022-02-20 17:59:35,303 INFO L290 TraceCheckUtils]: 45: Hoare triple {8302#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {8302#false} is VALID [2022-02-20 17:59:35,303 INFO L290 TraceCheckUtils]: 46: Hoare triple {8302#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet87#1 && test_#t~nondet87#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet87#1;havoc test_#t~nondet87#1; {8302#false} is VALID [2022-02-20 17:59:35,303 INFO L290 TraceCheckUtils]: 47: Hoare triple {8302#false} assume !(0 != test_~tmp___9~0#1); {8302#false} is VALID [2022-02-20 17:59:35,303 INFO L290 TraceCheckUtils]: 48: Hoare triple {8302#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet88#1 && test_#t~nondet88#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet88#1;havoc test_#t~nondet88#1; {8302#false} is VALID [2022-02-20 17:59:35,303 INFO L290 TraceCheckUtils]: 49: Hoare triple {8302#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {8302#false} is VALID [2022-02-20 17:59:35,304 INFO L290 TraceCheckUtils]: 50: Hoare triple {8302#false} assume !false; {8302#false} is VALID [2022-02-20 17:59:35,304 INFO L290 TraceCheckUtils]: 51: Hoare triple {8302#false} assume !(test_~splverifierCounter~0#1 < 4); {8302#false} is VALID [2022-02-20 17:59:35,304 INFO L290 TraceCheckUtils]: 52: Hoare triple {8302#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret64#1, bobToRjh_#t~ret65#1, bobToRjh_#t~ret66#1, bobToRjh_#t~ret67#1, bobToRjh_~tmp~14#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~14#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret64#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret64#1 && bobToRjh_#t~ret64#1 <= 2147483647;havoc bobToRjh_#t~ret64#1; {8302#false} is VALID [2022-02-20 17:59:35,304 INFO L272 TraceCheckUtils]: 53: Hoare triple {8302#false} call sendEmail(~bob~0, ~rjh~0); {8302#false} is VALID [2022-02-20 17:59:35,304 INFO L290 TraceCheckUtils]: 54: Hoare triple {8302#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~11#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~6#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~6#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {8302#false} is VALID [2022-02-20 17:59:35,304 INFO L272 TraceCheckUtils]: 55: Hoare triple {8302#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {8302#false} is VALID [2022-02-20 17:59:35,305 INFO L290 TraceCheckUtils]: 56: Hoare triple {8302#false} ~handle := #in~handle;~value := #in~value; {8302#false} is VALID [2022-02-20 17:59:35,305 INFO L290 TraceCheckUtils]: 57: Hoare triple {8302#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8302#false} is VALID [2022-02-20 17:59:35,305 INFO L290 TraceCheckUtils]: 58: Hoare triple {8302#false} assume true; {8302#false} is VALID [2022-02-20 17:59:35,305 INFO L284 TraceCheckUtils]: 59: Hoare quadruple {8302#false} {8302#false} #1166#return; {8302#false} is VALID [2022-02-20 17:59:35,305 INFO L272 TraceCheckUtils]: 60: Hoare triple {8302#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {8302#false} is VALID [2022-02-20 17:59:35,305 INFO L290 TraceCheckUtils]: 61: Hoare triple {8302#false} ~handle := #in~handle;~value := #in~value; {8302#false} is VALID [2022-02-20 17:59:35,306 INFO L290 TraceCheckUtils]: 62: Hoare triple {8302#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8302#false} is VALID [2022-02-20 17:59:35,306 INFO L290 TraceCheckUtils]: 63: Hoare triple {8302#false} assume true; {8302#false} is VALID [2022-02-20 17:59:35,306 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {8302#false} {8302#false} #1168#return; {8302#false} is VALID [2022-02-20 17:59:35,306 INFO L290 TraceCheckUtils]: 65: Hoare triple {8302#false} createEmail_~retValue_acc~6#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~6#1; {8302#false} is VALID [2022-02-20 17:59:35,306 INFO L290 TraceCheckUtils]: 66: Hoare triple {8302#false} #t~ret54#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret54#1 && #t~ret54#1 <= 2147483647;~tmp~11#1 := #t~ret54#1;havoc #t~ret54#1;~email~0#1 := ~tmp~11#1; {8302#false} is VALID [2022-02-20 17:59:35,306 INFO L272 TraceCheckUtils]: 67: Hoare triple {8302#false} call outgoing(~sender#1, ~email~0#1); {8302#false} is VALID [2022-02-20 17:59:35,307 INFO L290 TraceCheckUtils]: 68: Hoare triple {8302#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret56#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~12#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~12#1; {8302#false} is VALID [2022-02-20 17:59:35,307 INFO L272 TraceCheckUtils]: 69: Hoare triple {8302#false} call sign_#t~ret56#1 := getClientPrivateKey(sign_~client#1); {8302#false} is VALID [2022-02-20 17:59:35,307 INFO L290 TraceCheckUtils]: 70: Hoare triple {8302#false} ~handle := #in~handle;havoc ~retValue_acc~35; {8302#false} is VALID [2022-02-20 17:59:35,307 INFO L290 TraceCheckUtils]: 71: Hoare triple {8302#false} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {8302#false} is VALID [2022-02-20 17:59:35,307 INFO L290 TraceCheckUtils]: 72: Hoare triple {8302#false} assume true; {8302#false} is VALID [2022-02-20 17:59:35,307 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {8302#false} {8302#false} #1146#return; {8302#false} is VALID [2022-02-20 17:59:35,308 INFO L290 TraceCheckUtils]: 74: Hoare triple {8302#false} assume -2147483648 <= sign_#t~ret56#1 && sign_#t~ret56#1 <= 2147483647;sign_~tmp~12#1 := sign_#t~ret56#1;havoc sign_#t~ret56#1;sign_~privkey~0#1 := sign_~tmp~12#1; {8302#false} is VALID [2022-02-20 17:59:35,308 INFO L290 TraceCheckUtils]: 75: Hoare triple {8302#false} assume 0 == sign_~privkey~0#1; {8302#false} is VALID [2022-02-20 17:59:35,308 INFO L290 TraceCheckUtils]: 76: Hoare triple {8302#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret45#1, outgoing__wrappee__AddressBook_#t~ret46#1, outgoing__wrappee__AddressBook_#t~ret47#1, outgoing__wrappee__AddressBook_#t~ret48#1, outgoing__wrappee__AddressBook_#t~ret49#1, outgoing__wrappee__AddressBook_#t~ret50#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~8#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~2#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~1#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~8#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~2#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~1#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {8302#false} is VALID [2022-02-20 17:59:35,308 INFO L272 TraceCheckUtils]: 77: Hoare triple {8302#false} call outgoing__wrappee__AddressBook_#t~ret45#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {8302#false} is VALID [2022-02-20 17:59:35,308 INFO L290 TraceCheckUtils]: 78: Hoare triple {8302#false} ~handle := #in~handle;havoc ~retValue_acc~29; {8302#false} is VALID [2022-02-20 17:59:35,308 INFO L290 TraceCheckUtils]: 79: Hoare triple {8302#false} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {8302#false} is VALID [2022-02-20 17:59:35,309 INFO L290 TraceCheckUtils]: 80: Hoare triple {8302#false} assume true; {8302#false} is VALID [2022-02-20 17:59:35,309 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {8302#false} {8302#false} #1148#return; {8302#false} is VALID [2022-02-20 17:59:35,309 INFO L290 TraceCheckUtils]: 82: Hoare triple {8302#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret45#1 && outgoing__wrappee__AddressBook_#t~ret45#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~8#1 := outgoing__wrappee__AddressBook_#t~ret45#1;havoc outgoing__wrappee__AddressBook_#t~ret45#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~8#1; {8302#false} is VALID [2022-02-20 17:59:35,309 INFO L290 TraceCheckUtils]: 83: Hoare triple {8302#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {8302#false} is VALID [2022-02-20 17:59:35,309 INFO L272 TraceCheckUtils]: 84: Hoare triple {8302#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {8302#false} is VALID [2022-02-20 17:59:35,309 INFO L290 TraceCheckUtils]: 85: Hoare triple {8302#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {8302#false} is VALID [2022-02-20 17:59:35,310 INFO L290 TraceCheckUtils]: 86: Hoare triple {8302#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {8302#false} is VALID [2022-02-20 17:59:35,310 INFO L290 TraceCheckUtils]: 87: Hoare triple {8302#false} #t~ret44#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret44#1 && #t~ret44#1 <= 2147483647;~tmp~7#1 := #t~ret44#1;havoc #t~ret44#1; {8302#false} is VALID [2022-02-20 17:59:35,310 INFO L272 TraceCheckUtils]: 88: Hoare triple {8302#false} call setEmailFrom(~msg#1, ~tmp~7#1); {8302#false} is VALID [2022-02-20 17:59:35,310 INFO L290 TraceCheckUtils]: 89: Hoare triple {8302#false} ~handle := #in~handle;~value := #in~value; {8302#false} is VALID [2022-02-20 17:59:35,310 INFO L290 TraceCheckUtils]: 90: Hoare triple {8302#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8302#false} is VALID [2022-02-20 17:59:35,310 INFO L290 TraceCheckUtils]: 91: Hoare triple {8302#false} assume true; {8302#false} is VALID [2022-02-20 17:59:35,310 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {8302#false} {8302#false} #1172#return; {8302#false} is VALID [2022-02-20 17:59:35,311 INFO L290 TraceCheckUtils]: 93: Hoare triple {8302#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret42#1, mail_#t~ret43#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret84#1, __utac_acc__SignForward_spec__1_#t~ret85#1, __utac_acc__SignForward_spec__1_#t~ret86#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~17#1, __utac_acc__SignForward_spec__1_~tmp___0~6#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~17#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~6#1;call __utac_acc__SignForward_spec__1_#t~ret84#1 := puts(38, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret84#1 && __utac_acc__SignForward_spec__1_#t~ret84#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret84#1; {8302#false} is VALID [2022-02-20 17:59:35,311 INFO L272 TraceCheckUtils]: 94: Hoare triple {8302#false} call __utac_acc__SignForward_spec__1_#t~ret85#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {8302#false} is VALID [2022-02-20 17:59:35,311 INFO L290 TraceCheckUtils]: 95: Hoare triple {8302#false} ~handle := #in~handle;havoc ~retValue_acc~20; {8302#false} is VALID [2022-02-20 17:59:35,311 INFO L290 TraceCheckUtils]: 96: Hoare triple {8302#false} assume 1 == ~handle;~retValue_acc~20 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~20; {8302#false} is VALID [2022-02-20 17:59:35,311 INFO L290 TraceCheckUtils]: 97: Hoare triple {8302#false} assume true; {8302#false} is VALID [2022-02-20 17:59:35,311 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {8302#false} {8302#false} #1174#return; {8302#false} is VALID [2022-02-20 17:59:35,312 INFO L290 TraceCheckUtils]: 99: Hoare triple {8302#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret85#1 && __utac_acc__SignForward_spec__1_#t~ret85#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~6#1 := __utac_acc__SignForward_spec__1_#t~ret85#1;havoc __utac_acc__SignForward_spec__1_#t~ret85#1; {8302#false} is VALID [2022-02-20 17:59:35,312 INFO L290 TraceCheckUtils]: 100: Hoare triple {8302#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~6#1; {8302#false} is VALID [2022-02-20 17:59:35,312 INFO L272 TraceCheckUtils]: 101: Hoare triple {8302#false} call __utac_acc__SignForward_spec__1_#t~ret86#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {8302#false} is VALID [2022-02-20 17:59:35,312 INFO L290 TraceCheckUtils]: 102: Hoare triple {8302#false} ~handle := #in~handle;havoc ~retValue_acc~35; {8302#false} is VALID [2022-02-20 17:59:35,312 INFO L290 TraceCheckUtils]: 103: Hoare triple {8302#false} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {8302#false} is VALID [2022-02-20 17:59:35,312 INFO L290 TraceCheckUtils]: 104: Hoare triple {8302#false} assume true; {8302#false} is VALID [2022-02-20 17:59:35,313 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {8302#false} {8302#false} #1176#return; {8302#false} is VALID [2022-02-20 17:59:35,313 INFO L290 TraceCheckUtils]: 106: Hoare triple {8302#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret86#1 && __utac_acc__SignForward_spec__1_#t~ret86#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~17#1 := __utac_acc__SignForward_spec__1_#t~ret86#1;havoc __utac_acc__SignForward_spec__1_#t~ret86#1; {8302#false} is VALID [2022-02-20 17:59:35,313 INFO L290 TraceCheckUtils]: 107: Hoare triple {8302#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~17#1;assume { :begin_inline___automaton_fail } true; {8302#false} is VALID [2022-02-20 17:59:35,313 INFO L290 TraceCheckUtils]: 108: Hoare triple {8302#false} assume !false; {8302#false} is VALID [2022-02-20 17:59:35,314 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 15 trivial. 0 not checked. [2022-02-20 17:59:35,314 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:59:35,314 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1028631520] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:35,314 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:59:35,314 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [9] total 12 [2022-02-20 17:59:35,314 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [162670358] [2022-02-20 17:59:35,315 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:35,315 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 17.5) internal successors, (70), 5 states have internal predecessors, (70), 3 states have call successors, (16), 2 states have call predecessors, (16), 3 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) Word has length 109 [2022-02-20 17:59:35,316 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:35,316 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 4 states have (on average 17.5) internal successors, (70), 5 states have internal predecessors, (70), 3 states have call successors, (16), 2 states have call predecessors, (16), 3 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:59:35,411 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 99 edges. 99 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:35,411 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 17:59:35,411 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:35,412 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 17:59:35,412 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=24, Invalid=108, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:59:35,412 INFO L87 Difference]: Start difference. First operand 448 states and 698 transitions. Second operand has 5 states, 4 states have (on average 17.5) internal successors, (70), 5 states have internal predecessors, (70), 3 states have call successors, (16), 2 states have call predecessors, (16), 3 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:59:36,529 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:36,529 INFO L93 Difference]: Finished difference Result 887 states and 1386 transitions. [2022-02-20 17:59:36,529 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 17:59:36,530 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 17.5) internal successors, (70), 5 states have internal predecessors, (70), 3 states have call successors, (16), 2 states have call predecessors, (16), 3 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) Word has length 109 [2022-02-20 17:59:36,530 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:36,530 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 17.5) internal successors, (70), 5 states have internal predecessors, (70), 3 states have call successors, (16), 2 states have call predecessors, (16), 3 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:59:36,543 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1148 transitions. [2022-02-20 17:59:36,544 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 17.5) internal successors, (70), 5 states have internal predecessors, (70), 3 states have call successors, (16), 2 states have call predecessors, (16), 3 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:59:36,556 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1148 transitions. [2022-02-20 17:59:36,557 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1148 transitions. [2022-02-20 17:59:37,351 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1148 edges. 1148 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:37,368 INFO L225 Difference]: With dead ends: 887 [2022-02-20 17:59:37,369 INFO L226 Difference]: Without dead ends: 450 [2022-02-20 17:59:37,370 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 139 GetRequests, 128 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=28, Invalid=128, Unknown=0, NotChecked=0, Total=156 [2022-02-20 17:59:37,371 INFO L933 BasicCegarLoop]: 570 mSDtfsCounter, 152 mSDsluCounter, 1536 mSDsCounter, 0 mSdLazyCounter, 34 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 175 SdHoareTripleChecker+Valid, 2106 SdHoareTripleChecker+Invalid, 34 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 34 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:37,371 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [175 Valid, 2106 Invalid, 34 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 34 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:59:37,372 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 450 states. [2022-02-20 17:59:37,426 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 450 to 450. [2022-02-20 17:59:37,426 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:37,428 INFO L82 GeneralOperation]: Start isEquivalent. First operand 450 states. Second operand has 450 states, 356 states have (on average 1.5730337078651686) internal successors, (560), 359 states have internal predecessors, (560), 70 states have call successors, (70), 22 states have call predecessors, (70), 23 states have return successors, (71), 68 states have call predecessors, (71), 69 states have call successors, (71) [2022-02-20 17:59:37,429 INFO L74 IsIncluded]: Start isIncluded. First operand 450 states. Second operand has 450 states, 356 states have (on average 1.5730337078651686) internal successors, (560), 359 states have internal predecessors, (560), 70 states have call successors, (70), 22 states have call predecessors, (70), 23 states have return successors, (71), 68 states have call predecessors, (71), 69 states have call successors, (71) [2022-02-20 17:59:37,430 INFO L87 Difference]: Start difference. First operand 450 states. Second operand has 450 states, 356 states have (on average 1.5730337078651686) internal successors, (560), 359 states have internal predecessors, (560), 70 states have call successors, (70), 22 states have call predecessors, (70), 23 states have return successors, (71), 68 states have call predecessors, (71), 69 states have call successors, (71) [2022-02-20 17:59:37,447 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:37,448 INFO L93 Difference]: Finished difference Result 450 states and 701 transitions. [2022-02-20 17:59:37,448 INFO L276 IsEmpty]: Start isEmpty. Operand 450 states and 701 transitions. [2022-02-20 17:59:37,449 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:37,449 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:37,451 INFO L74 IsIncluded]: Start isIncluded. First operand has 450 states, 356 states have (on average 1.5730337078651686) internal successors, (560), 359 states have internal predecessors, (560), 70 states have call successors, (70), 22 states have call predecessors, (70), 23 states have return successors, (71), 68 states have call predecessors, (71), 69 states have call successors, (71) Second operand 450 states. [2022-02-20 17:59:37,452 INFO L87 Difference]: Start difference. First operand has 450 states, 356 states have (on average 1.5730337078651686) internal successors, (560), 359 states have internal predecessors, (560), 70 states have call successors, (70), 22 states have call predecessors, (70), 23 states have return successors, (71), 68 states have call predecessors, (71), 69 states have call successors, (71) Second operand 450 states. [2022-02-20 17:59:37,470 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:37,471 INFO L93 Difference]: Finished difference Result 450 states and 701 transitions. [2022-02-20 17:59:37,471 INFO L276 IsEmpty]: Start isEmpty. Operand 450 states and 701 transitions. [2022-02-20 17:59:37,472 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:37,473 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:37,473 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:37,473 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:37,474 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 450 states, 356 states have (on average 1.5730337078651686) internal successors, (560), 359 states have internal predecessors, (560), 70 states have call successors, (70), 22 states have call predecessors, (70), 23 states have return successors, (71), 68 states have call predecessors, (71), 69 states have call successors, (71) [2022-02-20 17:59:37,495 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 450 states to 450 states and 701 transitions. [2022-02-20 17:59:37,495 INFO L78 Accepts]: Start accepts. Automaton has 450 states and 701 transitions. Word has length 109 [2022-02-20 17:59:37,495 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:37,496 INFO L470 AbstractCegarLoop]: Abstraction has 450 states and 701 transitions. [2022-02-20 17:59:37,496 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 17.5) internal successors, (70), 5 states have internal predecessors, (70), 3 states have call successors, (16), 2 states have call predecessors, (16), 3 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:59:37,496 INFO L276 IsEmpty]: Start isEmpty. Operand 450 states and 701 transitions. [2022-02-20 17:59:37,498 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 111 [2022-02-20 17:59:37,498 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:37,498 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:37,527 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Forceful destruction successful, exit code 0 [2022-02-20 17:59:37,711 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:37,711 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:37,712 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:37,712 INFO L85 PathProgramCache]: Analyzing trace with hash -467642792, now seen corresponding path program 1 times [2022-02-20 17:59:37,712 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:37,712 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1688237604] [2022-02-20 17:59:37,712 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:37,712 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:37,739 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:37,768 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:59:37,770 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:37,773 INFO L290 TraceCheckUtils]: 0: Hoare triple {11507#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11450#true} is VALID [2022-02-20 17:59:37,773 INFO L290 TraceCheckUtils]: 1: Hoare triple {11450#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11450#true} is VALID [2022-02-20 17:59:37,773 INFO L290 TraceCheckUtils]: 2: Hoare triple {11450#true} assume true; {11450#true} is VALID [2022-02-20 17:59:37,773 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11450#true} {11450#true} #1208#return; {11450#true} is VALID [2022-02-20 17:59:37,779 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:59:37,781 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:37,783 INFO L290 TraceCheckUtils]: 0: Hoare triple {11508#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11450#true} is VALID [2022-02-20 17:59:37,783 INFO L290 TraceCheckUtils]: 1: Hoare triple {11450#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11450#true} is VALID [2022-02-20 17:59:37,784 INFO L290 TraceCheckUtils]: 2: Hoare triple {11450#true} assume true; {11450#true} is VALID [2022-02-20 17:59:37,784 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11450#true} {11450#true} #1210#return; {11450#true} is VALID [2022-02-20 17:59:37,784 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:37,786 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:37,800 INFO L290 TraceCheckUtils]: 0: Hoare triple {11507#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11509#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:37,801 INFO L290 TraceCheckUtils]: 1: Hoare triple {11509#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {11509#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:37,801 INFO L290 TraceCheckUtils]: 2: Hoare triple {11509#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {11510#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:37,802 INFO L290 TraceCheckUtils]: 3: Hoare triple {11510#(= 2 |setClientId_#in~handle|)} assume true; {11510#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:37,802 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {11510#(= 2 |setClientId_#in~handle|)} {11460#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1212#return; {11466#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 17:59:37,802 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:59:37,805 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:37,823 INFO L290 TraceCheckUtils]: 0: Hoare triple {11508#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11511#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:37,823 INFO L290 TraceCheckUtils]: 1: Hoare triple {11511#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11512#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:59:37,824 INFO L290 TraceCheckUtils]: 2: Hoare triple {11512#(= |setClientPrivateKey_#in~handle| 1)} assume true; {11512#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:59:37,824 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11512#(= |setClientPrivateKey_#in~handle| 1)} {11466#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1214#return; {11451#false} is VALID [2022-02-20 17:59:37,824 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2022-02-20 17:59:37,827 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:37,829 INFO L290 TraceCheckUtils]: 0: Hoare triple {11507#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11450#true} is VALID [2022-02-20 17:59:37,829 INFO L290 TraceCheckUtils]: 1: Hoare triple {11450#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11450#true} is VALID [2022-02-20 17:59:37,830 INFO L290 TraceCheckUtils]: 2: Hoare triple {11450#true} assume true; {11450#true} is VALID [2022-02-20 17:59:37,830 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11450#true} {11451#false} #1216#return; {11451#false} is VALID [2022-02-20 17:59:37,830 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 37 [2022-02-20 17:59:37,832 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:37,834 INFO L290 TraceCheckUtils]: 0: Hoare triple {11508#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11450#true} is VALID [2022-02-20 17:59:37,834 INFO L290 TraceCheckUtils]: 1: Hoare triple {11450#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11450#true} is VALID [2022-02-20 17:59:37,834 INFO L290 TraceCheckUtils]: 2: Hoare triple {11450#true} assume true; {11450#true} is VALID [2022-02-20 17:59:37,834 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11450#true} {11451#false} #1218#return; {11451#false} is VALID [2022-02-20 17:59:37,842 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 56 [2022-02-20 17:59:37,844 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:37,846 INFO L290 TraceCheckUtils]: 0: Hoare triple {11513#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11450#true} is VALID [2022-02-20 17:59:37,846 INFO L290 TraceCheckUtils]: 1: Hoare triple {11450#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11450#true} is VALID [2022-02-20 17:59:37,846 INFO L290 TraceCheckUtils]: 2: Hoare triple {11450#true} assume true; {11450#true} is VALID [2022-02-20 17:59:37,846 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11450#true} {11451#false} #1166#return; {11451#false} is VALID [2022-02-20 17:59:37,855 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 17:59:37,856 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:37,862 INFO L290 TraceCheckUtils]: 0: Hoare triple {11514#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {11450#true} is VALID [2022-02-20 17:59:37,863 INFO L290 TraceCheckUtils]: 1: Hoare triple {11450#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {11450#true} is VALID [2022-02-20 17:59:37,863 INFO L290 TraceCheckUtils]: 2: Hoare triple {11450#true} assume true; {11450#true} is VALID [2022-02-20 17:59:37,863 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11450#true} {11451#false} #1168#return; {11451#false} is VALID [2022-02-20 17:59:37,863 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-02-20 17:59:37,865 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:37,867 INFO L290 TraceCheckUtils]: 0: Hoare triple {11450#true} ~handle := #in~handle;havoc ~retValue_acc~35; {11450#true} is VALID [2022-02-20 17:59:37,867 INFO L290 TraceCheckUtils]: 1: Hoare triple {11450#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {11450#true} is VALID [2022-02-20 17:59:37,867 INFO L290 TraceCheckUtils]: 2: Hoare triple {11450#true} assume true; {11450#true} is VALID [2022-02-20 17:59:37,867 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11450#true} {11451#false} #1146#return; {11451#false} is VALID [2022-02-20 17:59:37,867 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 17:59:37,868 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:37,871 INFO L290 TraceCheckUtils]: 0: Hoare triple {11450#true} ~handle := #in~handle;havoc ~retValue_acc~29; {11450#true} is VALID [2022-02-20 17:59:37,871 INFO L290 TraceCheckUtils]: 1: Hoare triple {11450#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {11450#true} is VALID [2022-02-20 17:59:37,872 INFO L290 TraceCheckUtils]: 2: Hoare triple {11450#true} assume true; {11450#true} is VALID [2022-02-20 17:59:37,872 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11450#true} {11451#false} #1148#return; {11451#false} is VALID [2022-02-20 17:59:37,872 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 89 [2022-02-20 17:59:37,873 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:37,875 INFO L290 TraceCheckUtils]: 0: Hoare triple {11513#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11450#true} is VALID [2022-02-20 17:59:37,875 INFO L290 TraceCheckUtils]: 1: Hoare triple {11450#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11450#true} is VALID [2022-02-20 17:59:37,876 INFO L290 TraceCheckUtils]: 2: Hoare triple {11450#true} assume true; {11450#true} is VALID [2022-02-20 17:59:37,876 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11450#true} {11451#false} #1172#return; {11451#false} is VALID [2022-02-20 17:59:37,876 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-02-20 17:59:37,877 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:37,879 INFO L290 TraceCheckUtils]: 0: Hoare triple {11450#true} ~handle := #in~handle;havoc ~retValue_acc~20; {11450#true} is VALID [2022-02-20 17:59:37,879 INFO L290 TraceCheckUtils]: 1: Hoare triple {11450#true} assume 1 == ~handle;~retValue_acc~20 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~20; {11450#true} is VALID [2022-02-20 17:59:37,880 INFO L290 TraceCheckUtils]: 2: Hoare triple {11450#true} assume true; {11450#true} is VALID [2022-02-20 17:59:37,880 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11450#true} {11451#false} #1174#return; {11451#false} is VALID [2022-02-20 17:59:37,880 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 17:59:37,881 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:37,883 INFO L290 TraceCheckUtils]: 0: Hoare triple {11450#true} ~handle := #in~handle;havoc ~retValue_acc~35; {11450#true} is VALID [2022-02-20 17:59:37,883 INFO L290 TraceCheckUtils]: 1: Hoare triple {11450#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {11450#true} is VALID [2022-02-20 17:59:37,883 INFO L290 TraceCheckUtils]: 2: Hoare triple {11450#true} assume true; {11450#true} is VALID [2022-02-20 17:59:37,883 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11450#true} {11451#false} #1176#return; {11451#false} is VALID [2022-02-20 17:59:37,884 INFO L290 TraceCheckUtils]: 0: Hoare triple {11450#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(16, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(34, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(20, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(13, 38);~head~0.base, ~head~0.offset := 0, 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {11450#true} is VALID [2022-02-20 17:59:37,884 INFO L290 TraceCheckUtils]: 1: Hoare triple {11450#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret72#1, main_~retValue_acc~23#1, main_~tmp~15#1;havoc main_~retValue_acc~23#1;havoc main_~tmp~15#1;assume { :begin_inline_select_helpers } true; {11450#true} is VALID [2022-02-20 17:59:37,884 INFO L290 TraceCheckUtils]: 2: Hoare triple {11450#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {11450#true} is VALID [2022-02-20 17:59:37,884 INFO L290 TraceCheckUtils]: 3: Hoare triple {11450#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~25#1;havoc valid_product_~retValue_acc~25#1;valid_product_~retValue_acc~25#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~25#1; {11450#true} is VALID [2022-02-20 17:59:37,884 INFO L290 TraceCheckUtils]: 4: Hoare triple {11450#true} main_#t~ret72#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret72#1 && main_#t~ret72#1 <= 2147483647;main_~tmp~15#1 := main_#t~ret72#1;havoc main_#t~ret72#1; {11450#true} is VALID [2022-02-20 17:59:37,885 INFO L290 TraceCheckUtils]: 5: Hoare triple {11450#true} assume 0 != main_~tmp~15#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet69#1, setup_#t~nondet70#1, setup_#t~nondet71#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {11450#true} is VALID [2022-02-20 17:59:37,885 INFO L272 TraceCheckUtils]: 6: Hoare triple {11450#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {11507#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:37,886 INFO L290 TraceCheckUtils]: 7: Hoare triple {11507#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11450#true} is VALID [2022-02-20 17:59:37,886 INFO L290 TraceCheckUtils]: 8: Hoare triple {11450#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11450#true} is VALID [2022-02-20 17:59:37,886 INFO L290 TraceCheckUtils]: 9: Hoare triple {11450#true} assume true; {11450#true} is VALID [2022-02-20 17:59:37,886 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {11450#true} {11450#true} #1208#return; {11450#true} is VALID [2022-02-20 17:59:37,886 INFO L290 TraceCheckUtils]: 11: Hoare triple {11450#true} assume { :end_inline_setup_bob__wrappee__Base } true; {11450#true} is VALID [2022-02-20 17:59:37,887 INFO L272 TraceCheckUtils]: 12: Hoare triple {11450#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {11508#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:37,887 INFO L290 TraceCheckUtils]: 13: Hoare triple {11508#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11450#true} is VALID [2022-02-20 17:59:37,887 INFO L290 TraceCheckUtils]: 14: Hoare triple {11450#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11450#true} is VALID [2022-02-20 17:59:37,887 INFO L290 TraceCheckUtils]: 15: Hoare triple {11450#true} assume true; {11450#true} is VALID [2022-02-20 17:59:37,888 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {11450#true} {11450#true} #1210#return; {11450#true} is VALID [2022-02-20 17:59:37,888 INFO L290 TraceCheckUtils]: 17: Hoare triple {11450#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet69#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {11460#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 17:59:37,889 INFO L272 TraceCheckUtils]: 18: Hoare triple {11460#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {11507#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:37,889 INFO L290 TraceCheckUtils]: 19: Hoare triple {11507#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11509#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:37,889 INFO L290 TraceCheckUtils]: 20: Hoare triple {11509#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {11509#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:37,890 INFO L290 TraceCheckUtils]: 21: Hoare triple {11509#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {11510#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:37,890 INFO L290 TraceCheckUtils]: 22: Hoare triple {11510#(= 2 |setClientId_#in~handle|)} assume true; {11510#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:37,891 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {11510#(= 2 |setClientId_#in~handle|)} {11460#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1212#return; {11466#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 17:59:37,891 INFO L290 TraceCheckUtils]: 24: Hoare triple {11466#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {11466#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 17:59:37,892 INFO L272 TraceCheckUtils]: 25: Hoare triple {11466#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {11508#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:37,892 INFO L290 TraceCheckUtils]: 26: Hoare triple {11508#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11511#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:37,893 INFO L290 TraceCheckUtils]: 27: Hoare triple {11511#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11512#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:59:37,893 INFO L290 TraceCheckUtils]: 28: Hoare triple {11512#(= |setClientPrivateKey_#in~handle| 1)} assume true; {11512#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:59:37,893 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {11512#(= |setClientPrivateKey_#in~handle| 1)} {11466#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1214#return; {11451#false} is VALID [2022-02-20 17:59:37,894 INFO L290 TraceCheckUtils]: 30: Hoare triple {11451#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 33, 0;havoc setup_#t~nondet70#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {11451#false} is VALID [2022-02-20 17:59:37,894 INFO L272 TraceCheckUtils]: 31: Hoare triple {11451#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {11507#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:37,894 INFO L290 TraceCheckUtils]: 32: Hoare triple {11507#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11450#true} is VALID [2022-02-20 17:59:37,894 INFO L290 TraceCheckUtils]: 33: Hoare triple {11450#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11450#true} is VALID [2022-02-20 17:59:37,894 INFO L290 TraceCheckUtils]: 34: Hoare triple {11450#true} assume true; {11450#true} is VALID [2022-02-20 17:59:37,894 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {11450#true} {11451#false} #1216#return; {11451#false} is VALID [2022-02-20 17:59:37,895 INFO L290 TraceCheckUtils]: 36: Hoare triple {11451#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {11451#false} is VALID [2022-02-20 17:59:37,895 INFO L272 TraceCheckUtils]: 37: Hoare triple {11451#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {11508#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:37,895 INFO L290 TraceCheckUtils]: 38: Hoare triple {11508#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11450#true} is VALID [2022-02-20 17:59:37,895 INFO L290 TraceCheckUtils]: 39: Hoare triple {11450#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11450#true} is VALID [2022-02-20 17:59:37,895 INFO L290 TraceCheckUtils]: 40: Hoare triple {11450#true} assume true; {11450#true} is VALID [2022-02-20 17:59:37,895 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {11450#true} {11451#false} #1218#return; {11451#false} is VALID [2022-02-20 17:59:37,896 INFO L290 TraceCheckUtils]: 42: Hoare triple {11451#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 34, 0;havoc setup_#t~nondet71#1; {11451#false} is VALID [2022-02-20 17:59:37,896 INFO L290 TraceCheckUtils]: 43: Hoare triple {11451#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {11451#false} is VALID [2022-02-20 17:59:37,896 INFO L290 TraceCheckUtils]: 44: Hoare triple {11451#false} assume !false; {11451#false} is VALID [2022-02-20 17:59:37,896 INFO L290 TraceCheckUtils]: 45: Hoare triple {11451#false} assume test_~splverifierCounter~0#1 < 4; {11451#false} is VALID [2022-02-20 17:59:37,896 INFO L290 TraceCheckUtils]: 46: Hoare triple {11451#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {11451#false} is VALID [2022-02-20 17:59:37,896 INFO L290 TraceCheckUtils]: 47: Hoare triple {11451#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet87#1 && test_#t~nondet87#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet87#1;havoc test_#t~nondet87#1; {11451#false} is VALID [2022-02-20 17:59:37,896 INFO L290 TraceCheckUtils]: 48: Hoare triple {11451#false} assume !(0 != test_~tmp___9~0#1); {11451#false} is VALID [2022-02-20 17:59:37,897 INFO L290 TraceCheckUtils]: 49: Hoare triple {11451#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet88#1 && test_#t~nondet88#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet88#1;havoc test_#t~nondet88#1; {11451#false} is VALID [2022-02-20 17:59:37,897 INFO L290 TraceCheckUtils]: 50: Hoare triple {11451#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {11451#false} is VALID [2022-02-20 17:59:37,897 INFO L290 TraceCheckUtils]: 51: Hoare triple {11451#false} assume !false; {11451#false} is VALID [2022-02-20 17:59:37,897 INFO L290 TraceCheckUtils]: 52: Hoare triple {11451#false} assume !(test_~splverifierCounter~0#1 < 4); {11451#false} is VALID [2022-02-20 17:59:37,897 INFO L290 TraceCheckUtils]: 53: Hoare triple {11451#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret64#1, bobToRjh_#t~ret65#1, bobToRjh_#t~ret66#1, bobToRjh_#t~ret67#1, bobToRjh_~tmp~14#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~14#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret64#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret64#1 && bobToRjh_#t~ret64#1 <= 2147483647;havoc bobToRjh_#t~ret64#1; {11451#false} is VALID [2022-02-20 17:59:37,897 INFO L272 TraceCheckUtils]: 54: Hoare triple {11451#false} call sendEmail(~bob~0, ~rjh~0); {11451#false} is VALID [2022-02-20 17:59:37,898 INFO L290 TraceCheckUtils]: 55: Hoare triple {11451#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~11#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~6#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~6#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {11451#false} is VALID [2022-02-20 17:59:37,898 INFO L272 TraceCheckUtils]: 56: Hoare triple {11451#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {11513#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:37,898 INFO L290 TraceCheckUtils]: 57: Hoare triple {11513#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11450#true} is VALID [2022-02-20 17:59:37,898 INFO L290 TraceCheckUtils]: 58: Hoare triple {11450#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11450#true} is VALID [2022-02-20 17:59:37,898 INFO L290 TraceCheckUtils]: 59: Hoare triple {11450#true} assume true; {11450#true} is VALID [2022-02-20 17:59:37,898 INFO L284 TraceCheckUtils]: 60: Hoare quadruple {11450#true} {11451#false} #1166#return; {11451#false} is VALID [2022-02-20 17:59:37,898 INFO L272 TraceCheckUtils]: 61: Hoare triple {11451#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {11514#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:37,899 INFO L290 TraceCheckUtils]: 62: Hoare triple {11514#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {11450#true} is VALID [2022-02-20 17:59:37,899 INFO L290 TraceCheckUtils]: 63: Hoare triple {11450#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {11450#true} is VALID [2022-02-20 17:59:37,899 INFO L290 TraceCheckUtils]: 64: Hoare triple {11450#true} assume true; {11450#true} is VALID [2022-02-20 17:59:37,899 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {11450#true} {11451#false} #1168#return; {11451#false} is VALID [2022-02-20 17:59:37,899 INFO L290 TraceCheckUtils]: 66: Hoare triple {11451#false} createEmail_~retValue_acc~6#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~6#1; {11451#false} is VALID [2022-02-20 17:59:37,899 INFO L290 TraceCheckUtils]: 67: Hoare triple {11451#false} #t~ret54#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret54#1 && #t~ret54#1 <= 2147483647;~tmp~11#1 := #t~ret54#1;havoc #t~ret54#1;~email~0#1 := ~tmp~11#1; {11451#false} is VALID [2022-02-20 17:59:37,900 INFO L272 TraceCheckUtils]: 68: Hoare triple {11451#false} call outgoing(~sender#1, ~email~0#1); {11451#false} is VALID [2022-02-20 17:59:37,900 INFO L290 TraceCheckUtils]: 69: Hoare triple {11451#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret56#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~12#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~12#1; {11451#false} is VALID [2022-02-20 17:59:37,900 INFO L272 TraceCheckUtils]: 70: Hoare triple {11451#false} call sign_#t~ret56#1 := getClientPrivateKey(sign_~client#1); {11450#true} is VALID [2022-02-20 17:59:37,900 INFO L290 TraceCheckUtils]: 71: Hoare triple {11450#true} ~handle := #in~handle;havoc ~retValue_acc~35; {11450#true} is VALID [2022-02-20 17:59:37,900 INFO L290 TraceCheckUtils]: 72: Hoare triple {11450#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {11450#true} is VALID [2022-02-20 17:59:37,900 INFO L290 TraceCheckUtils]: 73: Hoare triple {11450#true} assume true; {11450#true} is VALID [2022-02-20 17:59:37,901 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {11450#true} {11451#false} #1146#return; {11451#false} is VALID [2022-02-20 17:59:37,901 INFO L290 TraceCheckUtils]: 75: Hoare triple {11451#false} assume -2147483648 <= sign_#t~ret56#1 && sign_#t~ret56#1 <= 2147483647;sign_~tmp~12#1 := sign_#t~ret56#1;havoc sign_#t~ret56#1;sign_~privkey~0#1 := sign_~tmp~12#1; {11451#false} is VALID [2022-02-20 17:59:37,901 INFO L290 TraceCheckUtils]: 76: Hoare triple {11451#false} assume 0 == sign_~privkey~0#1; {11451#false} is VALID [2022-02-20 17:59:37,901 INFO L290 TraceCheckUtils]: 77: Hoare triple {11451#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret45#1, outgoing__wrappee__AddressBook_#t~ret46#1, outgoing__wrappee__AddressBook_#t~ret47#1, outgoing__wrappee__AddressBook_#t~ret48#1, outgoing__wrappee__AddressBook_#t~ret49#1, outgoing__wrappee__AddressBook_#t~ret50#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~8#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~2#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~1#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~8#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~2#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~1#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {11451#false} is VALID [2022-02-20 17:59:37,901 INFO L272 TraceCheckUtils]: 78: Hoare triple {11451#false} call outgoing__wrappee__AddressBook_#t~ret45#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {11450#true} is VALID [2022-02-20 17:59:37,901 INFO L290 TraceCheckUtils]: 79: Hoare triple {11450#true} ~handle := #in~handle;havoc ~retValue_acc~29; {11450#true} is VALID [2022-02-20 17:59:37,901 INFO L290 TraceCheckUtils]: 80: Hoare triple {11450#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {11450#true} is VALID [2022-02-20 17:59:37,902 INFO L290 TraceCheckUtils]: 81: Hoare triple {11450#true} assume true; {11450#true} is VALID [2022-02-20 17:59:37,902 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {11450#true} {11451#false} #1148#return; {11451#false} is VALID [2022-02-20 17:59:37,902 INFO L290 TraceCheckUtils]: 83: Hoare triple {11451#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret45#1 && outgoing__wrappee__AddressBook_#t~ret45#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~8#1 := outgoing__wrappee__AddressBook_#t~ret45#1;havoc outgoing__wrappee__AddressBook_#t~ret45#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~8#1; {11451#false} is VALID [2022-02-20 17:59:37,902 INFO L290 TraceCheckUtils]: 84: Hoare triple {11451#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {11451#false} is VALID [2022-02-20 17:59:37,902 INFO L272 TraceCheckUtils]: 85: Hoare triple {11451#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {11451#false} is VALID [2022-02-20 17:59:37,902 INFO L290 TraceCheckUtils]: 86: Hoare triple {11451#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {11451#false} is VALID [2022-02-20 17:59:37,903 INFO L290 TraceCheckUtils]: 87: Hoare triple {11451#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {11451#false} is VALID [2022-02-20 17:59:37,903 INFO L290 TraceCheckUtils]: 88: Hoare triple {11451#false} #t~ret44#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret44#1 && #t~ret44#1 <= 2147483647;~tmp~7#1 := #t~ret44#1;havoc #t~ret44#1; {11451#false} is VALID [2022-02-20 17:59:37,903 INFO L272 TraceCheckUtils]: 89: Hoare triple {11451#false} call setEmailFrom(~msg#1, ~tmp~7#1); {11513#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:37,903 INFO L290 TraceCheckUtils]: 90: Hoare triple {11513#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11450#true} is VALID [2022-02-20 17:59:37,903 INFO L290 TraceCheckUtils]: 91: Hoare triple {11450#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11450#true} is VALID [2022-02-20 17:59:37,903 INFO L290 TraceCheckUtils]: 92: Hoare triple {11450#true} assume true; {11450#true} is VALID [2022-02-20 17:59:37,904 INFO L284 TraceCheckUtils]: 93: Hoare quadruple {11450#true} {11451#false} #1172#return; {11451#false} is VALID [2022-02-20 17:59:37,904 INFO L290 TraceCheckUtils]: 94: Hoare triple {11451#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret42#1, mail_#t~ret43#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret84#1, __utac_acc__SignForward_spec__1_#t~ret85#1, __utac_acc__SignForward_spec__1_#t~ret86#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~17#1, __utac_acc__SignForward_spec__1_~tmp___0~6#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~17#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~6#1;call __utac_acc__SignForward_spec__1_#t~ret84#1 := puts(38, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret84#1 && __utac_acc__SignForward_spec__1_#t~ret84#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret84#1; {11451#false} is VALID [2022-02-20 17:59:37,904 INFO L272 TraceCheckUtils]: 95: Hoare triple {11451#false} call __utac_acc__SignForward_spec__1_#t~ret85#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {11450#true} is VALID [2022-02-20 17:59:37,904 INFO L290 TraceCheckUtils]: 96: Hoare triple {11450#true} ~handle := #in~handle;havoc ~retValue_acc~20; {11450#true} is VALID [2022-02-20 17:59:37,904 INFO L290 TraceCheckUtils]: 97: Hoare triple {11450#true} assume 1 == ~handle;~retValue_acc~20 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~20; {11450#true} is VALID [2022-02-20 17:59:37,904 INFO L290 TraceCheckUtils]: 98: Hoare triple {11450#true} assume true; {11450#true} is VALID [2022-02-20 17:59:37,905 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {11450#true} {11451#false} #1174#return; {11451#false} is VALID [2022-02-20 17:59:37,905 INFO L290 TraceCheckUtils]: 100: Hoare triple {11451#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret85#1 && __utac_acc__SignForward_spec__1_#t~ret85#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~6#1 := __utac_acc__SignForward_spec__1_#t~ret85#1;havoc __utac_acc__SignForward_spec__1_#t~ret85#1; {11451#false} is VALID [2022-02-20 17:59:37,905 INFO L290 TraceCheckUtils]: 101: Hoare triple {11451#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~6#1; {11451#false} is VALID [2022-02-20 17:59:37,905 INFO L272 TraceCheckUtils]: 102: Hoare triple {11451#false} call __utac_acc__SignForward_spec__1_#t~ret86#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {11450#true} is VALID [2022-02-20 17:59:37,905 INFO L290 TraceCheckUtils]: 103: Hoare triple {11450#true} ~handle := #in~handle;havoc ~retValue_acc~35; {11450#true} is VALID [2022-02-20 17:59:37,905 INFO L290 TraceCheckUtils]: 104: Hoare triple {11450#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {11450#true} is VALID [2022-02-20 17:59:37,905 INFO L290 TraceCheckUtils]: 105: Hoare triple {11450#true} assume true; {11450#true} is VALID [2022-02-20 17:59:37,906 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {11450#true} {11451#false} #1176#return; {11451#false} is VALID [2022-02-20 17:59:37,906 INFO L290 TraceCheckUtils]: 107: Hoare triple {11451#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret86#1 && __utac_acc__SignForward_spec__1_#t~ret86#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~17#1 := __utac_acc__SignForward_spec__1_#t~ret86#1;havoc __utac_acc__SignForward_spec__1_#t~ret86#1; {11451#false} is VALID [2022-02-20 17:59:37,906 INFO L290 TraceCheckUtils]: 108: Hoare triple {11451#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~17#1;assume { :begin_inline___automaton_fail } true; {11451#false} is VALID [2022-02-20 17:59:37,906 INFO L290 TraceCheckUtils]: 109: Hoare triple {11451#false} assume !false; {11451#false} is VALID [2022-02-20 17:59:37,906 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 17:59:37,907 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:37,907 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1688237604] [2022-02-20 17:59:37,907 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1688237604] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:59:37,907 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [529102568] [2022-02-20 17:59:37,907 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:37,908 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:37,908 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:59:37,912 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:59:37,937 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Waiting until timeout for monitored process [2022-02-20 17:59:38,149 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:38,152 INFO L263 TraceCheckSpWp]: Trace formula consists of 1061 conjuncts, 6 conjunts are in the unsatisfiable core [2022-02-20 17:59:38,203 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:38,206 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:59:38,476 INFO L290 TraceCheckUtils]: 0: Hoare triple {11450#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(16, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(34, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(20, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(13, 38);~head~0.base, ~head~0.offset := 0, 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {11450#true} is VALID [2022-02-20 17:59:38,476 INFO L290 TraceCheckUtils]: 1: Hoare triple {11450#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret72#1, main_~retValue_acc~23#1, main_~tmp~15#1;havoc main_~retValue_acc~23#1;havoc main_~tmp~15#1;assume { :begin_inline_select_helpers } true; {11450#true} is VALID [2022-02-20 17:59:38,476 INFO L290 TraceCheckUtils]: 2: Hoare triple {11450#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {11450#true} is VALID [2022-02-20 17:59:38,476 INFO L290 TraceCheckUtils]: 3: Hoare triple {11450#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~25#1;havoc valid_product_~retValue_acc~25#1;valid_product_~retValue_acc~25#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~25#1; {11450#true} is VALID [2022-02-20 17:59:38,476 INFO L290 TraceCheckUtils]: 4: Hoare triple {11450#true} main_#t~ret72#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret72#1 && main_#t~ret72#1 <= 2147483647;main_~tmp~15#1 := main_#t~ret72#1;havoc main_#t~ret72#1; {11450#true} is VALID [2022-02-20 17:59:38,476 INFO L290 TraceCheckUtils]: 5: Hoare triple {11450#true} assume 0 != main_~tmp~15#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet69#1, setup_#t~nondet70#1, setup_#t~nondet71#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {11450#true} is VALID [2022-02-20 17:59:38,476 INFO L272 TraceCheckUtils]: 6: Hoare triple {11450#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {11450#true} is VALID [2022-02-20 17:59:38,476 INFO L290 TraceCheckUtils]: 7: Hoare triple {11450#true} ~handle := #in~handle;~value := #in~value; {11450#true} is VALID [2022-02-20 17:59:38,476 INFO L290 TraceCheckUtils]: 8: Hoare triple {11450#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11450#true} is VALID [2022-02-20 17:59:38,476 INFO L290 TraceCheckUtils]: 9: Hoare triple {11450#true} assume true; {11450#true} is VALID [2022-02-20 17:59:38,476 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {11450#true} {11450#true} #1208#return; {11450#true} is VALID [2022-02-20 17:59:38,476 INFO L290 TraceCheckUtils]: 11: Hoare triple {11450#true} assume { :end_inline_setup_bob__wrappee__Base } true; {11450#true} is VALID [2022-02-20 17:59:38,477 INFO L272 TraceCheckUtils]: 12: Hoare triple {11450#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {11450#true} is VALID [2022-02-20 17:59:38,477 INFO L290 TraceCheckUtils]: 13: Hoare triple {11450#true} ~handle := #in~handle;~value := #in~value; {11450#true} is VALID [2022-02-20 17:59:38,477 INFO L290 TraceCheckUtils]: 14: Hoare triple {11450#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11450#true} is VALID [2022-02-20 17:59:38,477 INFO L290 TraceCheckUtils]: 15: Hoare triple {11450#true} assume true; {11450#true} is VALID [2022-02-20 17:59:38,477 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {11450#true} {11450#true} #1210#return; {11450#true} is VALID [2022-02-20 17:59:38,477 INFO L290 TraceCheckUtils]: 17: Hoare triple {11450#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet69#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {11569#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:59:38,477 INFO L272 TraceCheckUtils]: 18: Hoare triple {11569#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {11450#true} is VALID [2022-02-20 17:59:38,477 INFO L290 TraceCheckUtils]: 19: Hoare triple {11450#true} ~handle := #in~handle;~value := #in~value; {11450#true} is VALID [2022-02-20 17:59:38,478 INFO L290 TraceCheckUtils]: 20: Hoare triple {11450#true} assume !(1 == ~handle); {11450#true} is VALID [2022-02-20 17:59:38,478 INFO L290 TraceCheckUtils]: 21: Hoare triple {11450#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {11450#true} is VALID [2022-02-20 17:59:38,478 INFO L290 TraceCheckUtils]: 22: Hoare triple {11450#true} assume true; {11450#true} is VALID [2022-02-20 17:59:38,478 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {11450#true} {11569#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1212#return; {11569#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:59:38,478 INFO L290 TraceCheckUtils]: 24: Hoare triple {11569#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume { :end_inline_setup_rjh__wrappee__Base } true; {11569#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:59:38,478 INFO L272 TraceCheckUtils]: 25: Hoare triple {11569#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {11450#true} is VALID [2022-02-20 17:59:38,479 INFO L290 TraceCheckUtils]: 26: Hoare triple {11450#true} ~handle := #in~handle;~value := #in~value; {11597#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} is VALID [2022-02-20 17:59:38,479 INFO L290 TraceCheckUtils]: 27: Hoare triple {11597#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11601#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:59:38,479 INFO L290 TraceCheckUtils]: 28: Hoare triple {11601#(<= |setClientPrivateKey_#in~handle| 1)} assume true; {11601#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:59:38,480 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {11601#(<= |setClientPrivateKey_#in~handle| 1)} {11569#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1214#return; {11451#false} is VALID [2022-02-20 17:59:38,480 INFO L290 TraceCheckUtils]: 30: Hoare triple {11451#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 33, 0;havoc setup_#t~nondet70#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {11451#false} is VALID [2022-02-20 17:59:38,480 INFO L272 TraceCheckUtils]: 31: Hoare triple {11451#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {11451#false} is VALID [2022-02-20 17:59:38,480 INFO L290 TraceCheckUtils]: 32: Hoare triple {11451#false} ~handle := #in~handle;~value := #in~value; {11451#false} is VALID [2022-02-20 17:59:38,480 INFO L290 TraceCheckUtils]: 33: Hoare triple {11451#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11451#false} is VALID [2022-02-20 17:59:38,480 INFO L290 TraceCheckUtils]: 34: Hoare triple {11451#false} assume true; {11451#false} is VALID [2022-02-20 17:59:38,480 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {11451#false} {11451#false} #1216#return; {11451#false} is VALID [2022-02-20 17:59:38,481 INFO L290 TraceCheckUtils]: 36: Hoare triple {11451#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {11451#false} is VALID [2022-02-20 17:59:38,481 INFO L272 TraceCheckUtils]: 37: Hoare triple {11451#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {11451#false} is VALID [2022-02-20 17:59:38,481 INFO L290 TraceCheckUtils]: 38: Hoare triple {11451#false} ~handle := #in~handle;~value := #in~value; {11451#false} is VALID [2022-02-20 17:59:38,481 INFO L290 TraceCheckUtils]: 39: Hoare triple {11451#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11451#false} is VALID [2022-02-20 17:59:38,481 INFO L290 TraceCheckUtils]: 40: Hoare triple {11451#false} assume true; {11451#false} is VALID [2022-02-20 17:59:38,481 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {11451#false} {11451#false} #1218#return; {11451#false} is VALID [2022-02-20 17:59:38,481 INFO L290 TraceCheckUtils]: 42: Hoare triple {11451#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 34, 0;havoc setup_#t~nondet71#1; {11451#false} is VALID [2022-02-20 17:59:38,481 INFO L290 TraceCheckUtils]: 43: Hoare triple {11451#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {11451#false} is VALID [2022-02-20 17:59:38,481 INFO L290 TraceCheckUtils]: 44: Hoare triple {11451#false} assume !false; {11451#false} is VALID [2022-02-20 17:59:38,481 INFO L290 TraceCheckUtils]: 45: Hoare triple {11451#false} assume test_~splverifierCounter~0#1 < 4; {11451#false} is VALID [2022-02-20 17:59:38,481 INFO L290 TraceCheckUtils]: 46: Hoare triple {11451#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {11451#false} is VALID [2022-02-20 17:59:38,481 INFO L290 TraceCheckUtils]: 47: Hoare triple {11451#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet87#1 && test_#t~nondet87#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet87#1;havoc test_#t~nondet87#1; {11451#false} is VALID [2022-02-20 17:59:38,481 INFO L290 TraceCheckUtils]: 48: Hoare triple {11451#false} assume !(0 != test_~tmp___9~0#1); {11451#false} is VALID [2022-02-20 17:59:38,481 INFO L290 TraceCheckUtils]: 49: Hoare triple {11451#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet88#1 && test_#t~nondet88#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet88#1;havoc test_#t~nondet88#1; {11451#false} is VALID [2022-02-20 17:59:38,482 INFO L290 TraceCheckUtils]: 50: Hoare triple {11451#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {11451#false} is VALID [2022-02-20 17:59:38,482 INFO L290 TraceCheckUtils]: 51: Hoare triple {11451#false} assume !false; {11451#false} is VALID [2022-02-20 17:59:38,482 INFO L290 TraceCheckUtils]: 52: Hoare triple {11451#false} assume !(test_~splverifierCounter~0#1 < 4); {11451#false} is VALID [2022-02-20 17:59:38,482 INFO L290 TraceCheckUtils]: 53: Hoare triple {11451#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret64#1, bobToRjh_#t~ret65#1, bobToRjh_#t~ret66#1, bobToRjh_#t~ret67#1, bobToRjh_~tmp~14#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~14#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret64#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret64#1 && bobToRjh_#t~ret64#1 <= 2147483647;havoc bobToRjh_#t~ret64#1; {11451#false} is VALID [2022-02-20 17:59:38,482 INFO L272 TraceCheckUtils]: 54: Hoare triple {11451#false} call sendEmail(~bob~0, ~rjh~0); {11451#false} is VALID [2022-02-20 17:59:38,482 INFO L290 TraceCheckUtils]: 55: Hoare triple {11451#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~11#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~6#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~6#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {11451#false} is VALID [2022-02-20 17:59:38,482 INFO L272 TraceCheckUtils]: 56: Hoare triple {11451#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {11451#false} is VALID [2022-02-20 17:59:38,482 INFO L290 TraceCheckUtils]: 57: Hoare triple {11451#false} ~handle := #in~handle;~value := #in~value; {11451#false} is VALID [2022-02-20 17:59:38,482 INFO L290 TraceCheckUtils]: 58: Hoare triple {11451#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11451#false} is VALID [2022-02-20 17:59:38,482 INFO L290 TraceCheckUtils]: 59: Hoare triple {11451#false} assume true; {11451#false} is VALID [2022-02-20 17:59:38,482 INFO L284 TraceCheckUtils]: 60: Hoare quadruple {11451#false} {11451#false} #1166#return; {11451#false} is VALID [2022-02-20 17:59:38,483 INFO L272 TraceCheckUtils]: 61: Hoare triple {11451#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {11451#false} is VALID [2022-02-20 17:59:38,483 INFO L290 TraceCheckUtils]: 62: Hoare triple {11451#false} ~handle := #in~handle;~value := #in~value; {11451#false} is VALID [2022-02-20 17:59:38,483 INFO L290 TraceCheckUtils]: 63: Hoare triple {11451#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {11451#false} is VALID [2022-02-20 17:59:38,483 INFO L290 TraceCheckUtils]: 64: Hoare triple {11451#false} assume true; {11451#false} is VALID [2022-02-20 17:59:38,483 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {11451#false} {11451#false} #1168#return; {11451#false} is VALID [2022-02-20 17:59:38,483 INFO L290 TraceCheckUtils]: 66: Hoare triple {11451#false} createEmail_~retValue_acc~6#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~6#1; {11451#false} is VALID [2022-02-20 17:59:38,484 INFO L290 TraceCheckUtils]: 67: Hoare triple {11451#false} #t~ret54#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret54#1 && #t~ret54#1 <= 2147483647;~tmp~11#1 := #t~ret54#1;havoc #t~ret54#1;~email~0#1 := ~tmp~11#1; {11451#false} is VALID [2022-02-20 17:59:38,484 INFO L272 TraceCheckUtils]: 68: Hoare triple {11451#false} call outgoing(~sender#1, ~email~0#1); {11451#false} is VALID [2022-02-20 17:59:38,484 INFO L290 TraceCheckUtils]: 69: Hoare triple {11451#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret56#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~12#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~12#1; {11451#false} is VALID [2022-02-20 17:59:38,484 INFO L272 TraceCheckUtils]: 70: Hoare triple {11451#false} call sign_#t~ret56#1 := getClientPrivateKey(sign_~client#1); {11451#false} is VALID [2022-02-20 17:59:38,484 INFO L290 TraceCheckUtils]: 71: Hoare triple {11451#false} ~handle := #in~handle;havoc ~retValue_acc~35; {11451#false} is VALID [2022-02-20 17:59:38,484 INFO L290 TraceCheckUtils]: 72: Hoare triple {11451#false} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {11451#false} is VALID [2022-02-20 17:59:38,484 INFO L290 TraceCheckUtils]: 73: Hoare triple {11451#false} assume true; {11451#false} is VALID [2022-02-20 17:59:38,485 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {11451#false} {11451#false} #1146#return; {11451#false} is VALID [2022-02-20 17:59:38,485 INFO L290 TraceCheckUtils]: 75: Hoare triple {11451#false} assume -2147483648 <= sign_#t~ret56#1 && sign_#t~ret56#1 <= 2147483647;sign_~tmp~12#1 := sign_#t~ret56#1;havoc sign_#t~ret56#1;sign_~privkey~0#1 := sign_~tmp~12#1; {11451#false} is VALID [2022-02-20 17:59:38,485 INFO L290 TraceCheckUtils]: 76: Hoare triple {11451#false} assume 0 == sign_~privkey~0#1; {11451#false} is VALID [2022-02-20 17:59:38,485 INFO L290 TraceCheckUtils]: 77: Hoare triple {11451#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret45#1, outgoing__wrappee__AddressBook_#t~ret46#1, outgoing__wrappee__AddressBook_#t~ret47#1, outgoing__wrappee__AddressBook_#t~ret48#1, outgoing__wrappee__AddressBook_#t~ret49#1, outgoing__wrappee__AddressBook_#t~ret50#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~8#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~2#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~1#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~8#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~2#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~1#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {11451#false} is VALID [2022-02-20 17:59:38,485 INFO L272 TraceCheckUtils]: 78: Hoare triple {11451#false} call outgoing__wrappee__AddressBook_#t~ret45#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {11451#false} is VALID [2022-02-20 17:59:38,485 INFO L290 TraceCheckUtils]: 79: Hoare triple {11451#false} ~handle := #in~handle;havoc ~retValue_acc~29; {11451#false} is VALID [2022-02-20 17:59:38,485 INFO L290 TraceCheckUtils]: 80: Hoare triple {11451#false} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {11451#false} is VALID [2022-02-20 17:59:38,486 INFO L290 TraceCheckUtils]: 81: Hoare triple {11451#false} assume true; {11451#false} is VALID [2022-02-20 17:59:38,486 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {11451#false} {11451#false} #1148#return; {11451#false} is VALID [2022-02-20 17:59:38,486 INFO L290 TraceCheckUtils]: 83: Hoare triple {11451#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret45#1 && outgoing__wrappee__AddressBook_#t~ret45#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~8#1 := outgoing__wrappee__AddressBook_#t~ret45#1;havoc outgoing__wrappee__AddressBook_#t~ret45#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~8#1; {11451#false} is VALID [2022-02-20 17:59:38,486 INFO L290 TraceCheckUtils]: 84: Hoare triple {11451#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {11451#false} is VALID [2022-02-20 17:59:38,486 INFO L272 TraceCheckUtils]: 85: Hoare triple {11451#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {11451#false} is VALID [2022-02-20 17:59:38,486 INFO L290 TraceCheckUtils]: 86: Hoare triple {11451#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {11451#false} is VALID [2022-02-20 17:59:38,486 INFO L290 TraceCheckUtils]: 87: Hoare triple {11451#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {11451#false} is VALID [2022-02-20 17:59:38,487 INFO L290 TraceCheckUtils]: 88: Hoare triple {11451#false} #t~ret44#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret44#1 && #t~ret44#1 <= 2147483647;~tmp~7#1 := #t~ret44#1;havoc #t~ret44#1; {11451#false} is VALID [2022-02-20 17:59:38,487 INFO L272 TraceCheckUtils]: 89: Hoare triple {11451#false} call setEmailFrom(~msg#1, ~tmp~7#1); {11451#false} is VALID [2022-02-20 17:59:38,487 INFO L290 TraceCheckUtils]: 90: Hoare triple {11451#false} ~handle := #in~handle;~value := #in~value; {11451#false} is VALID [2022-02-20 17:59:38,487 INFO L290 TraceCheckUtils]: 91: Hoare triple {11451#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11451#false} is VALID [2022-02-20 17:59:38,487 INFO L290 TraceCheckUtils]: 92: Hoare triple {11451#false} assume true; {11451#false} is VALID [2022-02-20 17:59:38,487 INFO L284 TraceCheckUtils]: 93: Hoare quadruple {11451#false} {11451#false} #1172#return; {11451#false} is VALID [2022-02-20 17:59:38,488 INFO L290 TraceCheckUtils]: 94: Hoare triple {11451#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret42#1, mail_#t~ret43#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret84#1, __utac_acc__SignForward_spec__1_#t~ret85#1, __utac_acc__SignForward_spec__1_#t~ret86#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~17#1, __utac_acc__SignForward_spec__1_~tmp___0~6#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~17#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~6#1;call __utac_acc__SignForward_spec__1_#t~ret84#1 := puts(38, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret84#1 && __utac_acc__SignForward_spec__1_#t~ret84#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret84#1; {11451#false} is VALID [2022-02-20 17:59:38,488 INFO L272 TraceCheckUtils]: 95: Hoare triple {11451#false} call __utac_acc__SignForward_spec__1_#t~ret85#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {11451#false} is VALID [2022-02-20 17:59:38,488 INFO L290 TraceCheckUtils]: 96: Hoare triple {11451#false} ~handle := #in~handle;havoc ~retValue_acc~20; {11451#false} is VALID [2022-02-20 17:59:38,488 INFO L290 TraceCheckUtils]: 97: Hoare triple {11451#false} assume 1 == ~handle;~retValue_acc~20 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~20; {11451#false} is VALID [2022-02-20 17:59:38,488 INFO L290 TraceCheckUtils]: 98: Hoare triple {11451#false} assume true; {11451#false} is VALID [2022-02-20 17:59:38,488 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {11451#false} {11451#false} #1174#return; {11451#false} is VALID [2022-02-20 17:59:38,488 INFO L290 TraceCheckUtils]: 100: Hoare triple {11451#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret85#1 && __utac_acc__SignForward_spec__1_#t~ret85#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~6#1 := __utac_acc__SignForward_spec__1_#t~ret85#1;havoc __utac_acc__SignForward_spec__1_#t~ret85#1; {11451#false} is VALID [2022-02-20 17:59:38,489 INFO L290 TraceCheckUtils]: 101: Hoare triple {11451#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~6#1; {11451#false} is VALID [2022-02-20 17:59:38,489 INFO L272 TraceCheckUtils]: 102: Hoare triple {11451#false} call __utac_acc__SignForward_spec__1_#t~ret86#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {11451#false} is VALID [2022-02-20 17:59:38,489 INFO L290 TraceCheckUtils]: 103: Hoare triple {11451#false} ~handle := #in~handle;havoc ~retValue_acc~35; {11451#false} is VALID [2022-02-20 17:59:38,489 INFO L290 TraceCheckUtils]: 104: Hoare triple {11451#false} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {11451#false} is VALID [2022-02-20 17:59:38,489 INFO L290 TraceCheckUtils]: 105: Hoare triple {11451#false} assume true; {11451#false} is VALID [2022-02-20 17:59:38,489 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {11451#false} {11451#false} #1176#return; {11451#false} is VALID [2022-02-20 17:59:38,489 INFO L290 TraceCheckUtils]: 107: Hoare triple {11451#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret86#1 && __utac_acc__SignForward_spec__1_#t~ret86#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~17#1 := __utac_acc__SignForward_spec__1_#t~ret86#1;havoc __utac_acc__SignForward_spec__1_#t~ret86#1; {11451#false} is VALID [2022-02-20 17:59:38,490 INFO L290 TraceCheckUtils]: 108: Hoare triple {11451#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~17#1;assume { :begin_inline___automaton_fail } true; {11451#false} is VALID [2022-02-20 17:59:38,490 INFO L290 TraceCheckUtils]: 109: Hoare triple {11451#false} assume !false; {11451#false} is VALID [2022-02-20 17:59:38,490 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 15 trivial. 0 not checked. [2022-02-20 17:59:38,490 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:59:38,490 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [529102568] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:38,490 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:59:38,490 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [12] total 15 [2022-02-20 17:59:38,490 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1900996529] [2022-02-20 17:59:38,491 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:38,491 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 14.4) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (16), 2 states have call predecessors, (16), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) Word has length 110 [2022-02-20 17:59:38,491 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:38,492 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 14.4) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (16), 2 states have call predecessors, (16), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:59:38,564 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 101 edges. 101 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:38,564 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 17:59:38,564 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:38,564 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 17:59:38,565 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=30, Invalid=180, Unknown=0, NotChecked=0, Total=210 [2022-02-20 17:59:38,565 INFO L87 Difference]: Start difference. First operand 450 states and 701 transitions. Second operand has 5 states, 5 states have (on average 14.4) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (16), 2 states have call predecessors, (16), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:59:39,616 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:39,617 INFO L93 Difference]: Finished difference Result 889 states and 1391 transitions. [2022-02-20 17:59:39,617 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 17:59:39,617 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 14.4) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (16), 2 states have call predecessors, (16), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) Word has length 110 [2022-02-20 17:59:39,617 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:39,618 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 14.4) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (16), 2 states have call predecessors, (16), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:59:39,628 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1147 transitions. [2022-02-20 17:59:39,629 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 14.4) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (16), 2 states have call predecessors, (16), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:59:39,639 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1147 transitions. [2022-02-20 17:59:39,639 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1147 transitions. [2022-02-20 17:59:40,407 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1147 edges. 1147 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:40,425 INFO L225 Difference]: With dead ends: 889 [2022-02-20 17:59:40,425 INFO L226 Difference]: Without dead ends: 452 [2022-02-20 17:59:40,427 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 142 GetRequests, 128 SyntacticMatches, 0 SemanticMatches, 14 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=34, Invalid=206, Unknown=0, NotChecked=0, Total=240 [2022-02-20 17:59:40,428 INFO L933 BasicCegarLoop]: 568 mSDtfsCounter, 151 mSDsluCounter, 1527 mSDsCounter, 0 mSdLazyCounter, 45 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 174 SdHoareTripleChecker+Valid, 2095 SdHoareTripleChecker+Invalid, 45 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 45 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:40,428 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [174 Valid, 2095 Invalid, 45 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 45 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:59:40,429 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 452 states. [2022-02-20 17:59:40,530 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 452 to 452. [2022-02-20 17:59:40,530 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:40,533 INFO L82 GeneralOperation]: Start isEquivalent. First operand 452 states. Second operand has 452 states, 357 states have (on average 1.5714285714285714) internal successors, (561), 361 states have internal predecessors, (561), 70 states have call successors, (70), 22 states have call predecessors, (70), 24 states have return successors, (76), 68 states have call predecessors, (76), 69 states have call successors, (76) [2022-02-20 17:59:40,534 INFO L74 IsIncluded]: Start isIncluded. First operand 452 states. Second operand has 452 states, 357 states have (on average 1.5714285714285714) internal successors, (561), 361 states have internal predecessors, (561), 70 states have call successors, (70), 22 states have call predecessors, (70), 24 states have return successors, (76), 68 states have call predecessors, (76), 69 states have call successors, (76) [2022-02-20 17:59:40,535 INFO L87 Difference]: Start difference. First operand 452 states. Second operand has 452 states, 357 states have (on average 1.5714285714285714) internal successors, (561), 361 states have internal predecessors, (561), 70 states have call successors, (70), 22 states have call predecessors, (70), 24 states have return successors, (76), 68 states have call predecessors, (76), 69 states have call successors, (76) [2022-02-20 17:59:40,552 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:40,553 INFO L93 Difference]: Finished difference Result 452 states and 707 transitions. [2022-02-20 17:59:40,553 INFO L276 IsEmpty]: Start isEmpty. Operand 452 states and 707 transitions. [2022-02-20 17:59:40,555 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:40,555 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:40,556 INFO L74 IsIncluded]: Start isIncluded. First operand has 452 states, 357 states have (on average 1.5714285714285714) internal successors, (561), 361 states have internal predecessors, (561), 70 states have call successors, (70), 22 states have call predecessors, (70), 24 states have return successors, (76), 68 states have call predecessors, (76), 69 states have call successors, (76) Second operand 452 states. [2022-02-20 17:59:40,558 INFO L87 Difference]: Start difference. First operand has 452 states, 357 states have (on average 1.5714285714285714) internal successors, (561), 361 states have internal predecessors, (561), 70 states have call successors, (70), 22 states have call predecessors, (70), 24 states have return successors, (76), 68 states have call predecessors, (76), 69 states have call successors, (76) Second operand 452 states. [2022-02-20 17:59:40,578 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:40,578 INFO L93 Difference]: Finished difference Result 452 states and 707 transitions. [2022-02-20 17:59:40,578 INFO L276 IsEmpty]: Start isEmpty. Operand 452 states and 707 transitions. [2022-02-20 17:59:40,580 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:40,580 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:40,580 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:40,580 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:40,582 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 452 states, 357 states have (on average 1.5714285714285714) internal successors, (561), 361 states have internal predecessors, (561), 70 states have call successors, (70), 22 states have call predecessors, (70), 24 states have return successors, (76), 68 states have call predecessors, (76), 69 states have call successors, (76) [2022-02-20 17:59:40,601 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 452 states to 452 states and 707 transitions. [2022-02-20 17:59:40,602 INFO L78 Accepts]: Start accepts. Automaton has 452 states and 707 transitions. Word has length 110 [2022-02-20 17:59:40,603 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:40,605 INFO L470 AbstractCegarLoop]: Abstraction has 452 states and 707 transitions. [2022-02-20 17:59:40,606 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 14.4) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (16), 2 states have call predecessors, (16), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:59:40,606 INFO L276 IsEmpty]: Start isEmpty. Operand 452 states and 707 transitions. [2022-02-20 17:59:40,609 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 112 [2022-02-20 17:59:40,609 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:40,610 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:40,638 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Forceful destruction successful, exit code 0 [2022-02-20 17:59:40,823 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4,6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:40,823 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:40,824 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:40,824 INFO L85 PathProgramCache]: Analyzing trace with hash 423544596, now seen corresponding path program 1 times [2022-02-20 17:59:40,824 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:40,824 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1292780340] [2022-02-20 17:59:40,824 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:40,824 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:40,856 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:40,897 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:59:40,899 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:40,901 INFO L290 TraceCheckUtils]: 0: Hoare triple {14669#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14612#true} is VALID [2022-02-20 17:59:40,901 INFO L290 TraceCheckUtils]: 1: Hoare triple {14612#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {14612#true} is VALID [2022-02-20 17:59:40,901 INFO L290 TraceCheckUtils]: 2: Hoare triple {14612#true} assume true; {14612#true} is VALID [2022-02-20 17:59:40,901 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14612#true} {14612#true} #1208#return; {14612#true} is VALID [2022-02-20 17:59:40,907 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:59:40,909 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:40,911 INFO L290 TraceCheckUtils]: 0: Hoare triple {14670#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14612#true} is VALID [2022-02-20 17:59:40,911 INFO L290 TraceCheckUtils]: 1: Hoare triple {14612#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14612#true} is VALID [2022-02-20 17:59:40,912 INFO L290 TraceCheckUtils]: 2: Hoare triple {14612#true} assume true; {14612#true} is VALID [2022-02-20 17:59:40,912 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14612#true} {14612#true} #1210#return; {14612#true} is VALID [2022-02-20 17:59:40,912 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:40,913 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:40,915 INFO L290 TraceCheckUtils]: 0: Hoare triple {14669#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14612#true} is VALID [2022-02-20 17:59:40,916 INFO L290 TraceCheckUtils]: 1: Hoare triple {14612#true} assume !(1 == ~handle); {14612#true} is VALID [2022-02-20 17:59:40,916 INFO L290 TraceCheckUtils]: 2: Hoare triple {14612#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {14612#true} is VALID [2022-02-20 17:59:40,916 INFO L290 TraceCheckUtils]: 3: Hoare triple {14612#true} assume true; {14612#true} is VALID [2022-02-20 17:59:40,916 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {14612#true} {14612#true} #1212#return; {14612#true} is VALID [2022-02-20 17:59:40,916 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:59:40,918 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:40,920 INFO L290 TraceCheckUtils]: 0: Hoare triple {14670#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14612#true} is VALID [2022-02-20 17:59:40,920 INFO L290 TraceCheckUtils]: 1: Hoare triple {14612#true} assume !(1 == ~handle); {14612#true} is VALID [2022-02-20 17:59:40,920 INFO L290 TraceCheckUtils]: 2: Hoare triple {14612#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {14612#true} is VALID [2022-02-20 17:59:40,920 INFO L290 TraceCheckUtils]: 3: Hoare triple {14612#true} assume true; {14612#true} is VALID [2022-02-20 17:59:40,921 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {14612#true} {14612#true} #1214#return; {14612#true} is VALID [2022-02-20 17:59:40,921 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:59:40,923 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:40,936 INFO L290 TraceCheckUtils]: 0: Hoare triple {14669#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14671#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:40,937 INFO L290 TraceCheckUtils]: 1: Hoare triple {14671#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {14672#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:40,937 INFO L290 TraceCheckUtils]: 2: Hoare triple {14672#(= |setClientId_#in~handle| 1)} assume true; {14672#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:40,938 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14672#(= |setClientId_#in~handle| 1)} {14632#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1216#return; {14613#false} is VALID [2022-02-20 17:59:40,938 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:59:40,940 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:40,942 INFO L290 TraceCheckUtils]: 0: Hoare triple {14670#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14612#true} is VALID [2022-02-20 17:59:40,942 INFO L290 TraceCheckUtils]: 1: Hoare triple {14612#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14612#true} is VALID [2022-02-20 17:59:40,942 INFO L290 TraceCheckUtils]: 2: Hoare triple {14612#true} assume true; {14612#true} is VALID [2022-02-20 17:59:40,942 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14612#true} {14613#false} #1218#return; {14613#false} is VALID [2022-02-20 17:59:40,949 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 17:59:40,950 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:40,952 INFO L290 TraceCheckUtils]: 0: Hoare triple {14673#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {14612#true} is VALID [2022-02-20 17:59:40,952 INFO L290 TraceCheckUtils]: 1: Hoare triple {14612#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {14612#true} is VALID [2022-02-20 17:59:40,952 INFO L290 TraceCheckUtils]: 2: Hoare triple {14612#true} assume true; {14612#true} is VALID [2022-02-20 17:59:40,953 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14612#true} {14613#false} #1166#return; {14613#false} is VALID [2022-02-20 17:59:40,960 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 17:59:40,961 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:40,963 INFO L290 TraceCheckUtils]: 0: Hoare triple {14674#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {14612#true} is VALID [2022-02-20 17:59:40,963 INFO L290 TraceCheckUtils]: 1: Hoare triple {14612#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {14612#true} is VALID [2022-02-20 17:59:40,963 INFO L290 TraceCheckUtils]: 2: Hoare triple {14612#true} assume true; {14612#true} is VALID [2022-02-20 17:59:40,963 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14612#true} {14613#false} #1168#return; {14613#false} is VALID [2022-02-20 17:59:40,963 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 71 [2022-02-20 17:59:40,964 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:40,966 INFO L290 TraceCheckUtils]: 0: Hoare triple {14612#true} ~handle := #in~handle;havoc ~retValue_acc~35; {14612#true} is VALID [2022-02-20 17:59:40,966 INFO L290 TraceCheckUtils]: 1: Hoare triple {14612#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {14612#true} is VALID [2022-02-20 17:59:40,966 INFO L290 TraceCheckUtils]: 2: Hoare triple {14612#true} assume true; {14612#true} is VALID [2022-02-20 17:59:40,966 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14612#true} {14613#false} #1146#return; {14613#false} is VALID [2022-02-20 17:59:40,966 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 17:59:40,967 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:40,969 INFO L290 TraceCheckUtils]: 0: Hoare triple {14612#true} ~handle := #in~handle;havoc ~retValue_acc~29; {14612#true} is VALID [2022-02-20 17:59:40,969 INFO L290 TraceCheckUtils]: 1: Hoare triple {14612#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {14612#true} is VALID [2022-02-20 17:59:40,969 INFO L290 TraceCheckUtils]: 2: Hoare triple {14612#true} assume true; {14612#true} is VALID [2022-02-20 17:59:40,969 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14612#true} {14613#false} #1148#return; {14613#false} is VALID [2022-02-20 17:59:40,970 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90 [2022-02-20 17:59:40,970 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:40,972 INFO L290 TraceCheckUtils]: 0: Hoare triple {14673#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {14612#true} is VALID [2022-02-20 17:59:40,972 INFO L290 TraceCheckUtils]: 1: Hoare triple {14612#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {14612#true} is VALID [2022-02-20 17:59:40,973 INFO L290 TraceCheckUtils]: 2: Hoare triple {14612#true} assume true; {14612#true} is VALID [2022-02-20 17:59:40,973 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14612#true} {14613#false} #1172#return; {14613#false} is VALID [2022-02-20 17:59:40,973 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 17:59:40,974 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:40,976 INFO L290 TraceCheckUtils]: 0: Hoare triple {14612#true} ~handle := #in~handle;havoc ~retValue_acc~20; {14612#true} is VALID [2022-02-20 17:59:40,976 INFO L290 TraceCheckUtils]: 1: Hoare triple {14612#true} assume 1 == ~handle;~retValue_acc~20 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~20; {14612#true} is VALID [2022-02-20 17:59:40,976 INFO L290 TraceCheckUtils]: 2: Hoare triple {14612#true} assume true; {14612#true} is VALID [2022-02-20 17:59:40,976 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14612#true} {14613#false} #1174#return; {14613#false} is VALID [2022-02-20 17:59:40,976 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-02-20 17:59:40,977 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:40,978 INFO L290 TraceCheckUtils]: 0: Hoare triple {14612#true} ~handle := #in~handle;havoc ~retValue_acc~35; {14612#true} is VALID [2022-02-20 17:59:40,979 INFO L290 TraceCheckUtils]: 1: Hoare triple {14612#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {14612#true} is VALID [2022-02-20 17:59:40,979 INFO L290 TraceCheckUtils]: 2: Hoare triple {14612#true} assume true; {14612#true} is VALID [2022-02-20 17:59:40,979 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14612#true} {14613#false} #1176#return; {14613#false} is VALID [2022-02-20 17:59:40,979 INFO L290 TraceCheckUtils]: 0: Hoare triple {14612#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(16, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(34, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(20, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(13, 38);~head~0.base, ~head~0.offset := 0, 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {14612#true} is VALID [2022-02-20 17:59:40,979 INFO L290 TraceCheckUtils]: 1: Hoare triple {14612#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret72#1, main_~retValue_acc~23#1, main_~tmp~15#1;havoc main_~retValue_acc~23#1;havoc main_~tmp~15#1;assume { :begin_inline_select_helpers } true; {14612#true} is VALID [2022-02-20 17:59:40,979 INFO L290 TraceCheckUtils]: 2: Hoare triple {14612#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {14612#true} is VALID [2022-02-20 17:59:40,980 INFO L290 TraceCheckUtils]: 3: Hoare triple {14612#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~25#1;havoc valid_product_~retValue_acc~25#1;valid_product_~retValue_acc~25#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~25#1; {14612#true} is VALID [2022-02-20 17:59:40,980 INFO L290 TraceCheckUtils]: 4: Hoare triple {14612#true} main_#t~ret72#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret72#1 && main_#t~ret72#1 <= 2147483647;main_~tmp~15#1 := main_#t~ret72#1;havoc main_#t~ret72#1; {14612#true} is VALID [2022-02-20 17:59:40,980 INFO L290 TraceCheckUtils]: 5: Hoare triple {14612#true} assume 0 != main_~tmp~15#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet69#1, setup_#t~nondet70#1, setup_#t~nondet71#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {14612#true} is VALID [2022-02-20 17:59:40,981 INFO L272 TraceCheckUtils]: 6: Hoare triple {14612#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {14669#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:40,981 INFO L290 TraceCheckUtils]: 7: Hoare triple {14669#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14612#true} is VALID [2022-02-20 17:59:40,981 INFO L290 TraceCheckUtils]: 8: Hoare triple {14612#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {14612#true} is VALID [2022-02-20 17:59:40,981 INFO L290 TraceCheckUtils]: 9: Hoare triple {14612#true} assume true; {14612#true} is VALID [2022-02-20 17:59:40,981 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {14612#true} {14612#true} #1208#return; {14612#true} is VALID [2022-02-20 17:59:40,981 INFO L290 TraceCheckUtils]: 11: Hoare triple {14612#true} assume { :end_inline_setup_bob__wrappee__Base } true; {14612#true} is VALID [2022-02-20 17:59:40,982 INFO L272 TraceCheckUtils]: 12: Hoare triple {14612#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {14670#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:40,982 INFO L290 TraceCheckUtils]: 13: Hoare triple {14670#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14612#true} is VALID [2022-02-20 17:59:40,982 INFO L290 TraceCheckUtils]: 14: Hoare triple {14612#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14612#true} is VALID [2022-02-20 17:59:40,982 INFO L290 TraceCheckUtils]: 15: Hoare triple {14612#true} assume true; {14612#true} is VALID [2022-02-20 17:59:40,983 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {14612#true} {14612#true} #1210#return; {14612#true} is VALID [2022-02-20 17:59:40,983 INFO L290 TraceCheckUtils]: 17: Hoare triple {14612#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet69#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {14612#true} is VALID [2022-02-20 17:59:40,983 INFO L272 TraceCheckUtils]: 18: Hoare triple {14612#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {14669#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:40,983 INFO L290 TraceCheckUtils]: 19: Hoare triple {14669#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14612#true} is VALID [2022-02-20 17:59:40,984 INFO L290 TraceCheckUtils]: 20: Hoare triple {14612#true} assume !(1 == ~handle); {14612#true} is VALID [2022-02-20 17:59:40,984 INFO L290 TraceCheckUtils]: 21: Hoare triple {14612#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {14612#true} is VALID [2022-02-20 17:59:40,984 INFO L290 TraceCheckUtils]: 22: Hoare triple {14612#true} assume true; {14612#true} is VALID [2022-02-20 17:59:40,984 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {14612#true} {14612#true} #1212#return; {14612#true} is VALID [2022-02-20 17:59:40,984 INFO L290 TraceCheckUtils]: 24: Hoare triple {14612#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {14612#true} is VALID [2022-02-20 17:59:40,985 INFO L272 TraceCheckUtils]: 25: Hoare triple {14612#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {14670#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:40,985 INFO L290 TraceCheckUtils]: 26: Hoare triple {14670#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14612#true} is VALID [2022-02-20 17:59:40,985 INFO L290 TraceCheckUtils]: 27: Hoare triple {14612#true} assume !(1 == ~handle); {14612#true} is VALID [2022-02-20 17:59:40,985 INFO L290 TraceCheckUtils]: 28: Hoare triple {14612#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {14612#true} is VALID [2022-02-20 17:59:40,985 INFO L290 TraceCheckUtils]: 29: Hoare triple {14612#true} assume true; {14612#true} is VALID [2022-02-20 17:59:40,986 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {14612#true} {14612#true} #1214#return; {14612#true} is VALID [2022-02-20 17:59:40,986 INFO L290 TraceCheckUtils]: 31: Hoare triple {14612#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 33, 0;havoc setup_#t~nondet70#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {14632#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:59:40,987 INFO L272 TraceCheckUtils]: 32: Hoare triple {14632#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {14669#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:40,987 INFO L290 TraceCheckUtils]: 33: Hoare triple {14669#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14671#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:40,987 INFO L290 TraceCheckUtils]: 34: Hoare triple {14671#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {14672#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:40,988 INFO L290 TraceCheckUtils]: 35: Hoare triple {14672#(= |setClientId_#in~handle| 1)} assume true; {14672#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:40,988 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {14672#(= |setClientId_#in~handle| 1)} {14632#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1216#return; {14613#false} is VALID [2022-02-20 17:59:40,989 INFO L290 TraceCheckUtils]: 37: Hoare triple {14613#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {14613#false} is VALID [2022-02-20 17:59:40,989 INFO L272 TraceCheckUtils]: 38: Hoare triple {14613#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {14670#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:40,989 INFO L290 TraceCheckUtils]: 39: Hoare triple {14670#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14612#true} is VALID [2022-02-20 17:59:40,989 INFO L290 TraceCheckUtils]: 40: Hoare triple {14612#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14612#true} is VALID [2022-02-20 17:59:40,989 INFO L290 TraceCheckUtils]: 41: Hoare triple {14612#true} assume true; {14612#true} is VALID [2022-02-20 17:59:40,989 INFO L284 TraceCheckUtils]: 42: Hoare quadruple {14612#true} {14613#false} #1218#return; {14613#false} is VALID [2022-02-20 17:59:40,989 INFO L290 TraceCheckUtils]: 43: Hoare triple {14613#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 34, 0;havoc setup_#t~nondet71#1; {14613#false} is VALID [2022-02-20 17:59:40,990 INFO L290 TraceCheckUtils]: 44: Hoare triple {14613#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {14613#false} is VALID [2022-02-20 17:59:40,990 INFO L290 TraceCheckUtils]: 45: Hoare triple {14613#false} assume !false; {14613#false} is VALID [2022-02-20 17:59:40,990 INFO L290 TraceCheckUtils]: 46: Hoare triple {14613#false} assume test_~splverifierCounter~0#1 < 4; {14613#false} is VALID [2022-02-20 17:59:40,990 INFO L290 TraceCheckUtils]: 47: Hoare triple {14613#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {14613#false} is VALID [2022-02-20 17:59:40,990 INFO L290 TraceCheckUtils]: 48: Hoare triple {14613#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet87#1 && test_#t~nondet87#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet87#1;havoc test_#t~nondet87#1; {14613#false} is VALID [2022-02-20 17:59:40,990 INFO L290 TraceCheckUtils]: 49: Hoare triple {14613#false} assume !(0 != test_~tmp___9~0#1); {14613#false} is VALID [2022-02-20 17:59:40,990 INFO L290 TraceCheckUtils]: 50: Hoare triple {14613#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet88#1 && test_#t~nondet88#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet88#1;havoc test_#t~nondet88#1; {14613#false} is VALID [2022-02-20 17:59:40,990 INFO L290 TraceCheckUtils]: 51: Hoare triple {14613#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {14613#false} is VALID [2022-02-20 17:59:40,991 INFO L290 TraceCheckUtils]: 52: Hoare triple {14613#false} assume !false; {14613#false} is VALID [2022-02-20 17:59:40,991 INFO L290 TraceCheckUtils]: 53: Hoare triple {14613#false} assume !(test_~splverifierCounter~0#1 < 4); {14613#false} is VALID [2022-02-20 17:59:40,991 INFO L290 TraceCheckUtils]: 54: Hoare triple {14613#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret64#1, bobToRjh_#t~ret65#1, bobToRjh_#t~ret66#1, bobToRjh_#t~ret67#1, bobToRjh_~tmp~14#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~14#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret64#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret64#1 && bobToRjh_#t~ret64#1 <= 2147483647;havoc bobToRjh_#t~ret64#1; {14613#false} is VALID [2022-02-20 17:59:40,991 INFO L272 TraceCheckUtils]: 55: Hoare triple {14613#false} call sendEmail(~bob~0, ~rjh~0); {14613#false} is VALID [2022-02-20 17:59:40,991 INFO L290 TraceCheckUtils]: 56: Hoare triple {14613#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~11#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~6#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~6#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {14613#false} is VALID [2022-02-20 17:59:40,991 INFO L272 TraceCheckUtils]: 57: Hoare triple {14613#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {14673#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:40,991 INFO L290 TraceCheckUtils]: 58: Hoare triple {14673#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {14612#true} is VALID [2022-02-20 17:59:40,992 INFO L290 TraceCheckUtils]: 59: Hoare triple {14612#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {14612#true} is VALID [2022-02-20 17:59:40,992 INFO L290 TraceCheckUtils]: 60: Hoare triple {14612#true} assume true; {14612#true} is VALID [2022-02-20 17:59:40,992 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {14612#true} {14613#false} #1166#return; {14613#false} is VALID [2022-02-20 17:59:40,992 INFO L272 TraceCheckUtils]: 62: Hoare triple {14613#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {14674#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:40,992 INFO L290 TraceCheckUtils]: 63: Hoare triple {14674#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {14612#true} is VALID [2022-02-20 17:59:40,992 INFO L290 TraceCheckUtils]: 64: Hoare triple {14612#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {14612#true} is VALID [2022-02-20 17:59:40,992 INFO L290 TraceCheckUtils]: 65: Hoare triple {14612#true} assume true; {14612#true} is VALID [2022-02-20 17:59:40,993 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {14612#true} {14613#false} #1168#return; {14613#false} is VALID [2022-02-20 17:59:40,993 INFO L290 TraceCheckUtils]: 67: Hoare triple {14613#false} createEmail_~retValue_acc~6#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~6#1; {14613#false} is VALID [2022-02-20 17:59:40,993 INFO L290 TraceCheckUtils]: 68: Hoare triple {14613#false} #t~ret54#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret54#1 && #t~ret54#1 <= 2147483647;~tmp~11#1 := #t~ret54#1;havoc #t~ret54#1;~email~0#1 := ~tmp~11#1; {14613#false} is VALID [2022-02-20 17:59:40,993 INFO L272 TraceCheckUtils]: 69: Hoare triple {14613#false} call outgoing(~sender#1, ~email~0#1); {14613#false} is VALID [2022-02-20 17:59:40,993 INFO L290 TraceCheckUtils]: 70: Hoare triple {14613#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret56#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~12#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~12#1; {14613#false} is VALID [2022-02-20 17:59:40,993 INFO L272 TraceCheckUtils]: 71: Hoare triple {14613#false} call sign_#t~ret56#1 := getClientPrivateKey(sign_~client#1); {14612#true} is VALID [2022-02-20 17:59:40,993 INFO L290 TraceCheckUtils]: 72: Hoare triple {14612#true} ~handle := #in~handle;havoc ~retValue_acc~35; {14612#true} is VALID [2022-02-20 17:59:40,994 INFO L290 TraceCheckUtils]: 73: Hoare triple {14612#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {14612#true} is VALID [2022-02-20 17:59:40,994 INFO L290 TraceCheckUtils]: 74: Hoare triple {14612#true} assume true; {14612#true} is VALID [2022-02-20 17:59:40,994 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {14612#true} {14613#false} #1146#return; {14613#false} is VALID [2022-02-20 17:59:40,994 INFO L290 TraceCheckUtils]: 76: Hoare triple {14613#false} assume -2147483648 <= sign_#t~ret56#1 && sign_#t~ret56#1 <= 2147483647;sign_~tmp~12#1 := sign_#t~ret56#1;havoc sign_#t~ret56#1;sign_~privkey~0#1 := sign_~tmp~12#1; {14613#false} is VALID [2022-02-20 17:59:40,994 INFO L290 TraceCheckUtils]: 77: Hoare triple {14613#false} assume 0 == sign_~privkey~0#1; {14613#false} is VALID [2022-02-20 17:59:40,994 INFO L290 TraceCheckUtils]: 78: Hoare triple {14613#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret45#1, outgoing__wrappee__AddressBook_#t~ret46#1, outgoing__wrappee__AddressBook_#t~ret47#1, outgoing__wrappee__AddressBook_#t~ret48#1, outgoing__wrappee__AddressBook_#t~ret49#1, outgoing__wrappee__AddressBook_#t~ret50#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~8#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~2#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~1#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~8#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~2#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~1#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {14613#false} is VALID [2022-02-20 17:59:40,995 INFO L272 TraceCheckUtils]: 79: Hoare triple {14613#false} call outgoing__wrappee__AddressBook_#t~ret45#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {14612#true} is VALID [2022-02-20 17:59:40,995 INFO L290 TraceCheckUtils]: 80: Hoare triple {14612#true} ~handle := #in~handle;havoc ~retValue_acc~29; {14612#true} is VALID [2022-02-20 17:59:40,995 INFO L290 TraceCheckUtils]: 81: Hoare triple {14612#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {14612#true} is VALID [2022-02-20 17:59:40,995 INFO L290 TraceCheckUtils]: 82: Hoare triple {14612#true} assume true; {14612#true} is VALID [2022-02-20 17:59:40,995 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {14612#true} {14613#false} #1148#return; {14613#false} is VALID [2022-02-20 17:59:40,995 INFO L290 TraceCheckUtils]: 84: Hoare triple {14613#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret45#1 && outgoing__wrappee__AddressBook_#t~ret45#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~8#1 := outgoing__wrappee__AddressBook_#t~ret45#1;havoc outgoing__wrappee__AddressBook_#t~ret45#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~8#1; {14613#false} is VALID [2022-02-20 17:59:40,995 INFO L290 TraceCheckUtils]: 85: Hoare triple {14613#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {14613#false} is VALID [2022-02-20 17:59:40,996 INFO L272 TraceCheckUtils]: 86: Hoare triple {14613#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {14613#false} is VALID [2022-02-20 17:59:40,996 INFO L290 TraceCheckUtils]: 87: Hoare triple {14613#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {14613#false} is VALID [2022-02-20 17:59:40,996 INFO L290 TraceCheckUtils]: 88: Hoare triple {14613#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {14613#false} is VALID [2022-02-20 17:59:40,996 INFO L290 TraceCheckUtils]: 89: Hoare triple {14613#false} #t~ret44#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret44#1 && #t~ret44#1 <= 2147483647;~tmp~7#1 := #t~ret44#1;havoc #t~ret44#1; {14613#false} is VALID [2022-02-20 17:59:40,996 INFO L272 TraceCheckUtils]: 90: Hoare triple {14613#false} call setEmailFrom(~msg#1, ~tmp~7#1); {14673#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:40,996 INFO L290 TraceCheckUtils]: 91: Hoare triple {14673#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {14612#true} is VALID [2022-02-20 17:59:40,996 INFO L290 TraceCheckUtils]: 92: Hoare triple {14612#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {14612#true} is VALID [2022-02-20 17:59:40,997 INFO L290 TraceCheckUtils]: 93: Hoare triple {14612#true} assume true; {14612#true} is VALID [2022-02-20 17:59:40,997 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {14612#true} {14613#false} #1172#return; {14613#false} is VALID [2022-02-20 17:59:40,997 INFO L290 TraceCheckUtils]: 95: Hoare triple {14613#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret42#1, mail_#t~ret43#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret84#1, __utac_acc__SignForward_spec__1_#t~ret85#1, __utac_acc__SignForward_spec__1_#t~ret86#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~17#1, __utac_acc__SignForward_spec__1_~tmp___0~6#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~17#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~6#1;call __utac_acc__SignForward_spec__1_#t~ret84#1 := puts(38, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret84#1 && __utac_acc__SignForward_spec__1_#t~ret84#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret84#1; {14613#false} is VALID [2022-02-20 17:59:40,997 INFO L272 TraceCheckUtils]: 96: Hoare triple {14613#false} call __utac_acc__SignForward_spec__1_#t~ret85#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {14612#true} is VALID [2022-02-20 17:59:40,997 INFO L290 TraceCheckUtils]: 97: Hoare triple {14612#true} ~handle := #in~handle;havoc ~retValue_acc~20; {14612#true} is VALID [2022-02-20 17:59:40,997 INFO L290 TraceCheckUtils]: 98: Hoare triple {14612#true} assume 1 == ~handle;~retValue_acc~20 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~20; {14612#true} is VALID [2022-02-20 17:59:40,997 INFO L290 TraceCheckUtils]: 99: Hoare triple {14612#true} assume true; {14612#true} is VALID [2022-02-20 17:59:40,998 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {14612#true} {14613#false} #1174#return; {14613#false} is VALID [2022-02-20 17:59:40,998 INFO L290 TraceCheckUtils]: 101: Hoare triple {14613#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret85#1 && __utac_acc__SignForward_spec__1_#t~ret85#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~6#1 := __utac_acc__SignForward_spec__1_#t~ret85#1;havoc __utac_acc__SignForward_spec__1_#t~ret85#1; {14613#false} is VALID [2022-02-20 17:59:40,998 INFO L290 TraceCheckUtils]: 102: Hoare triple {14613#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~6#1; {14613#false} is VALID [2022-02-20 17:59:40,998 INFO L272 TraceCheckUtils]: 103: Hoare triple {14613#false} call __utac_acc__SignForward_spec__1_#t~ret86#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {14612#true} is VALID [2022-02-20 17:59:40,998 INFO L290 TraceCheckUtils]: 104: Hoare triple {14612#true} ~handle := #in~handle;havoc ~retValue_acc~35; {14612#true} is VALID [2022-02-20 17:59:40,998 INFO L290 TraceCheckUtils]: 105: Hoare triple {14612#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {14612#true} is VALID [2022-02-20 17:59:40,998 INFO L290 TraceCheckUtils]: 106: Hoare triple {14612#true} assume true; {14612#true} is VALID [2022-02-20 17:59:40,999 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {14612#true} {14613#false} #1176#return; {14613#false} is VALID [2022-02-20 17:59:40,999 INFO L290 TraceCheckUtils]: 108: Hoare triple {14613#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret86#1 && __utac_acc__SignForward_spec__1_#t~ret86#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~17#1 := __utac_acc__SignForward_spec__1_#t~ret86#1;havoc __utac_acc__SignForward_spec__1_#t~ret86#1; {14613#false} is VALID [2022-02-20 17:59:40,999 INFO L290 TraceCheckUtils]: 109: Hoare triple {14613#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~17#1;assume { :begin_inline___automaton_fail } true; {14613#false} is VALID [2022-02-20 17:59:40,999 INFO L290 TraceCheckUtils]: 110: Hoare triple {14613#false} assume !false; {14613#false} is VALID [2022-02-20 17:59:40,999 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 17:59:41,000 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:41,000 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1292780340] [2022-02-20 17:59:41,000 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1292780340] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:41,001 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:59:41,001 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 17:59:41,001 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1742749454] [2022-02-20 17:59:41,001 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:41,002 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 8.5) internal successors, (68), 5 states have internal predecessors, (68), 3 states have call successors, (16), 6 states have call predecessors, (16), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) Word has length 111 [2022-02-20 17:59:41,002 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:41,002 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 8.5) internal successors, (68), 5 states have internal predecessors, (68), 3 states have call successors, (16), 6 states have call predecessors, (16), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:59:41,080 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 97 edges. 97 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:41,081 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 17:59:41,081 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:41,081 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 17:59:41,082 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:59:41,082 INFO L87 Difference]: Start difference. First operand 452 states and 707 transitions. Second operand has 9 states, 8 states have (on average 8.5) internal successors, (68), 5 states have internal predecessors, (68), 3 states have call successors, (16), 6 states have call predecessors, (16), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:59:49,070 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:49,070 INFO L93 Difference]: Finished difference Result 1059 states and 1677 transitions. [2022-02-20 17:59:49,070 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 17:59:49,070 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 8.5) internal successors, (68), 5 states have internal predecessors, (68), 3 states have call successors, (16), 6 states have call predecessors, (16), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) Word has length 111 [2022-02-20 17:59:49,071 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:49,072 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 8.5) internal successors, (68), 5 states have internal predecessors, (68), 3 states have call successors, (16), 6 states have call predecessors, (16), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:59:49,097 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1425 transitions. [2022-02-20 17:59:49,098 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 8.5) internal successors, (68), 5 states have internal predecessors, (68), 3 states have call successors, (16), 6 states have call predecessors, (16), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:59:49,115 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1425 transitions. [2022-02-20 17:59:49,115 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1425 transitions. [2022-02-20 17:59:50,376 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1425 edges. 1425 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:50,408 INFO L225 Difference]: With dead ends: 1059 [2022-02-20 17:59:50,409 INFO L226 Difference]: Without dead ends: 630 [2022-02-20 17:59:50,411 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 44 GetRequests, 29 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 31 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 17:59:50,411 INFO L933 BasicCegarLoop]: 712 mSDtfsCounter, 1421 mSDsluCounter, 986 mSDsCounter, 0 mSdLazyCounter, 2440 mSolverCounterSat, 514 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.5s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1442 SdHoareTripleChecker+Valid, 1698 SdHoareTripleChecker+Invalid, 2954 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 514 IncrementalHoareTripleChecker+Valid, 2440 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.6s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:50,412 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1442 Valid, 1698 Invalid, 2954 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [514 Valid, 2440 Invalid, 0 Unknown, 0 Unchecked, 3.6s Time] [2022-02-20 17:59:50,413 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 630 states. [2022-02-20 17:59:50,514 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 630 to 452. [2022-02-20 17:59:50,515 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:50,516 INFO L82 GeneralOperation]: Start isEquivalent. First operand 630 states. Second operand has 452 states, 357 states have (on average 1.5714285714285714) internal successors, (561), 361 states have internal predecessors, (561), 70 states have call successors, (70), 22 states have call predecessors, (70), 24 states have return successors, (75), 68 states have call predecessors, (75), 69 states have call successors, (75) [2022-02-20 17:59:50,517 INFO L74 IsIncluded]: Start isIncluded. First operand 630 states. Second operand has 452 states, 357 states have (on average 1.5714285714285714) internal successors, (561), 361 states have internal predecessors, (561), 70 states have call successors, (70), 22 states have call predecessors, (70), 24 states have return successors, (75), 68 states have call predecessors, (75), 69 states have call successors, (75) [2022-02-20 17:59:50,518 INFO L87 Difference]: Start difference. First operand 630 states. Second operand has 452 states, 357 states have (on average 1.5714285714285714) internal successors, (561), 361 states have internal predecessors, (561), 70 states have call successors, (70), 22 states have call predecessors, (70), 24 states have return successors, (75), 68 states have call predecessors, (75), 69 states have call successors, (75) [2022-02-20 17:59:50,548 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:50,549 INFO L93 Difference]: Finished difference Result 630 states and 1001 transitions. [2022-02-20 17:59:50,549 INFO L276 IsEmpty]: Start isEmpty. Operand 630 states and 1001 transitions. [2022-02-20 17:59:50,553 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:50,553 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:50,555 INFO L74 IsIncluded]: Start isIncluded. First operand has 452 states, 357 states have (on average 1.5714285714285714) internal successors, (561), 361 states have internal predecessors, (561), 70 states have call successors, (70), 22 states have call predecessors, (70), 24 states have return successors, (75), 68 states have call predecessors, (75), 69 states have call successors, (75) Second operand 630 states. [2022-02-20 17:59:50,556 INFO L87 Difference]: Start difference. First operand has 452 states, 357 states have (on average 1.5714285714285714) internal successors, (561), 361 states have internal predecessors, (561), 70 states have call successors, (70), 22 states have call predecessors, (70), 24 states have return successors, (75), 68 states have call predecessors, (75), 69 states have call successors, (75) Second operand 630 states. [2022-02-20 17:59:50,586 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:50,587 INFO L93 Difference]: Finished difference Result 630 states and 1001 transitions. [2022-02-20 17:59:50,587 INFO L276 IsEmpty]: Start isEmpty. Operand 630 states and 1001 transitions. [2022-02-20 17:59:50,591 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:50,591 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:50,591 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:50,592 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:50,593 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 452 states, 357 states have (on average 1.5714285714285714) internal successors, (561), 361 states have internal predecessors, (561), 70 states have call successors, (70), 22 states have call predecessors, (70), 24 states have return successors, (75), 68 states have call predecessors, (75), 69 states have call successors, (75) [2022-02-20 17:59:50,615 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 452 states to 452 states and 706 transitions. [2022-02-20 17:59:50,615 INFO L78 Accepts]: Start accepts. Automaton has 452 states and 706 transitions. Word has length 111 [2022-02-20 17:59:50,615 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:50,615 INFO L470 AbstractCegarLoop]: Abstraction has 452 states and 706 transitions. [2022-02-20 17:59:50,616 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 8.5) internal successors, (68), 5 states have internal predecessors, (68), 3 states have call successors, (16), 6 states have call predecessors, (16), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:59:50,616 INFO L276 IsEmpty]: Start isEmpty. Operand 452 states and 706 transitions. [2022-02-20 17:59:50,618 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 113 [2022-02-20 17:59:50,618 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:50,618 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:50,618 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 17:59:50,618 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:50,619 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:50,619 INFO L85 PathProgramCache]: Analyzing trace with hash -834371797, now seen corresponding path program 2 times [2022-02-20 17:59:50,619 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:50,619 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1089184134] [2022-02-20 17:59:50,619 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:50,620 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:50,649 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:50,729 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:59:50,731 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:50,733 INFO L290 TraceCheckUtils]: 0: Hoare triple {18124#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18066#true} is VALID [2022-02-20 17:59:50,733 INFO L290 TraceCheckUtils]: 1: Hoare triple {18066#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {18066#true} is VALID [2022-02-20 17:59:50,733 INFO L290 TraceCheckUtils]: 2: Hoare triple {18066#true} assume true; {18066#true} is VALID [2022-02-20 17:59:50,734 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18066#true} {18066#true} #1208#return; {18066#true} is VALID [2022-02-20 17:59:50,740 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:59:50,741 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:50,743 INFO L290 TraceCheckUtils]: 0: Hoare triple {18125#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18066#true} is VALID [2022-02-20 17:59:50,744 INFO L290 TraceCheckUtils]: 1: Hoare triple {18066#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18066#true} is VALID [2022-02-20 17:59:50,744 INFO L290 TraceCheckUtils]: 2: Hoare triple {18066#true} assume true; {18066#true} is VALID [2022-02-20 17:59:50,744 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18066#true} {18066#true} #1210#return; {18066#true} is VALID [2022-02-20 17:59:50,744 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:50,745 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:50,755 INFO L290 TraceCheckUtils]: 0: Hoare triple {18124#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18066#true} is VALID [2022-02-20 17:59:50,755 INFO L290 TraceCheckUtils]: 1: Hoare triple {18066#true} assume !(1 == ~handle); {18066#true} is VALID [2022-02-20 17:59:50,755 INFO L290 TraceCheckUtils]: 2: Hoare triple {18066#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18066#true} is VALID [2022-02-20 17:59:50,755 INFO L290 TraceCheckUtils]: 3: Hoare triple {18066#true} assume true; {18066#true} is VALID [2022-02-20 17:59:50,755 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {18066#true} {18066#true} #1212#return; {18066#true} is VALID [2022-02-20 17:59:50,755 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:59:50,757 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:50,761 INFO L290 TraceCheckUtils]: 0: Hoare triple {18125#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18066#true} is VALID [2022-02-20 17:59:50,761 INFO L290 TraceCheckUtils]: 1: Hoare triple {18066#true} assume !(1 == ~handle); {18066#true} is VALID [2022-02-20 17:59:50,761 INFO L290 TraceCheckUtils]: 2: Hoare triple {18066#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {18066#true} is VALID [2022-02-20 17:59:50,761 INFO L290 TraceCheckUtils]: 3: Hoare triple {18066#true} assume true; {18066#true} is VALID [2022-02-20 17:59:50,761 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {18066#true} {18066#true} #1214#return; {18066#true} is VALID [2022-02-20 17:59:50,763 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:59:50,766 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:50,784 INFO L290 TraceCheckUtils]: 0: Hoare triple {18124#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18126#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:50,784 INFO L290 TraceCheckUtils]: 1: Hoare triple {18126#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {18126#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:50,785 INFO L290 TraceCheckUtils]: 2: Hoare triple {18126#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18127#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:50,785 INFO L290 TraceCheckUtils]: 3: Hoare triple {18127#(= 2 |setClientId_#in~handle|)} assume true; {18127#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:50,786 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {18127#(= 2 |setClientId_#in~handle|)} {18086#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1216#return; {18067#false} is VALID [2022-02-20 17:59:50,786 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2022-02-20 17:59:50,788 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:50,791 INFO L290 TraceCheckUtils]: 0: Hoare triple {18125#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18066#true} is VALID [2022-02-20 17:59:50,791 INFO L290 TraceCheckUtils]: 1: Hoare triple {18066#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18066#true} is VALID [2022-02-20 17:59:50,792 INFO L290 TraceCheckUtils]: 2: Hoare triple {18066#true} assume true; {18066#true} is VALID [2022-02-20 17:59:50,792 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18066#true} {18067#false} #1218#return; {18067#false} is VALID [2022-02-20 17:59:50,798 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 17:59:50,799 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:50,802 INFO L290 TraceCheckUtils]: 0: Hoare triple {18128#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18066#true} is VALID [2022-02-20 17:59:50,802 INFO L290 TraceCheckUtils]: 1: Hoare triple {18066#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18066#true} is VALID [2022-02-20 17:59:50,802 INFO L290 TraceCheckUtils]: 2: Hoare triple {18066#true} assume true; {18066#true} is VALID [2022-02-20 17:59:50,802 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18066#true} {18067#false} #1166#return; {18067#false} is VALID [2022-02-20 17:59:50,809 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63 [2022-02-20 17:59:50,811 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:50,813 INFO L290 TraceCheckUtils]: 0: Hoare triple {18129#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {18066#true} is VALID [2022-02-20 17:59:50,813 INFO L290 TraceCheckUtils]: 1: Hoare triple {18066#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {18066#true} is VALID [2022-02-20 17:59:50,814 INFO L290 TraceCheckUtils]: 2: Hoare triple {18066#true} assume true; {18066#true} is VALID [2022-02-20 17:59:50,814 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18066#true} {18067#false} #1168#return; {18067#false} is VALID [2022-02-20 17:59:50,814 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 17:59:50,815 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:50,818 INFO L290 TraceCheckUtils]: 0: Hoare triple {18066#true} ~handle := #in~handle;havoc ~retValue_acc~35; {18066#true} is VALID [2022-02-20 17:59:50,818 INFO L290 TraceCheckUtils]: 1: Hoare triple {18066#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {18066#true} is VALID [2022-02-20 17:59:50,818 INFO L290 TraceCheckUtils]: 2: Hoare triple {18066#true} assume true; {18066#true} is VALID [2022-02-20 17:59:50,818 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18066#true} {18067#false} #1146#return; {18067#false} is VALID [2022-02-20 17:59:50,819 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2022-02-20 17:59:50,820 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:50,822 INFO L290 TraceCheckUtils]: 0: Hoare triple {18066#true} ~handle := #in~handle;havoc ~retValue_acc~29; {18066#true} is VALID [2022-02-20 17:59:50,822 INFO L290 TraceCheckUtils]: 1: Hoare triple {18066#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {18066#true} is VALID [2022-02-20 17:59:50,822 INFO L290 TraceCheckUtils]: 2: Hoare triple {18066#true} assume true; {18066#true} is VALID [2022-02-20 17:59:50,822 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18066#true} {18067#false} #1148#return; {18067#false} is VALID [2022-02-20 17:59:50,822 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91 [2022-02-20 17:59:50,823 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:50,825 INFO L290 TraceCheckUtils]: 0: Hoare triple {18128#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18066#true} is VALID [2022-02-20 17:59:50,825 INFO L290 TraceCheckUtils]: 1: Hoare triple {18066#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18066#true} is VALID [2022-02-20 17:59:50,825 INFO L290 TraceCheckUtils]: 2: Hoare triple {18066#true} assume true; {18066#true} is VALID [2022-02-20 17:59:50,826 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18066#true} {18067#false} #1172#return; {18067#false} is VALID [2022-02-20 17:59:50,826 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 97 [2022-02-20 17:59:50,827 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:50,830 INFO L290 TraceCheckUtils]: 0: Hoare triple {18066#true} ~handle := #in~handle;havoc ~retValue_acc~20; {18066#true} is VALID [2022-02-20 17:59:50,831 INFO L290 TraceCheckUtils]: 1: Hoare triple {18066#true} assume 1 == ~handle;~retValue_acc~20 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~20; {18066#true} is VALID [2022-02-20 17:59:50,831 INFO L290 TraceCheckUtils]: 2: Hoare triple {18066#true} assume true; {18066#true} is VALID [2022-02-20 17:59:50,831 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18066#true} {18067#false} #1174#return; {18067#false} is VALID [2022-02-20 17:59:50,831 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 104 [2022-02-20 17:59:50,832 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:50,835 INFO L290 TraceCheckUtils]: 0: Hoare triple {18066#true} ~handle := #in~handle;havoc ~retValue_acc~35; {18066#true} is VALID [2022-02-20 17:59:50,836 INFO L290 TraceCheckUtils]: 1: Hoare triple {18066#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {18066#true} is VALID [2022-02-20 17:59:50,836 INFO L290 TraceCheckUtils]: 2: Hoare triple {18066#true} assume true; {18066#true} is VALID [2022-02-20 17:59:50,836 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18066#true} {18067#false} #1176#return; {18067#false} is VALID [2022-02-20 17:59:50,836 INFO L290 TraceCheckUtils]: 0: Hoare triple {18066#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(16, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(34, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(20, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(13, 38);~head~0.base, ~head~0.offset := 0, 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {18066#true} is VALID [2022-02-20 17:59:50,836 INFO L290 TraceCheckUtils]: 1: Hoare triple {18066#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret72#1, main_~retValue_acc~23#1, main_~tmp~15#1;havoc main_~retValue_acc~23#1;havoc main_~tmp~15#1;assume { :begin_inline_select_helpers } true; {18066#true} is VALID [2022-02-20 17:59:50,837 INFO L290 TraceCheckUtils]: 2: Hoare triple {18066#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {18066#true} is VALID [2022-02-20 17:59:50,837 INFO L290 TraceCheckUtils]: 3: Hoare triple {18066#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~25#1;havoc valid_product_~retValue_acc~25#1;valid_product_~retValue_acc~25#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~25#1; {18066#true} is VALID [2022-02-20 17:59:50,837 INFO L290 TraceCheckUtils]: 4: Hoare triple {18066#true} main_#t~ret72#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret72#1 && main_#t~ret72#1 <= 2147483647;main_~tmp~15#1 := main_#t~ret72#1;havoc main_#t~ret72#1; {18066#true} is VALID [2022-02-20 17:59:50,837 INFO L290 TraceCheckUtils]: 5: Hoare triple {18066#true} assume 0 != main_~tmp~15#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet69#1, setup_#t~nondet70#1, setup_#t~nondet71#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {18066#true} is VALID [2022-02-20 17:59:50,838 INFO L272 TraceCheckUtils]: 6: Hoare triple {18066#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {18124#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:50,838 INFO L290 TraceCheckUtils]: 7: Hoare triple {18124#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18066#true} is VALID [2022-02-20 17:59:50,838 INFO L290 TraceCheckUtils]: 8: Hoare triple {18066#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {18066#true} is VALID [2022-02-20 17:59:50,838 INFO L290 TraceCheckUtils]: 9: Hoare triple {18066#true} assume true; {18066#true} is VALID [2022-02-20 17:59:50,838 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {18066#true} {18066#true} #1208#return; {18066#true} is VALID [2022-02-20 17:59:50,839 INFO L290 TraceCheckUtils]: 11: Hoare triple {18066#true} assume { :end_inline_setup_bob__wrappee__Base } true; {18066#true} is VALID [2022-02-20 17:59:50,839 INFO L272 TraceCheckUtils]: 12: Hoare triple {18066#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {18125#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:50,839 INFO L290 TraceCheckUtils]: 13: Hoare triple {18125#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18066#true} is VALID [2022-02-20 17:59:50,839 INFO L290 TraceCheckUtils]: 14: Hoare triple {18066#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18066#true} is VALID [2022-02-20 17:59:50,840 INFO L290 TraceCheckUtils]: 15: Hoare triple {18066#true} assume true; {18066#true} is VALID [2022-02-20 17:59:50,840 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {18066#true} {18066#true} #1210#return; {18066#true} is VALID [2022-02-20 17:59:50,840 INFO L290 TraceCheckUtils]: 17: Hoare triple {18066#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet69#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {18066#true} is VALID [2022-02-20 17:59:50,841 INFO L272 TraceCheckUtils]: 18: Hoare triple {18066#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {18124#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:50,841 INFO L290 TraceCheckUtils]: 19: Hoare triple {18124#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18066#true} is VALID [2022-02-20 17:59:50,841 INFO L290 TraceCheckUtils]: 20: Hoare triple {18066#true} assume !(1 == ~handle); {18066#true} is VALID [2022-02-20 17:59:50,841 INFO L290 TraceCheckUtils]: 21: Hoare triple {18066#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18066#true} is VALID [2022-02-20 17:59:50,841 INFO L290 TraceCheckUtils]: 22: Hoare triple {18066#true} assume true; {18066#true} is VALID [2022-02-20 17:59:50,841 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {18066#true} {18066#true} #1212#return; {18066#true} is VALID [2022-02-20 17:59:50,841 INFO L290 TraceCheckUtils]: 24: Hoare triple {18066#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {18066#true} is VALID [2022-02-20 17:59:50,842 INFO L272 TraceCheckUtils]: 25: Hoare triple {18066#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {18125#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:50,842 INFO L290 TraceCheckUtils]: 26: Hoare triple {18125#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18066#true} is VALID [2022-02-20 17:59:50,842 INFO L290 TraceCheckUtils]: 27: Hoare triple {18066#true} assume !(1 == ~handle); {18066#true} is VALID [2022-02-20 17:59:50,843 INFO L290 TraceCheckUtils]: 28: Hoare triple {18066#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {18066#true} is VALID [2022-02-20 17:59:50,843 INFO L290 TraceCheckUtils]: 29: Hoare triple {18066#true} assume true; {18066#true} is VALID [2022-02-20 17:59:50,843 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {18066#true} {18066#true} #1214#return; {18066#true} is VALID [2022-02-20 17:59:50,843 INFO L290 TraceCheckUtils]: 31: Hoare triple {18066#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 33, 0;havoc setup_#t~nondet70#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {18086#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:59:50,844 INFO L272 TraceCheckUtils]: 32: Hoare triple {18086#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {18124#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:50,844 INFO L290 TraceCheckUtils]: 33: Hoare triple {18124#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18126#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:50,845 INFO L290 TraceCheckUtils]: 34: Hoare triple {18126#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {18126#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:50,845 INFO L290 TraceCheckUtils]: 35: Hoare triple {18126#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18127#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:50,845 INFO L290 TraceCheckUtils]: 36: Hoare triple {18127#(= 2 |setClientId_#in~handle|)} assume true; {18127#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:50,846 INFO L284 TraceCheckUtils]: 37: Hoare quadruple {18127#(= 2 |setClientId_#in~handle|)} {18086#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1216#return; {18067#false} is VALID [2022-02-20 17:59:50,846 INFO L290 TraceCheckUtils]: 38: Hoare triple {18067#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {18067#false} is VALID [2022-02-20 17:59:50,846 INFO L272 TraceCheckUtils]: 39: Hoare triple {18067#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {18125#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:50,846 INFO L290 TraceCheckUtils]: 40: Hoare triple {18125#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18066#true} is VALID [2022-02-20 17:59:50,847 INFO L290 TraceCheckUtils]: 41: Hoare triple {18066#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18066#true} is VALID [2022-02-20 17:59:50,847 INFO L290 TraceCheckUtils]: 42: Hoare triple {18066#true} assume true; {18066#true} is VALID [2022-02-20 17:59:50,847 INFO L284 TraceCheckUtils]: 43: Hoare quadruple {18066#true} {18067#false} #1218#return; {18067#false} is VALID [2022-02-20 17:59:50,847 INFO L290 TraceCheckUtils]: 44: Hoare triple {18067#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 34, 0;havoc setup_#t~nondet71#1; {18067#false} is VALID [2022-02-20 17:59:50,847 INFO L290 TraceCheckUtils]: 45: Hoare triple {18067#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {18067#false} is VALID [2022-02-20 17:59:50,847 INFO L290 TraceCheckUtils]: 46: Hoare triple {18067#false} assume !false; {18067#false} is VALID [2022-02-20 17:59:50,847 INFO L290 TraceCheckUtils]: 47: Hoare triple {18067#false} assume test_~splverifierCounter~0#1 < 4; {18067#false} is VALID [2022-02-20 17:59:50,848 INFO L290 TraceCheckUtils]: 48: Hoare triple {18067#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {18067#false} is VALID [2022-02-20 17:59:50,848 INFO L290 TraceCheckUtils]: 49: Hoare triple {18067#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet87#1 && test_#t~nondet87#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet87#1;havoc test_#t~nondet87#1; {18067#false} is VALID [2022-02-20 17:59:50,848 INFO L290 TraceCheckUtils]: 50: Hoare triple {18067#false} assume !(0 != test_~tmp___9~0#1); {18067#false} is VALID [2022-02-20 17:59:50,848 INFO L290 TraceCheckUtils]: 51: Hoare triple {18067#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet88#1 && test_#t~nondet88#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet88#1;havoc test_#t~nondet88#1; {18067#false} is VALID [2022-02-20 17:59:50,848 INFO L290 TraceCheckUtils]: 52: Hoare triple {18067#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {18067#false} is VALID [2022-02-20 17:59:50,848 INFO L290 TraceCheckUtils]: 53: Hoare triple {18067#false} assume !false; {18067#false} is VALID [2022-02-20 17:59:50,848 INFO L290 TraceCheckUtils]: 54: Hoare triple {18067#false} assume !(test_~splverifierCounter~0#1 < 4); {18067#false} is VALID [2022-02-20 17:59:50,849 INFO L290 TraceCheckUtils]: 55: Hoare triple {18067#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret64#1, bobToRjh_#t~ret65#1, bobToRjh_#t~ret66#1, bobToRjh_#t~ret67#1, bobToRjh_~tmp~14#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~14#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret64#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret64#1 && bobToRjh_#t~ret64#1 <= 2147483647;havoc bobToRjh_#t~ret64#1; {18067#false} is VALID [2022-02-20 17:59:50,849 INFO L272 TraceCheckUtils]: 56: Hoare triple {18067#false} call sendEmail(~bob~0, ~rjh~0); {18067#false} is VALID [2022-02-20 17:59:50,849 INFO L290 TraceCheckUtils]: 57: Hoare triple {18067#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~11#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~6#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~6#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {18067#false} is VALID [2022-02-20 17:59:50,849 INFO L272 TraceCheckUtils]: 58: Hoare triple {18067#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {18128#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:50,849 INFO L290 TraceCheckUtils]: 59: Hoare triple {18128#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18066#true} is VALID [2022-02-20 17:59:50,849 INFO L290 TraceCheckUtils]: 60: Hoare triple {18066#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18066#true} is VALID [2022-02-20 17:59:50,850 INFO L290 TraceCheckUtils]: 61: Hoare triple {18066#true} assume true; {18066#true} is VALID [2022-02-20 17:59:50,850 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {18066#true} {18067#false} #1166#return; {18067#false} is VALID [2022-02-20 17:59:50,850 INFO L272 TraceCheckUtils]: 63: Hoare triple {18067#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {18129#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:50,850 INFO L290 TraceCheckUtils]: 64: Hoare triple {18129#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {18066#true} is VALID [2022-02-20 17:59:50,850 INFO L290 TraceCheckUtils]: 65: Hoare triple {18066#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {18066#true} is VALID [2022-02-20 17:59:50,850 INFO L290 TraceCheckUtils]: 66: Hoare triple {18066#true} assume true; {18066#true} is VALID [2022-02-20 17:59:50,850 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {18066#true} {18067#false} #1168#return; {18067#false} is VALID [2022-02-20 17:59:50,851 INFO L290 TraceCheckUtils]: 68: Hoare triple {18067#false} createEmail_~retValue_acc~6#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~6#1; {18067#false} is VALID [2022-02-20 17:59:50,851 INFO L290 TraceCheckUtils]: 69: Hoare triple {18067#false} #t~ret54#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret54#1 && #t~ret54#1 <= 2147483647;~tmp~11#1 := #t~ret54#1;havoc #t~ret54#1;~email~0#1 := ~tmp~11#1; {18067#false} is VALID [2022-02-20 17:59:50,851 INFO L272 TraceCheckUtils]: 70: Hoare triple {18067#false} call outgoing(~sender#1, ~email~0#1); {18067#false} is VALID [2022-02-20 17:59:50,851 INFO L290 TraceCheckUtils]: 71: Hoare triple {18067#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret56#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~12#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~12#1; {18067#false} is VALID [2022-02-20 17:59:50,851 INFO L272 TraceCheckUtils]: 72: Hoare triple {18067#false} call sign_#t~ret56#1 := getClientPrivateKey(sign_~client#1); {18066#true} is VALID [2022-02-20 17:59:50,851 INFO L290 TraceCheckUtils]: 73: Hoare triple {18066#true} ~handle := #in~handle;havoc ~retValue_acc~35; {18066#true} is VALID [2022-02-20 17:59:50,851 INFO L290 TraceCheckUtils]: 74: Hoare triple {18066#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {18066#true} is VALID [2022-02-20 17:59:50,852 INFO L290 TraceCheckUtils]: 75: Hoare triple {18066#true} assume true; {18066#true} is VALID [2022-02-20 17:59:50,852 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {18066#true} {18067#false} #1146#return; {18067#false} is VALID [2022-02-20 17:59:50,852 INFO L290 TraceCheckUtils]: 77: Hoare triple {18067#false} assume -2147483648 <= sign_#t~ret56#1 && sign_#t~ret56#1 <= 2147483647;sign_~tmp~12#1 := sign_#t~ret56#1;havoc sign_#t~ret56#1;sign_~privkey~0#1 := sign_~tmp~12#1; {18067#false} is VALID [2022-02-20 17:59:50,852 INFO L290 TraceCheckUtils]: 78: Hoare triple {18067#false} assume 0 == sign_~privkey~0#1; {18067#false} is VALID [2022-02-20 17:59:50,852 INFO L290 TraceCheckUtils]: 79: Hoare triple {18067#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret45#1, outgoing__wrappee__AddressBook_#t~ret46#1, outgoing__wrappee__AddressBook_#t~ret47#1, outgoing__wrappee__AddressBook_#t~ret48#1, outgoing__wrappee__AddressBook_#t~ret49#1, outgoing__wrappee__AddressBook_#t~ret50#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~8#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~2#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~1#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~8#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~2#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~1#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {18067#false} is VALID [2022-02-20 17:59:50,852 INFO L272 TraceCheckUtils]: 80: Hoare triple {18067#false} call outgoing__wrappee__AddressBook_#t~ret45#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {18066#true} is VALID [2022-02-20 17:59:50,853 INFO L290 TraceCheckUtils]: 81: Hoare triple {18066#true} ~handle := #in~handle;havoc ~retValue_acc~29; {18066#true} is VALID [2022-02-20 17:59:50,853 INFO L290 TraceCheckUtils]: 82: Hoare triple {18066#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {18066#true} is VALID [2022-02-20 17:59:50,853 INFO L290 TraceCheckUtils]: 83: Hoare triple {18066#true} assume true; {18066#true} is VALID [2022-02-20 17:59:50,853 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {18066#true} {18067#false} #1148#return; {18067#false} is VALID [2022-02-20 17:59:50,853 INFO L290 TraceCheckUtils]: 85: Hoare triple {18067#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret45#1 && outgoing__wrappee__AddressBook_#t~ret45#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~8#1 := outgoing__wrappee__AddressBook_#t~ret45#1;havoc outgoing__wrappee__AddressBook_#t~ret45#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~8#1; {18067#false} is VALID [2022-02-20 17:59:50,853 INFO L290 TraceCheckUtils]: 86: Hoare triple {18067#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {18067#false} is VALID [2022-02-20 17:59:50,853 INFO L272 TraceCheckUtils]: 87: Hoare triple {18067#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {18067#false} is VALID [2022-02-20 17:59:50,854 INFO L290 TraceCheckUtils]: 88: Hoare triple {18067#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {18067#false} is VALID [2022-02-20 17:59:50,854 INFO L290 TraceCheckUtils]: 89: Hoare triple {18067#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {18067#false} is VALID [2022-02-20 17:59:50,854 INFO L290 TraceCheckUtils]: 90: Hoare triple {18067#false} #t~ret44#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret44#1 && #t~ret44#1 <= 2147483647;~tmp~7#1 := #t~ret44#1;havoc #t~ret44#1; {18067#false} is VALID [2022-02-20 17:59:50,854 INFO L272 TraceCheckUtils]: 91: Hoare triple {18067#false} call setEmailFrom(~msg#1, ~tmp~7#1); {18128#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:50,854 INFO L290 TraceCheckUtils]: 92: Hoare triple {18128#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18066#true} is VALID [2022-02-20 17:59:50,854 INFO L290 TraceCheckUtils]: 93: Hoare triple {18066#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18066#true} is VALID [2022-02-20 17:59:50,854 INFO L290 TraceCheckUtils]: 94: Hoare triple {18066#true} assume true; {18066#true} is VALID [2022-02-20 17:59:50,855 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {18066#true} {18067#false} #1172#return; {18067#false} is VALID [2022-02-20 17:59:50,855 INFO L290 TraceCheckUtils]: 96: Hoare triple {18067#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret42#1, mail_#t~ret43#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret84#1, __utac_acc__SignForward_spec__1_#t~ret85#1, __utac_acc__SignForward_spec__1_#t~ret86#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~17#1, __utac_acc__SignForward_spec__1_~tmp___0~6#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~17#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~6#1;call __utac_acc__SignForward_spec__1_#t~ret84#1 := puts(38, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret84#1 && __utac_acc__SignForward_spec__1_#t~ret84#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret84#1; {18067#false} is VALID [2022-02-20 17:59:50,855 INFO L272 TraceCheckUtils]: 97: Hoare triple {18067#false} call __utac_acc__SignForward_spec__1_#t~ret85#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {18066#true} is VALID [2022-02-20 17:59:50,855 INFO L290 TraceCheckUtils]: 98: Hoare triple {18066#true} ~handle := #in~handle;havoc ~retValue_acc~20; {18066#true} is VALID [2022-02-20 17:59:50,855 INFO L290 TraceCheckUtils]: 99: Hoare triple {18066#true} assume 1 == ~handle;~retValue_acc~20 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~20; {18066#true} is VALID [2022-02-20 17:59:50,855 INFO L290 TraceCheckUtils]: 100: Hoare triple {18066#true} assume true; {18066#true} is VALID [2022-02-20 17:59:50,855 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {18066#true} {18067#false} #1174#return; {18067#false} is VALID [2022-02-20 17:59:50,856 INFO L290 TraceCheckUtils]: 102: Hoare triple {18067#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret85#1 && __utac_acc__SignForward_spec__1_#t~ret85#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~6#1 := __utac_acc__SignForward_spec__1_#t~ret85#1;havoc __utac_acc__SignForward_spec__1_#t~ret85#1; {18067#false} is VALID [2022-02-20 17:59:50,856 INFO L290 TraceCheckUtils]: 103: Hoare triple {18067#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~6#1; {18067#false} is VALID [2022-02-20 17:59:50,856 INFO L272 TraceCheckUtils]: 104: Hoare triple {18067#false} call __utac_acc__SignForward_spec__1_#t~ret86#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {18066#true} is VALID [2022-02-20 17:59:50,856 INFO L290 TraceCheckUtils]: 105: Hoare triple {18066#true} ~handle := #in~handle;havoc ~retValue_acc~35; {18066#true} is VALID [2022-02-20 17:59:50,856 INFO L290 TraceCheckUtils]: 106: Hoare triple {18066#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {18066#true} is VALID [2022-02-20 17:59:50,856 INFO L290 TraceCheckUtils]: 107: Hoare triple {18066#true} assume true; {18066#true} is VALID [2022-02-20 17:59:50,857 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {18066#true} {18067#false} #1176#return; {18067#false} is VALID [2022-02-20 17:59:50,857 INFO L290 TraceCheckUtils]: 109: Hoare triple {18067#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret86#1 && __utac_acc__SignForward_spec__1_#t~ret86#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~17#1 := __utac_acc__SignForward_spec__1_#t~ret86#1;havoc __utac_acc__SignForward_spec__1_#t~ret86#1; {18067#false} is VALID [2022-02-20 17:59:50,857 INFO L290 TraceCheckUtils]: 110: Hoare triple {18067#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~17#1;assume { :begin_inline___automaton_fail } true; {18067#false} is VALID [2022-02-20 17:59:50,857 INFO L290 TraceCheckUtils]: 111: Hoare triple {18067#false} assume !false; {18067#false} is VALID [2022-02-20 17:59:50,857 INFO L134 CoverageAnalysis]: Checked inductivity of 35 backedges. 7 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 17:59:50,858 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:50,858 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1089184134] [2022-02-20 17:59:50,858 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1089184134] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:50,858 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:59:50,858 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 17:59:50,858 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1803235578] [2022-02-20 17:59:50,858 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:50,859 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 8.625) internal successors, (69), 5 states have internal predecessors, (69), 3 states have call successors, (16), 6 states have call predecessors, (16), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) Word has length 112 [2022-02-20 17:59:50,860 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:50,860 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 8.625) internal successors, (69), 5 states have internal predecessors, (69), 3 states have call successors, (16), 6 states have call predecessors, (16), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:59:50,929 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 98 edges. 98 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:50,929 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 17:59:50,929 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:50,930 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 17:59:50,930 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:59:50,930 INFO L87 Difference]: Start difference. First operand 452 states and 706 transitions. Second operand has 9 states, 8 states have (on average 8.625) internal successors, (69), 5 states have internal predecessors, (69), 3 states have call successors, (16), 6 states have call predecessors, (16), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:59:58,606 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:58,607 INFO L93 Difference]: Finished difference Result 1061 states and 1680 transitions. [2022-02-20 17:59:58,607 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 17:59:58,607 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 8.625) internal successors, (69), 5 states have internal predecessors, (69), 3 states have call successors, (16), 6 states have call predecessors, (16), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) Word has length 112 [2022-02-20 17:59:58,608 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:58,608 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 8.625) internal successors, (69), 5 states have internal predecessors, (69), 3 states have call successors, (16), 6 states have call predecessors, (16), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:59:58,624 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1426 transitions. [2022-02-20 17:59:58,624 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 8.625) internal successors, (69), 5 states have internal predecessors, (69), 3 states have call successors, (16), 6 states have call predecessors, (16), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:59:58,640 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1426 transitions. [2022-02-20 17:59:58,640 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1426 transitions. [2022-02-20 17:59:59,915 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1426 edges. 1426 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:59,937 INFO L225 Difference]: With dead ends: 1061 [2022-02-20 17:59:59,938 INFO L226 Difference]: Without dead ends: 632 [2022-02-20 17:59:59,939 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 44 GetRequests, 29 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 30 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 17:59:59,940 INFO L933 BasicCegarLoop]: 711 mSDtfsCounter, 1417 mSDsluCounter, 986 mSDsCounter, 0 mSdLazyCounter, 2425 mSolverCounterSat, 528 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1438 SdHoareTripleChecker+Valid, 1697 SdHoareTripleChecker+Invalid, 2953 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 528 IncrementalHoareTripleChecker+Valid, 2425 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.4s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:59,940 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1438 Valid, 1697 Invalid, 2953 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [528 Valid, 2425 Invalid, 0 Unknown, 0 Unchecked, 3.4s Time] [2022-02-20 17:59:59,941 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 632 states. [2022-02-20 18:00:00,048 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 632 to 454. [2022-02-20 18:00:00,048 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:00:00,049 INFO L82 GeneralOperation]: Start isEquivalent. First operand 632 states. Second operand has 454 states, 358 states have (on average 1.5698324022346368) internal successors, (562), 363 states have internal predecessors, (562), 70 states have call successors, (70), 22 states have call predecessors, (70), 25 states have return successors, (77), 68 states have call predecessors, (77), 69 states have call successors, (77) [2022-02-20 18:00:00,050 INFO L74 IsIncluded]: Start isIncluded. First operand 632 states. Second operand has 454 states, 358 states have (on average 1.5698324022346368) internal successors, (562), 363 states have internal predecessors, (562), 70 states have call successors, (70), 22 states have call predecessors, (70), 25 states have return successors, (77), 68 states have call predecessors, (77), 69 states have call successors, (77) [2022-02-20 18:00:00,051 INFO L87 Difference]: Start difference. First operand 632 states. Second operand has 454 states, 358 states have (on average 1.5698324022346368) internal successors, (562), 363 states have internal predecessors, (562), 70 states have call successors, (70), 22 states have call predecessors, (70), 25 states have return successors, (77), 68 states have call predecessors, (77), 69 states have call successors, (77) [2022-02-20 18:00:00,084 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:00,084 INFO L93 Difference]: Finished difference Result 632 states and 1004 transitions. [2022-02-20 18:00:00,084 INFO L276 IsEmpty]: Start isEmpty. Operand 632 states and 1004 transitions. [2022-02-20 18:00:00,088 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:00,088 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:00,089 INFO L74 IsIncluded]: Start isIncluded. First operand has 454 states, 358 states have (on average 1.5698324022346368) internal successors, (562), 363 states have internal predecessors, (562), 70 states have call successors, (70), 22 states have call predecessors, (70), 25 states have return successors, (77), 68 states have call predecessors, (77), 69 states have call successors, (77) Second operand 632 states. [2022-02-20 18:00:00,091 INFO L87 Difference]: Start difference. First operand has 454 states, 358 states have (on average 1.5698324022346368) internal successors, (562), 363 states have internal predecessors, (562), 70 states have call successors, (70), 22 states have call predecessors, (70), 25 states have return successors, (77), 68 states have call predecessors, (77), 69 states have call successors, (77) Second operand 632 states. [2022-02-20 18:00:00,121 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:00,121 INFO L93 Difference]: Finished difference Result 632 states and 1004 transitions. [2022-02-20 18:00:00,121 INFO L276 IsEmpty]: Start isEmpty. Operand 632 states and 1004 transitions. [2022-02-20 18:00:00,125 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:00,125 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:00,126 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:00:00,126 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:00:00,133 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 454 states, 358 states have (on average 1.5698324022346368) internal successors, (562), 363 states have internal predecessors, (562), 70 states have call successors, (70), 22 states have call predecessors, (70), 25 states have return successors, (77), 68 states have call predecessors, (77), 69 states have call successors, (77) [2022-02-20 18:00:00,152 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 454 states to 454 states and 709 transitions. [2022-02-20 18:00:00,153 INFO L78 Accepts]: Start accepts. Automaton has 454 states and 709 transitions. Word has length 112 [2022-02-20 18:00:00,153 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:00:00,153 INFO L470 AbstractCegarLoop]: Abstraction has 454 states and 709 transitions. [2022-02-20 18:00:00,154 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 8.625) internal successors, (69), 5 states have internal predecessors, (69), 3 states have call successors, (16), 6 states have call predecessors, (16), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:00:00,154 INFO L276 IsEmpty]: Start isEmpty. Operand 454 states and 709 transitions. [2022-02-20 18:00:00,156 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 114 [2022-02-20 18:00:00,157 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:00:00,157 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:00:00,157 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-20 18:00:00,158 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:00:00,158 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:00:00,158 INFO L85 PathProgramCache]: Analyzing trace with hash -1107410311, now seen corresponding path program 1 times [2022-02-20 18:00:00,158 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:00:00,158 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [399398282] [2022-02-20 18:00:00,159 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:00,159 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:00:00,192 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:00,229 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:00:00,231 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:00,250 INFO L290 TraceCheckUtils]: 0: Hoare triple {21589#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21529#true} is VALID [2022-02-20 18:00:00,251 INFO L290 TraceCheckUtils]: 1: Hoare triple {21529#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21529#true} is VALID [2022-02-20 18:00:00,251 INFO L290 TraceCheckUtils]: 2: Hoare triple {21529#true} assume true; {21529#true} is VALID [2022-02-20 18:00:00,251 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21529#true} {21529#true} #1208#return; {21529#true} is VALID [2022-02-20 18:00:00,258 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:00:00,259 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:00,261 INFO L290 TraceCheckUtils]: 0: Hoare triple {21590#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21529#true} is VALID [2022-02-20 18:00:00,261 INFO L290 TraceCheckUtils]: 1: Hoare triple {21529#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21529#true} is VALID [2022-02-20 18:00:00,262 INFO L290 TraceCheckUtils]: 2: Hoare triple {21529#true} assume true; {21529#true} is VALID [2022-02-20 18:00:00,262 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21529#true} {21529#true} #1210#return; {21529#true} is VALID [2022-02-20 18:00:00,262 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:00:00,263 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:00,268 INFO L290 TraceCheckUtils]: 0: Hoare triple {21589#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21529#true} is VALID [2022-02-20 18:00:00,268 INFO L290 TraceCheckUtils]: 1: Hoare triple {21529#true} assume !(1 == ~handle); {21529#true} is VALID [2022-02-20 18:00:00,268 INFO L290 TraceCheckUtils]: 2: Hoare triple {21529#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {21529#true} is VALID [2022-02-20 18:00:00,268 INFO L290 TraceCheckUtils]: 3: Hoare triple {21529#true} assume true; {21529#true} is VALID [2022-02-20 18:00:00,268 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {21529#true} {21529#true} #1212#return; {21529#true} is VALID [2022-02-20 18:00:00,269 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:00:00,270 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:00,273 INFO L290 TraceCheckUtils]: 0: Hoare triple {21590#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21529#true} is VALID [2022-02-20 18:00:00,273 INFO L290 TraceCheckUtils]: 1: Hoare triple {21529#true} assume !(1 == ~handle); {21529#true} is VALID [2022-02-20 18:00:00,273 INFO L290 TraceCheckUtils]: 2: Hoare triple {21529#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {21529#true} is VALID [2022-02-20 18:00:00,273 INFO L290 TraceCheckUtils]: 3: Hoare triple {21529#true} assume true; {21529#true} is VALID [2022-02-20 18:00:00,273 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {21529#true} {21529#true} #1214#return; {21529#true} is VALID [2022-02-20 18:00:00,274 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:00:00,276 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:00,297 INFO L290 TraceCheckUtils]: 0: Hoare triple {21589#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21591#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:00,298 INFO L290 TraceCheckUtils]: 1: Hoare triple {21591#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {21591#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:00,298 INFO L290 TraceCheckUtils]: 2: Hoare triple {21591#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {21591#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:00,298 INFO L290 TraceCheckUtils]: 3: Hoare triple {21591#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {21592#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:00,299 INFO L290 TraceCheckUtils]: 4: Hoare triple {21592#(= 3 |setClientId_#in~handle|)} assume true; {21592#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:00,299 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {21592#(= 3 |setClientId_#in~handle|)} {21549#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1216#return; {21556#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:00:00,300 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:00:00,301 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:00,318 INFO L290 TraceCheckUtils]: 0: Hoare triple {21590#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21593#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:00,319 INFO L290 TraceCheckUtils]: 1: Hoare triple {21593#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21594#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:00:00,319 INFO L290 TraceCheckUtils]: 2: Hoare triple {21594#(= |setClientPrivateKey_#in~handle| 1)} assume true; {21594#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:00:00,320 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21594#(= |setClientPrivateKey_#in~handle| 1)} {21556#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1218#return; {21530#false} is VALID [2022-02-20 18:00:00,329 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 18:00:00,330 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:00,332 INFO L290 TraceCheckUtils]: 0: Hoare triple {21595#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21529#true} is VALID [2022-02-20 18:00:00,333 INFO L290 TraceCheckUtils]: 1: Hoare triple {21529#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21529#true} is VALID [2022-02-20 18:00:00,333 INFO L290 TraceCheckUtils]: 2: Hoare triple {21529#true} assume true; {21529#true} is VALID [2022-02-20 18:00:00,333 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21529#true} {21530#false} #1166#return; {21530#false} is VALID [2022-02-20 18:00:00,343 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2022-02-20 18:00:00,345 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:00,347 INFO L290 TraceCheckUtils]: 0: Hoare triple {21596#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {21529#true} is VALID [2022-02-20 18:00:00,347 INFO L290 TraceCheckUtils]: 1: Hoare triple {21529#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21529#true} is VALID [2022-02-20 18:00:00,347 INFO L290 TraceCheckUtils]: 2: Hoare triple {21529#true} assume true; {21529#true} is VALID [2022-02-20 18:00:00,347 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21529#true} {21530#false} #1168#return; {21530#false} is VALID [2022-02-20 18:00:00,347 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 73 [2022-02-20 18:00:00,348 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:00,352 INFO L290 TraceCheckUtils]: 0: Hoare triple {21529#true} ~handle := #in~handle;havoc ~retValue_acc~35; {21529#true} is VALID [2022-02-20 18:00:00,352 INFO L290 TraceCheckUtils]: 1: Hoare triple {21529#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {21529#true} is VALID [2022-02-20 18:00:00,353 INFO L290 TraceCheckUtils]: 2: Hoare triple {21529#true} assume true; {21529#true} is VALID [2022-02-20 18:00:00,353 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21529#true} {21530#false} #1146#return; {21530#false} is VALID [2022-02-20 18:00:00,354 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81 [2022-02-20 18:00:00,356 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:00,358 INFO L290 TraceCheckUtils]: 0: Hoare triple {21529#true} ~handle := #in~handle;havoc ~retValue_acc~29; {21529#true} is VALID [2022-02-20 18:00:00,358 INFO L290 TraceCheckUtils]: 1: Hoare triple {21529#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {21529#true} is VALID [2022-02-20 18:00:00,358 INFO L290 TraceCheckUtils]: 2: Hoare triple {21529#true} assume true; {21529#true} is VALID [2022-02-20 18:00:00,358 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21529#true} {21530#false} #1148#return; {21530#false} is VALID [2022-02-20 18:00:00,358 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:00:00,359 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:00,361 INFO L290 TraceCheckUtils]: 0: Hoare triple {21595#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21529#true} is VALID [2022-02-20 18:00:00,361 INFO L290 TraceCheckUtils]: 1: Hoare triple {21529#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21529#true} is VALID [2022-02-20 18:00:00,361 INFO L290 TraceCheckUtils]: 2: Hoare triple {21529#true} assume true; {21529#true} is VALID [2022-02-20 18:00:00,361 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21529#true} {21530#false} #1172#return; {21530#false} is VALID [2022-02-20 18:00:00,361 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 18:00:00,362 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:00,364 INFO L290 TraceCheckUtils]: 0: Hoare triple {21529#true} ~handle := #in~handle;havoc ~retValue_acc~20; {21529#true} is VALID [2022-02-20 18:00:00,364 INFO L290 TraceCheckUtils]: 1: Hoare triple {21529#true} assume 1 == ~handle;~retValue_acc~20 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~20; {21529#true} is VALID [2022-02-20 18:00:00,364 INFO L290 TraceCheckUtils]: 2: Hoare triple {21529#true} assume true; {21529#true} is VALID [2022-02-20 18:00:00,364 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21529#true} {21530#false} #1174#return; {21530#false} is VALID [2022-02-20 18:00:00,364 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 105 [2022-02-20 18:00:00,366 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:00,368 INFO L290 TraceCheckUtils]: 0: Hoare triple {21529#true} ~handle := #in~handle;havoc ~retValue_acc~35; {21529#true} is VALID [2022-02-20 18:00:00,368 INFO L290 TraceCheckUtils]: 1: Hoare triple {21529#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {21529#true} is VALID [2022-02-20 18:00:00,368 INFO L290 TraceCheckUtils]: 2: Hoare triple {21529#true} assume true; {21529#true} is VALID [2022-02-20 18:00:00,369 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21529#true} {21530#false} #1176#return; {21530#false} is VALID [2022-02-20 18:00:00,369 INFO L290 TraceCheckUtils]: 0: Hoare triple {21529#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(16, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(34, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(20, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(13, 38);~head~0.base, ~head~0.offset := 0, 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {21529#true} is VALID [2022-02-20 18:00:00,369 INFO L290 TraceCheckUtils]: 1: Hoare triple {21529#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret72#1, main_~retValue_acc~23#1, main_~tmp~15#1;havoc main_~retValue_acc~23#1;havoc main_~tmp~15#1;assume { :begin_inline_select_helpers } true; {21529#true} is VALID [2022-02-20 18:00:00,369 INFO L290 TraceCheckUtils]: 2: Hoare triple {21529#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {21529#true} is VALID [2022-02-20 18:00:00,369 INFO L290 TraceCheckUtils]: 3: Hoare triple {21529#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~25#1;havoc valid_product_~retValue_acc~25#1;valid_product_~retValue_acc~25#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~25#1; {21529#true} is VALID [2022-02-20 18:00:00,369 INFO L290 TraceCheckUtils]: 4: Hoare triple {21529#true} main_#t~ret72#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret72#1 && main_#t~ret72#1 <= 2147483647;main_~tmp~15#1 := main_#t~ret72#1;havoc main_#t~ret72#1; {21529#true} is VALID [2022-02-20 18:00:00,370 INFO L290 TraceCheckUtils]: 5: Hoare triple {21529#true} assume 0 != main_~tmp~15#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet69#1, setup_#t~nondet70#1, setup_#t~nondet71#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {21529#true} is VALID [2022-02-20 18:00:00,370 INFO L272 TraceCheckUtils]: 6: Hoare triple {21529#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {21589#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:00,370 INFO L290 TraceCheckUtils]: 7: Hoare triple {21589#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21529#true} is VALID [2022-02-20 18:00:00,371 INFO L290 TraceCheckUtils]: 8: Hoare triple {21529#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21529#true} is VALID [2022-02-20 18:00:00,371 INFO L290 TraceCheckUtils]: 9: Hoare triple {21529#true} assume true; {21529#true} is VALID [2022-02-20 18:00:00,371 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {21529#true} {21529#true} #1208#return; {21529#true} is VALID [2022-02-20 18:00:00,371 INFO L290 TraceCheckUtils]: 11: Hoare triple {21529#true} assume { :end_inline_setup_bob__wrappee__Base } true; {21529#true} is VALID [2022-02-20 18:00:00,372 INFO L272 TraceCheckUtils]: 12: Hoare triple {21529#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {21590#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:00,372 INFO L290 TraceCheckUtils]: 13: Hoare triple {21590#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21529#true} is VALID [2022-02-20 18:00:00,372 INFO L290 TraceCheckUtils]: 14: Hoare triple {21529#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21529#true} is VALID [2022-02-20 18:00:00,372 INFO L290 TraceCheckUtils]: 15: Hoare triple {21529#true} assume true; {21529#true} is VALID [2022-02-20 18:00:00,372 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {21529#true} {21529#true} #1210#return; {21529#true} is VALID [2022-02-20 18:00:00,372 INFO L290 TraceCheckUtils]: 17: Hoare triple {21529#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet69#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {21529#true} is VALID [2022-02-20 18:00:00,373 INFO L272 TraceCheckUtils]: 18: Hoare triple {21529#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {21589#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:00,373 INFO L290 TraceCheckUtils]: 19: Hoare triple {21589#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21529#true} is VALID [2022-02-20 18:00:00,379 INFO L290 TraceCheckUtils]: 20: Hoare triple {21529#true} assume !(1 == ~handle); {21529#true} is VALID [2022-02-20 18:00:00,379 INFO L290 TraceCheckUtils]: 21: Hoare triple {21529#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {21529#true} is VALID [2022-02-20 18:00:00,379 INFO L290 TraceCheckUtils]: 22: Hoare triple {21529#true} assume true; {21529#true} is VALID [2022-02-20 18:00:00,380 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {21529#true} {21529#true} #1212#return; {21529#true} is VALID [2022-02-20 18:00:00,380 INFO L290 TraceCheckUtils]: 24: Hoare triple {21529#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {21529#true} is VALID [2022-02-20 18:00:00,381 INFO L272 TraceCheckUtils]: 25: Hoare triple {21529#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {21590#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:00,381 INFO L290 TraceCheckUtils]: 26: Hoare triple {21590#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21529#true} is VALID [2022-02-20 18:00:00,381 INFO L290 TraceCheckUtils]: 27: Hoare triple {21529#true} assume !(1 == ~handle); {21529#true} is VALID [2022-02-20 18:00:00,381 INFO L290 TraceCheckUtils]: 28: Hoare triple {21529#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {21529#true} is VALID [2022-02-20 18:00:00,381 INFO L290 TraceCheckUtils]: 29: Hoare triple {21529#true} assume true; {21529#true} is VALID [2022-02-20 18:00:00,381 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {21529#true} {21529#true} #1214#return; {21529#true} is VALID [2022-02-20 18:00:00,382 INFO L290 TraceCheckUtils]: 31: Hoare triple {21529#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 33, 0;havoc setup_#t~nondet70#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {21549#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:00:00,383 INFO L272 TraceCheckUtils]: 32: Hoare triple {21549#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {21589#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:00,383 INFO L290 TraceCheckUtils]: 33: Hoare triple {21589#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21591#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:00,383 INFO L290 TraceCheckUtils]: 34: Hoare triple {21591#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {21591#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:00,384 INFO L290 TraceCheckUtils]: 35: Hoare triple {21591#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {21591#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:00,384 INFO L290 TraceCheckUtils]: 36: Hoare triple {21591#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {21592#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:00,384 INFO L290 TraceCheckUtils]: 37: Hoare triple {21592#(= 3 |setClientId_#in~handle|)} assume true; {21592#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:00,385 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {21592#(= 3 |setClientId_#in~handle|)} {21549#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1216#return; {21556#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:00:00,385 INFO L290 TraceCheckUtils]: 39: Hoare triple {21556#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {21556#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:00:00,386 INFO L272 TraceCheckUtils]: 40: Hoare triple {21556#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {21590#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:00,386 INFO L290 TraceCheckUtils]: 41: Hoare triple {21590#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21593#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:00,387 INFO L290 TraceCheckUtils]: 42: Hoare triple {21593#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21594#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:00:00,387 INFO L290 TraceCheckUtils]: 43: Hoare triple {21594#(= |setClientPrivateKey_#in~handle| 1)} assume true; {21594#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:00:00,388 INFO L284 TraceCheckUtils]: 44: Hoare quadruple {21594#(= |setClientPrivateKey_#in~handle| 1)} {21556#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1218#return; {21530#false} is VALID [2022-02-20 18:00:00,388 INFO L290 TraceCheckUtils]: 45: Hoare triple {21530#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 34, 0;havoc setup_#t~nondet71#1; {21530#false} is VALID [2022-02-20 18:00:00,388 INFO L290 TraceCheckUtils]: 46: Hoare triple {21530#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {21530#false} is VALID [2022-02-20 18:00:00,388 INFO L290 TraceCheckUtils]: 47: Hoare triple {21530#false} assume !false; {21530#false} is VALID [2022-02-20 18:00:00,388 INFO L290 TraceCheckUtils]: 48: Hoare triple {21530#false} assume test_~splverifierCounter~0#1 < 4; {21530#false} is VALID [2022-02-20 18:00:00,388 INFO L290 TraceCheckUtils]: 49: Hoare triple {21530#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {21530#false} is VALID [2022-02-20 18:00:00,388 INFO L290 TraceCheckUtils]: 50: Hoare triple {21530#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet87#1 && test_#t~nondet87#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet87#1;havoc test_#t~nondet87#1; {21530#false} is VALID [2022-02-20 18:00:00,389 INFO L290 TraceCheckUtils]: 51: Hoare triple {21530#false} assume !(0 != test_~tmp___9~0#1); {21530#false} is VALID [2022-02-20 18:00:00,389 INFO L290 TraceCheckUtils]: 52: Hoare triple {21530#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet88#1 && test_#t~nondet88#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet88#1;havoc test_#t~nondet88#1; {21530#false} is VALID [2022-02-20 18:00:00,389 INFO L290 TraceCheckUtils]: 53: Hoare triple {21530#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {21530#false} is VALID [2022-02-20 18:00:00,389 INFO L290 TraceCheckUtils]: 54: Hoare triple {21530#false} assume !false; {21530#false} is VALID [2022-02-20 18:00:00,389 INFO L290 TraceCheckUtils]: 55: Hoare triple {21530#false} assume !(test_~splverifierCounter~0#1 < 4); {21530#false} is VALID [2022-02-20 18:00:00,389 INFO L290 TraceCheckUtils]: 56: Hoare triple {21530#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret64#1, bobToRjh_#t~ret65#1, bobToRjh_#t~ret66#1, bobToRjh_#t~ret67#1, bobToRjh_~tmp~14#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~14#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret64#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret64#1 && bobToRjh_#t~ret64#1 <= 2147483647;havoc bobToRjh_#t~ret64#1; {21530#false} is VALID [2022-02-20 18:00:00,389 INFO L272 TraceCheckUtils]: 57: Hoare triple {21530#false} call sendEmail(~bob~0, ~rjh~0); {21530#false} is VALID [2022-02-20 18:00:00,390 INFO L290 TraceCheckUtils]: 58: Hoare triple {21530#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~11#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~6#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~6#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {21530#false} is VALID [2022-02-20 18:00:00,390 INFO L272 TraceCheckUtils]: 59: Hoare triple {21530#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {21595#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:00,390 INFO L290 TraceCheckUtils]: 60: Hoare triple {21595#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21529#true} is VALID [2022-02-20 18:00:00,390 INFO L290 TraceCheckUtils]: 61: Hoare triple {21529#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21529#true} is VALID [2022-02-20 18:00:00,390 INFO L290 TraceCheckUtils]: 62: Hoare triple {21529#true} assume true; {21529#true} is VALID [2022-02-20 18:00:00,390 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {21529#true} {21530#false} #1166#return; {21530#false} is VALID [2022-02-20 18:00:00,390 INFO L272 TraceCheckUtils]: 64: Hoare triple {21530#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {21596#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:00:00,391 INFO L290 TraceCheckUtils]: 65: Hoare triple {21596#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {21529#true} is VALID [2022-02-20 18:00:00,391 INFO L290 TraceCheckUtils]: 66: Hoare triple {21529#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21529#true} is VALID [2022-02-20 18:00:00,391 INFO L290 TraceCheckUtils]: 67: Hoare triple {21529#true} assume true; {21529#true} is VALID [2022-02-20 18:00:00,391 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {21529#true} {21530#false} #1168#return; {21530#false} is VALID [2022-02-20 18:00:00,391 INFO L290 TraceCheckUtils]: 69: Hoare triple {21530#false} createEmail_~retValue_acc~6#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~6#1; {21530#false} is VALID [2022-02-20 18:00:00,391 INFO L290 TraceCheckUtils]: 70: Hoare triple {21530#false} #t~ret54#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret54#1 && #t~ret54#1 <= 2147483647;~tmp~11#1 := #t~ret54#1;havoc #t~ret54#1;~email~0#1 := ~tmp~11#1; {21530#false} is VALID [2022-02-20 18:00:00,391 INFO L272 TraceCheckUtils]: 71: Hoare triple {21530#false} call outgoing(~sender#1, ~email~0#1); {21530#false} is VALID [2022-02-20 18:00:00,392 INFO L290 TraceCheckUtils]: 72: Hoare triple {21530#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret56#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~12#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~12#1; {21530#false} is VALID [2022-02-20 18:00:00,392 INFO L272 TraceCheckUtils]: 73: Hoare triple {21530#false} call sign_#t~ret56#1 := getClientPrivateKey(sign_~client#1); {21529#true} is VALID [2022-02-20 18:00:00,392 INFO L290 TraceCheckUtils]: 74: Hoare triple {21529#true} ~handle := #in~handle;havoc ~retValue_acc~35; {21529#true} is VALID [2022-02-20 18:00:00,392 INFO L290 TraceCheckUtils]: 75: Hoare triple {21529#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {21529#true} is VALID [2022-02-20 18:00:00,392 INFO L290 TraceCheckUtils]: 76: Hoare triple {21529#true} assume true; {21529#true} is VALID [2022-02-20 18:00:00,392 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {21529#true} {21530#false} #1146#return; {21530#false} is VALID [2022-02-20 18:00:00,392 INFO L290 TraceCheckUtils]: 78: Hoare triple {21530#false} assume -2147483648 <= sign_#t~ret56#1 && sign_#t~ret56#1 <= 2147483647;sign_~tmp~12#1 := sign_#t~ret56#1;havoc sign_#t~ret56#1;sign_~privkey~0#1 := sign_~tmp~12#1; {21530#false} is VALID [2022-02-20 18:00:00,393 INFO L290 TraceCheckUtils]: 79: Hoare triple {21530#false} assume 0 == sign_~privkey~0#1; {21530#false} is VALID [2022-02-20 18:00:00,393 INFO L290 TraceCheckUtils]: 80: Hoare triple {21530#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret45#1, outgoing__wrappee__AddressBook_#t~ret46#1, outgoing__wrappee__AddressBook_#t~ret47#1, outgoing__wrappee__AddressBook_#t~ret48#1, outgoing__wrappee__AddressBook_#t~ret49#1, outgoing__wrappee__AddressBook_#t~ret50#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~8#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~2#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~1#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~8#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~2#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~1#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {21530#false} is VALID [2022-02-20 18:00:00,393 INFO L272 TraceCheckUtils]: 81: Hoare triple {21530#false} call outgoing__wrappee__AddressBook_#t~ret45#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {21529#true} is VALID [2022-02-20 18:00:00,393 INFO L290 TraceCheckUtils]: 82: Hoare triple {21529#true} ~handle := #in~handle;havoc ~retValue_acc~29; {21529#true} is VALID [2022-02-20 18:00:00,393 INFO L290 TraceCheckUtils]: 83: Hoare triple {21529#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {21529#true} is VALID [2022-02-20 18:00:00,393 INFO L290 TraceCheckUtils]: 84: Hoare triple {21529#true} assume true; {21529#true} is VALID [2022-02-20 18:00:00,393 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {21529#true} {21530#false} #1148#return; {21530#false} is VALID [2022-02-20 18:00:00,394 INFO L290 TraceCheckUtils]: 86: Hoare triple {21530#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret45#1 && outgoing__wrappee__AddressBook_#t~ret45#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~8#1 := outgoing__wrappee__AddressBook_#t~ret45#1;havoc outgoing__wrappee__AddressBook_#t~ret45#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~8#1; {21530#false} is VALID [2022-02-20 18:00:00,394 INFO L290 TraceCheckUtils]: 87: Hoare triple {21530#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {21530#false} is VALID [2022-02-20 18:00:00,394 INFO L272 TraceCheckUtils]: 88: Hoare triple {21530#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {21530#false} is VALID [2022-02-20 18:00:00,394 INFO L290 TraceCheckUtils]: 89: Hoare triple {21530#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {21530#false} is VALID [2022-02-20 18:00:00,394 INFO L290 TraceCheckUtils]: 90: Hoare triple {21530#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {21530#false} is VALID [2022-02-20 18:00:00,394 INFO L290 TraceCheckUtils]: 91: Hoare triple {21530#false} #t~ret44#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret44#1 && #t~ret44#1 <= 2147483647;~tmp~7#1 := #t~ret44#1;havoc #t~ret44#1; {21530#false} is VALID [2022-02-20 18:00:00,394 INFO L272 TraceCheckUtils]: 92: Hoare triple {21530#false} call setEmailFrom(~msg#1, ~tmp~7#1); {21595#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:00,395 INFO L290 TraceCheckUtils]: 93: Hoare triple {21595#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21529#true} is VALID [2022-02-20 18:00:00,395 INFO L290 TraceCheckUtils]: 94: Hoare triple {21529#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21529#true} is VALID [2022-02-20 18:00:00,395 INFO L290 TraceCheckUtils]: 95: Hoare triple {21529#true} assume true; {21529#true} is VALID [2022-02-20 18:00:00,395 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {21529#true} {21530#false} #1172#return; {21530#false} is VALID [2022-02-20 18:00:00,395 INFO L290 TraceCheckUtils]: 97: Hoare triple {21530#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret42#1, mail_#t~ret43#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret84#1, __utac_acc__SignForward_spec__1_#t~ret85#1, __utac_acc__SignForward_spec__1_#t~ret86#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~17#1, __utac_acc__SignForward_spec__1_~tmp___0~6#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~17#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~6#1;call __utac_acc__SignForward_spec__1_#t~ret84#1 := puts(38, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret84#1 && __utac_acc__SignForward_spec__1_#t~ret84#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret84#1; {21530#false} is VALID [2022-02-20 18:00:00,395 INFO L272 TraceCheckUtils]: 98: Hoare triple {21530#false} call __utac_acc__SignForward_spec__1_#t~ret85#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {21529#true} is VALID [2022-02-20 18:00:00,396 INFO L290 TraceCheckUtils]: 99: Hoare triple {21529#true} ~handle := #in~handle;havoc ~retValue_acc~20; {21529#true} is VALID [2022-02-20 18:00:00,396 INFO L290 TraceCheckUtils]: 100: Hoare triple {21529#true} assume 1 == ~handle;~retValue_acc~20 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~20; {21529#true} is VALID [2022-02-20 18:00:00,396 INFO L290 TraceCheckUtils]: 101: Hoare triple {21529#true} assume true; {21529#true} is VALID [2022-02-20 18:00:00,396 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {21529#true} {21530#false} #1174#return; {21530#false} is VALID [2022-02-20 18:00:00,396 INFO L290 TraceCheckUtils]: 103: Hoare triple {21530#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret85#1 && __utac_acc__SignForward_spec__1_#t~ret85#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~6#1 := __utac_acc__SignForward_spec__1_#t~ret85#1;havoc __utac_acc__SignForward_spec__1_#t~ret85#1; {21530#false} is VALID [2022-02-20 18:00:00,396 INFO L290 TraceCheckUtils]: 104: Hoare triple {21530#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~6#1; {21530#false} is VALID [2022-02-20 18:00:00,396 INFO L272 TraceCheckUtils]: 105: Hoare triple {21530#false} call __utac_acc__SignForward_spec__1_#t~ret86#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {21529#true} is VALID [2022-02-20 18:00:00,397 INFO L290 TraceCheckUtils]: 106: Hoare triple {21529#true} ~handle := #in~handle;havoc ~retValue_acc~35; {21529#true} is VALID [2022-02-20 18:00:00,397 INFO L290 TraceCheckUtils]: 107: Hoare triple {21529#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {21529#true} is VALID [2022-02-20 18:00:00,397 INFO L290 TraceCheckUtils]: 108: Hoare triple {21529#true} assume true; {21529#true} is VALID [2022-02-20 18:00:00,397 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {21529#true} {21530#false} #1176#return; {21530#false} is VALID [2022-02-20 18:00:00,397 INFO L290 TraceCheckUtils]: 110: Hoare triple {21530#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret86#1 && __utac_acc__SignForward_spec__1_#t~ret86#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~17#1 := __utac_acc__SignForward_spec__1_#t~ret86#1;havoc __utac_acc__SignForward_spec__1_#t~ret86#1; {21530#false} is VALID [2022-02-20 18:00:00,397 INFO L290 TraceCheckUtils]: 111: Hoare triple {21530#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~17#1;assume { :begin_inline___automaton_fail } true; {21530#false} is VALID [2022-02-20 18:00:00,397 INFO L290 TraceCheckUtils]: 112: Hoare triple {21530#false} assume !false; {21530#false} is VALID [2022-02-20 18:00:00,398 INFO L134 CoverageAnalysis]: Checked inductivity of 35 backedges. 13 proven. 0 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 18:00:00,398 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:00:00,398 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [399398282] [2022-02-20 18:00:00,398 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [399398282] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:00:00,398 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:00:00,399 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 18:00:00,399 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [438109272] [2022-02-20 18:00:00,399 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:00:00,399 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 6.636363636363637) internal successors, (73), 8 states have internal predecessors, (73), 4 states have call successors, (16), 6 states have call predecessors, (16), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) Word has length 113 [2022-02-20 18:00:00,400 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:00:00,400 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 6.636363636363637) internal successors, (73), 8 states have internal predecessors, (73), 4 states have call successors, (16), 6 states have call predecessors, (16), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 18:00:00,484 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 102 edges. 102 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:00,485 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 18:00:00,485 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:00:00,486 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 18:00:00,486 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:00:00,486 INFO L87 Difference]: Start difference. First operand 454 states and 709 transitions. Second operand has 12 states, 11 states have (on average 6.636363636363637) internal successors, (73), 8 states have internal predecessors, (73), 4 states have call successors, (16), 6 states have call predecessors, (16), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 18:00:11,553 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:11,553 INFO L93 Difference]: Finished difference Result 1059 states and 1675 transitions. [2022-02-20 18:00:11,553 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2022-02-20 18:00:11,554 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 6.636363636363637) internal successors, (73), 8 states have internal predecessors, (73), 4 states have call successors, (16), 6 states have call predecessors, (16), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) Word has length 113 [2022-02-20 18:00:11,554 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:00:11,554 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 6.636363636363637) internal successors, (73), 8 states have internal predecessors, (73), 4 states have call successors, (16), 6 states have call predecessors, (16), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 18:00:11,569 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1427 transitions. [2022-02-20 18:00:11,570 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 6.636363636363637) internal successors, (73), 8 states have internal predecessors, (73), 4 states have call successors, (16), 6 states have call predecessors, (16), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 18:00:11,585 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1427 transitions. [2022-02-20 18:00:11,585 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 1427 transitions. [2022-02-20 18:00:12,939 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1427 edges. 1427 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:12,974 INFO L225 Difference]: With dead ends: 1059 [2022-02-20 18:00:12,975 INFO L226 Difference]: Without dead ends: 632 [2022-02-20 18:00:12,977 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 51 GetRequests, 29 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 71 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=112, Invalid=440, Unknown=0, NotChecked=0, Total=552 [2022-02-20 18:00:12,977 INFO L933 BasicCegarLoop]: 698 mSDtfsCounter, 1554 mSDsluCounter, 1366 mSDsCounter, 0 mSdLazyCounter, 4364 mSolverCounterSat, 585 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 5.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1554 SdHoareTripleChecker+Valid, 2064 SdHoareTripleChecker+Invalid, 4949 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 585 IncrementalHoareTripleChecker+Valid, 4364 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 5.2s IncrementalHoareTripleChecker+Time [2022-02-20 18:00:12,978 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1554 Valid, 2064 Invalid, 4949 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [585 Valid, 4364 Invalid, 0 Unknown, 0 Unchecked, 5.2s Time] [2022-02-20 18:00:12,979 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 632 states. [2022-02-20 18:00:13,085 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 632 to 454. [2022-02-20 18:00:13,085 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:00:13,086 INFO L82 GeneralOperation]: Start isEquivalent. First operand 632 states. Second operand has 454 states, 358 states have (on average 1.5698324022346368) internal successors, (562), 363 states have internal predecessors, (562), 70 states have call successors, (70), 22 states have call predecessors, (70), 25 states have return successors, (76), 68 states have call predecessors, (76), 69 states have call successors, (76) [2022-02-20 18:00:13,087 INFO L74 IsIncluded]: Start isIncluded. First operand 632 states. Second operand has 454 states, 358 states have (on average 1.5698324022346368) internal successors, (562), 363 states have internal predecessors, (562), 70 states have call successors, (70), 22 states have call predecessors, (70), 25 states have return successors, (76), 68 states have call predecessors, (76), 69 states have call successors, (76) [2022-02-20 18:00:13,089 INFO L87 Difference]: Start difference. First operand 632 states. Second operand has 454 states, 358 states have (on average 1.5698324022346368) internal successors, (562), 363 states have internal predecessors, (562), 70 states have call successors, (70), 22 states have call predecessors, (70), 25 states have return successors, (76), 68 states have call predecessors, (76), 69 states have call successors, (76) [2022-02-20 18:00:13,120 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:13,120 INFO L93 Difference]: Finished difference Result 632 states and 1003 transitions. [2022-02-20 18:00:13,120 INFO L276 IsEmpty]: Start isEmpty. Operand 632 states and 1003 transitions. [2022-02-20 18:00:13,125 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:13,125 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:13,126 INFO L74 IsIncluded]: Start isIncluded. First operand has 454 states, 358 states have (on average 1.5698324022346368) internal successors, (562), 363 states have internal predecessors, (562), 70 states have call successors, (70), 22 states have call predecessors, (70), 25 states have return successors, (76), 68 states have call predecessors, (76), 69 states have call successors, (76) Second operand 632 states. [2022-02-20 18:00:13,127 INFO L87 Difference]: Start difference. First operand has 454 states, 358 states have (on average 1.5698324022346368) internal successors, (562), 363 states have internal predecessors, (562), 70 states have call successors, (70), 22 states have call predecessors, (70), 25 states have return successors, (76), 68 states have call predecessors, (76), 69 states have call successors, (76) Second operand 632 states. [2022-02-20 18:00:13,156 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:13,157 INFO L93 Difference]: Finished difference Result 632 states and 1003 transitions. [2022-02-20 18:00:13,157 INFO L276 IsEmpty]: Start isEmpty. Operand 632 states and 1003 transitions. [2022-02-20 18:00:13,161 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:13,161 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:13,161 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:00:13,161 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:00:13,162 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 454 states, 358 states have (on average 1.5698324022346368) internal successors, (562), 363 states have internal predecessors, (562), 70 states have call successors, (70), 22 states have call predecessors, (70), 25 states have return successors, (76), 68 states have call predecessors, (76), 69 states have call successors, (76) [2022-02-20 18:00:13,181 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 454 states to 454 states and 708 transitions. [2022-02-20 18:00:13,181 INFO L78 Accepts]: Start accepts. Automaton has 454 states and 708 transitions. Word has length 113 [2022-02-20 18:00:13,181 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:00:13,182 INFO L470 AbstractCegarLoop]: Abstraction has 454 states and 708 transitions. [2022-02-20 18:00:13,182 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 12 states, 11 states have (on average 6.636363636363637) internal successors, (73), 8 states have internal predecessors, (73), 4 states have call successors, (16), 6 states have call predecessors, (16), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 18:00:13,182 INFO L276 IsEmpty]: Start isEmpty. Operand 454 states and 708 transitions. [2022-02-20 18:00:13,185 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 115 [2022-02-20 18:00:13,185 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:00:13,185 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:00:13,185 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-02-20 18:00:13,186 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:00:13,186 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:00:13,186 INFO L85 PathProgramCache]: Analyzing trace with hash 1255533047, now seen corresponding path program 2 times [2022-02-20 18:00:13,186 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:00:13,186 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1441567959] [2022-02-20 18:00:13,187 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:13,187 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:00:13,214 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:13,253 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:00:13,255 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:13,257 INFO L290 TraceCheckUtils]: 0: Hoare triple {25062#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25001#true} is VALID [2022-02-20 18:00:13,257 INFO L290 TraceCheckUtils]: 1: Hoare triple {25001#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25001#true} is VALID [2022-02-20 18:00:13,257 INFO L290 TraceCheckUtils]: 2: Hoare triple {25001#true} assume true; {25001#true} is VALID [2022-02-20 18:00:13,258 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25001#true} {25001#true} #1208#return; {25001#true} is VALID [2022-02-20 18:00:13,264 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:00:13,265 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:13,269 INFO L290 TraceCheckUtils]: 0: Hoare triple {25063#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25001#true} is VALID [2022-02-20 18:00:13,269 INFO L290 TraceCheckUtils]: 1: Hoare triple {25001#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25001#true} is VALID [2022-02-20 18:00:13,269 INFO L290 TraceCheckUtils]: 2: Hoare triple {25001#true} assume true; {25001#true} is VALID [2022-02-20 18:00:13,269 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25001#true} {25001#true} #1210#return; {25001#true} is VALID [2022-02-20 18:00:13,270 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:00:13,271 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:13,274 INFO L290 TraceCheckUtils]: 0: Hoare triple {25062#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25001#true} is VALID [2022-02-20 18:00:13,274 INFO L290 TraceCheckUtils]: 1: Hoare triple {25001#true} assume !(1 == ~handle); {25001#true} is VALID [2022-02-20 18:00:13,274 INFO L290 TraceCheckUtils]: 2: Hoare triple {25001#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {25001#true} is VALID [2022-02-20 18:00:13,274 INFO L290 TraceCheckUtils]: 3: Hoare triple {25001#true} assume true; {25001#true} is VALID [2022-02-20 18:00:13,274 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {25001#true} {25001#true} #1212#return; {25001#true} is VALID [2022-02-20 18:00:13,275 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:00:13,276 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:13,278 INFO L290 TraceCheckUtils]: 0: Hoare triple {25063#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25001#true} is VALID [2022-02-20 18:00:13,279 INFO L290 TraceCheckUtils]: 1: Hoare triple {25001#true} assume !(1 == ~handle); {25001#true} is VALID [2022-02-20 18:00:13,279 INFO L290 TraceCheckUtils]: 2: Hoare triple {25001#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {25001#true} is VALID [2022-02-20 18:00:13,279 INFO L290 TraceCheckUtils]: 3: Hoare triple {25001#true} assume true; {25001#true} is VALID [2022-02-20 18:00:13,279 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {25001#true} {25001#true} #1214#return; {25001#true} is VALID [2022-02-20 18:00:13,279 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:00:13,291 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:13,306 INFO L290 TraceCheckUtils]: 0: Hoare triple {25062#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25064#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:13,306 INFO L290 TraceCheckUtils]: 1: Hoare triple {25064#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {25064#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:13,306 INFO L290 TraceCheckUtils]: 2: Hoare triple {25064#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {25064#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:13,307 INFO L290 TraceCheckUtils]: 3: Hoare triple {25064#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {25065#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:13,307 INFO L290 TraceCheckUtils]: 4: Hoare triple {25065#(= 3 |setClientId_#in~handle|)} assume true; {25065#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:13,308 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {25065#(= 3 |setClientId_#in~handle|)} {25021#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1216#return; {25028#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:00:13,308 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:00:13,310 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:13,329 INFO L290 TraceCheckUtils]: 0: Hoare triple {25063#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25066#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:13,329 INFO L290 TraceCheckUtils]: 1: Hoare triple {25066#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {25066#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:13,330 INFO L290 TraceCheckUtils]: 2: Hoare triple {25066#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {25067#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:13,330 INFO L290 TraceCheckUtils]: 3: Hoare triple {25067#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {25067#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:13,330 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {25067#(= 2 |setClientPrivateKey_#in~handle|)} {25028#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1218#return; {25002#false} is VALID [2022-02-20 18:00:13,339 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-02-20 18:00:13,340 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:13,342 INFO L290 TraceCheckUtils]: 0: Hoare triple {25068#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25001#true} is VALID [2022-02-20 18:00:13,342 INFO L290 TraceCheckUtils]: 1: Hoare triple {25001#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25001#true} is VALID [2022-02-20 18:00:13,343 INFO L290 TraceCheckUtils]: 2: Hoare triple {25001#true} assume true; {25001#true} is VALID [2022-02-20 18:00:13,343 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25001#true} {25002#false} #1166#return; {25002#false} is VALID [2022-02-20 18:00:13,352 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65 [2022-02-20 18:00:13,353 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:13,355 INFO L290 TraceCheckUtils]: 0: Hoare triple {25069#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {25001#true} is VALID [2022-02-20 18:00:13,355 INFO L290 TraceCheckUtils]: 1: Hoare triple {25001#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25001#true} is VALID [2022-02-20 18:00:13,355 INFO L290 TraceCheckUtils]: 2: Hoare triple {25001#true} assume true; {25001#true} is VALID [2022-02-20 18:00:13,355 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25001#true} {25002#false} #1168#return; {25002#false} is VALID [2022-02-20 18:00:13,356 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 74 [2022-02-20 18:00:13,356 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:13,358 INFO L290 TraceCheckUtils]: 0: Hoare triple {25001#true} ~handle := #in~handle;havoc ~retValue_acc~35; {25001#true} is VALID [2022-02-20 18:00:13,359 INFO L290 TraceCheckUtils]: 1: Hoare triple {25001#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {25001#true} is VALID [2022-02-20 18:00:13,359 INFO L290 TraceCheckUtils]: 2: Hoare triple {25001#true} assume true; {25001#true} is VALID [2022-02-20 18:00:13,359 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25001#true} {25002#false} #1146#return; {25002#false} is VALID [2022-02-20 18:00:13,359 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82 [2022-02-20 18:00:13,361 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:13,363 INFO L290 TraceCheckUtils]: 0: Hoare triple {25001#true} ~handle := #in~handle;havoc ~retValue_acc~29; {25001#true} is VALID [2022-02-20 18:00:13,363 INFO L290 TraceCheckUtils]: 1: Hoare triple {25001#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {25001#true} is VALID [2022-02-20 18:00:13,363 INFO L290 TraceCheckUtils]: 2: Hoare triple {25001#true} assume true; {25001#true} is VALID [2022-02-20 18:00:13,364 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25001#true} {25002#false} #1148#return; {25002#false} is VALID [2022-02-20 18:00:13,364 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 18:00:13,365 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:13,369 INFO L290 TraceCheckUtils]: 0: Hoare triple {25068#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25001#true} is VALID [2022-02-20 18:00:13,370 INFO L290 TraceCheckUtils]: 1: Hoare triple {25001#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25001#true} is VALID [2022-02-20 18:00:13,370 INFO L290 TraceCheckUtils]: 2: Hoare triple {25001#true} assume true; {25001#true} is VALID [2022-02-20 18:00:13,370 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25001#true} {25002#false} #1172#return; {25002#false} is VALID [2022-02-20 18:00:13,370 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99 [2022-02-20 18:00:13,371 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:13,374 INFO L290 TraceCheckUtils]: 0: Hoare triple {25001#true} ~handle := #in~handle;havoc ~retValue_acc~20; {25001#true} is VALID [2022-02-20 18:00:13,374 INFO L290 TraceCheckUtils]: 1: Hoare triple {25001#true} assume 1 == ~handle;~retValue_acc~20 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~20; {25001#true} is VALID [2022-02-20 18:00:13,374 INFO L290 TraceCheckUtils]: 2: Hoare triple {25001#true} assume true; {25001#true} is VALID [2022-02-20 18:00:13,374 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25001#true} {25002#false} #1174#return; {25002#false} is VALID [2022-02-20 18:00:13,375 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 106 [2022-02-20 18:00:13,376 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:13,378 INFO L290 TraceCheckUtils]: 0: Hoare triple {25001#true} ~handle := #in~handle;havoc ~retValue_acc~35; {25001#true} is VALID [2022-02-20 18:00:13,378 INFO L290 TraceCheckUtils]: 1: Hoare triple {25001#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {25001#true} is VALID [2022-02-20 18:00:13,378 INFO L290 TraceCheckUtils]: 2: Hoare triple {25001#true} assume true; {25001#true} is VALID [2022-02-20 18:00:13,378 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25001#true} {25002#false} #1176#return; {25002#false} is VALID [2022-02-20 18:00:13,378 INFO L290 TraceCheckUtils]: 0: Hoare triple {25001#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(16, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(34, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(20, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(13, 38);~head~0.base, ~head~0.offset := 0, 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {25001#true} is VALID [2022-02-20 18:00:13,379 INFO L290 TraceCheckUtils]: 1: Hoare triple {25001#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret72#1, main_~retValue_acc~23#1, main_~tmp~15#1;havoc main_~retValue_acc~23#1;havoc main_~tmp~15#1;assume { :begin_inline_select_helpers } true; {25001#true} is VALID [2022-02-20 18:00:13,379 INFO L290 TraceCheckUtils]: 2: Hoare triple {25001#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {25001#true} is VALID [2022-02-20 18:00:13,379 INFO L290 TraceCheckUtils]: 3: Hoare triple {25001#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~25#1;havoc valid_product_~retValue_acc~25#1;valid_product_~retValue_acc~25#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~25#1; {25001#true} is VALID [2022-02-20 18:00:13,379 INFO L290 TraceCheckUtils]: 4: Hoare triple {25001#true} main_#t~ret72#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret72#1 && main_#t~ret72#1 <= 2147483647;main_~tmp~15#1 := main_#t~ret72#1;havoc main_#t~ret72#1; {25001#true} is VALID [2022-02-20 18:00:13,379 INFO L290 TraceCheckUtils]: 5: Hoare triple {25001#true} assume 0 != main_~tmp~15#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet69#1, setup_#t~nondet70#1, setup_#t~nondet71#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {25001#true} is VALID [2022-02-20 18:00:13,380 INFO L272 TraceCheckUtils]: 6: Hoare triple {25001#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {25062#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:13,380 INFO L290 TraceCheckUtils]: 7: Hoare triple {25062#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25001#true} is VALID [2022-02-20 18:00:13,380 INFO L290 TraceCheckUtils]: 8: Hoare triple {25001#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25001#true} is VALID [2022-02-20 18:00:13,380 INFO L290 TraceCheckUtils]: 9: Hoare triple {25001#true} assume true; {25001#true} is VALID [2022-02-20 18:00:13,381 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {25001#true} {25001#true} #1208#return; {25001#true} is VALID [2022-02-20 18:00:13,381 INFO L290 TraceCheckUtils]: 11: Hoare triple {25001#true} assume { :end_inline_setup_bob__wrappee__Base } true; {25001#true} is VALID [2022-02-20 18:00:13,381 INFO L272 TraceCheckUtils]: 12: Hoare triple {25001#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {25063#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:13,382 INFO L290 TraceCheckUtils]: 13: Hoare triple {25063#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25001#true} is VALID [2022-02-20 18:00:13,382 INFO L290 TraceCheckUtils]: 14: Hoare triple {25001#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25001#true} is VALID [2022-02-20 18:00:13,382 INFO L290 TraceCheckUtils]: 15: Hoare triple {25001#true} assume true; {25001#true} is VALID [2022-02-20 18:00:13,382 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {25001#true} {25001#true} #1210#return; {25001#true} is VALID [2022-02-20 18:00:13,382 INFO L290 TraceCheckUtils]: 17: Hoare triple {25001#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet69#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {25001#true} is VALID [2022-02-20 18:00:13,383 INFO L272 TraceCheckUtils]: 18: Hoare triple {25001#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {25062#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:13,383 INFO L290 TraceCheckUtils]: 19: Hoare triple {25062#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25001#true} is VALID [2022-02-20 18:00:13,383 INFO L290 TraceCheckUtils]: 20: Hoare triple {25001#true} assume !(1 == ~handle); {25001#true} is VALID [2022-02-20 18:00:13,384 INFO L290 TraceCheckUtils]: 21: Hoare triple {25001#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {25001#true} is VALID [2022-02-20 18:00:13,384 INFO L290 TraceCheckUtils]: 22: Hoare triple {25001#true} assume true; {25001#true} is VALID [2022-02-20 18:00:13,384 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {25001#true} {25001#true} #1212#return; {25001#true} is VALID [2022-02-20 18:00:13,384 INFO L290 TraceCheckUtils]: 24: Hoare triple {25001#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {25001#true} is VALID [2022-02-20 18:00:13,385 INFO L272 TraceCheckUtils]: 25: Hoare triple {25001#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {25063#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:13,385 INFO L290 TraceCheckUtils]: 26: Hoare triple {25063#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25001#true} is VALID [2022-02-20 18:00:13,385 INFO L290 TraceCheckUtils]: 27: Hoare triple {25001#true} assume !(1 == ~handle); {25001#true} is VALID [2022-02-20 18:00:13,385 INFO L290 TraceCheckUtils]: 28: Hoare triple {25001#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {25001#true} is VALID [2022-02-20 18:00:13,385 INFO L290 TraceCheckUtils]: 29: Hoare triple {25001#true} assume true; {25001#true} is VALID [2022-02-20 18:00:13,385 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {25001#true} {25001#true} #1214#return; {25001#true} is VALID [2022-02-20 18:00:13,386 INFO L290 TraceCheckUtils]: 31: Hoare triple {25001#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 33, 0;havoc setup_#t~nondet70#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {25021#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:00:13,387 INFO L272 TraceCheckUtils]: 32: Hoare triple {25021#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {25062#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:13,387 INFO L290 TraceCheckUtils]: 33: Hoare triple {25062#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25064#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:13,387 INFO L290 TraceCheckUtils]: 34: Hoare triple {25064#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {25064#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:13,388 INFO L290 TraceCheckUtils]: 35: Hoare triple {25064#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {25064#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:13,388 INFO L290 TraceCheckUtils]: 36: Hoare triple {25064#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {25065#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:13,388 INFO L290 TraceCheckUtils]: 37: Hoare triple {25065#(= 3 |setClientId_#in~handle|)} assume true; {25065#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:13,389 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {25065#(= 3 |setClientId_#in~handle|)} {25021#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1216#return; {25028#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:00:13,389 INFO L290 TraceCheckUtils]: 39: Hoare triple {25028#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} assume { :end_inline_setup_chuck__wrappee__Base } true; {25028#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:00:13,390 INFO L272 TraceCheckUtils]: 40: Hoare triple {25028#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {25063#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:13,390 INFO L290 TraceCheckUtils]: 41: Hoare triple {25063#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25066#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:13,391 INFO L290 TraceCheckUtils]: 42: Hoare triple {25066#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {25066#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:13,391 INFO L290 TraceCheckUtils]: 43: Hoare triple {25066#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {25067#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:13,391 INFO L290 TraceCheckUtils]: 44: Hoare triple {25067#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {25067#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:13,392 INFO L284 TraceCheckUtils]: 45: Hoare quadruple {25067#(= 2 |setClientPrivateKey_#in~handle|)} {25028#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1218#return; {25002#false} is VALID [2022-02-20 18:00:13,392 INFO L290 TraceCheckUtils]: 46: Hoare triple {25002#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 34, 0;havoc setup_#t~nondet71#1; {25002#false} is VALID [2022-02-20 18:00:13,392 INFO L290 TraceCheckUtils]: 47: Hoare triple {25002#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {25002#false} is VALID [2022-02-20 18:00:13,392 INFO L290 TraceCheckUtils]: 48: Hoare triple {25002#false} assume !false; {25002#false} is VALID [2022-02-20 18:00:13,393 INFO L290 TraceCheckUtils]: 49: Hoare triple {25002#false} assume test_~splverifierCounter~0#1 < 4; {25002#false} is VALID [2022-02-20 18:00:13,393 INFO L290 TraceCheckUtils]: 50: Hoare triple {25002#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {25002#false} is VALID [2022-02-20 18:00:13,393 INFO L290 TraceCheckUtils]: 51: Hoare triple {25002#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet87#1 && test_#t~nondet87#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet87#1;havoc test_#t~nondet87#1; {25002#false} is VALID [2022-02-20 18:00:13,393 INFO L290 TraceCheckUtils]: 52: Hoare triple {25002#false} assume !(0 != test_~tmp___9~0#1); {25002#false} is VALID [2022-02-20 18:00:13,393 INFO L290 TraceCheckUtils]: 53: Hoare triple {25002#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet88#1 && test_#t~nondet88#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet88#1;havoc test_#t~nondet88#1; {25002#false} is VALID [2022-02-20 18:00:13,393 INFO L290 TraceCheckUtils]: 54: Hoare triple {25002#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {25002#false} is VALID [2022-02-20 18:00:13,393 INFO L290 TraceCheckUtils]: 55: Hoare triple {25002#false} assume !false; {25002#false} is VALID [2022-02-20 18:00:13,394 INFO L290 TraceCheckUtils]: 56: Hoare triple {25002#false} assume !(test_~splverifierCounter~0#1 < 4); {25002#false} is VALID [2022-02-20 18:00:13,394 INFO L290 TraceCheckUtils]: 57: Hoare triple {25002#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret64#1, bobToRjh_#t~ret65#1, bobToRjh_#t~ret66#1, bobToRjh_#t~ret67#1, bobToRjh_~tmp~14#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~14#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret64#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret64#1 && bobToRjh_#t~ret64#1 <= 2147483647;havoc bobToRjh_#t~ret64#1; {25002#false} is VALID [2022-02-20 18:00:13,394 INFO L272 TraceCheckUtils]: 58: Hoare triple {25002#false} call sendEmail(~bob~0, ~rjh~0); {25002#false} is VALID [2022-02-20 18:00:13,394 INFO L290 TraceCheckUtils]: 59: Hoare triple {25002#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~11#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~6#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~6#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {25002#false} is VALID [2022-02-20 18:00:13,394 INFO L272 TraceCheckUtils]: 60: Hoare triple {25002#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {25068#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:13,394 INFO L290 TraceCheckUtils]: 61: Hoare triple {25068#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25001#true} is VALID [2022-02-20 18:00:13,395 INFO L290 TraceCheckUtils]: 62: Hoare triple {25001#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25001#true} is VALID [2022-02-20 18:00:13,395 INFO L290 TraceCheckUtils]: 63: Hoare triple {25001#true} assume true; {25001#true} is VALID [2022-02-20 18:00:13,395 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {25001#true} {25002#false} #1166#return; {25002#false} is VALID [2022-02-20 18:00:13,395 INFO L272 TraceCheckUtils]: 65: Hoare triple {25002#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {25069#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:00:13,395 INFO L290 TraceCheckUtils]: 66: Hoare triple {25069#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {25001#true} is VALID [2022-02-20 18:00:13,395 INFO L290 TraceCheckUtils]: 67: Hoare triple {25001#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25001#true} is VALID [2022-02-20 18:00:13,395 INFO L290 TraceCheckUtils]: 68: Hoare triple {25001#true} assume true; {25001#true} is VALID [2022-02-20 18:00:13,396 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {25001#true} {25002#false} #1168#return; {25002#false} is VALID [2022-02-20 18:00:13,396 INFO L290 TraceCheckUtils]: 70: Hoare triple {25002#false} createEmail_~retValue_acc~6#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~6#1; {25002#false} is VALID [2022-02-20 18:00:13,396 INFO L290 TraceCheckUtils]: 71: Hoare triple {25002#false} #t~ret54#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret54#1 && #t~ret54#1 <= 2147483647;~tmp~11#1 := #t~ret54#1;havoc #t~ret54#1;~email~0#1 := ~tmp~11#1; {25002#false} is VALID [2022-02-20 18:00:13,396 INFO L272 TraceCheckUtils]: 72: Hoare triple {25002#false} call outgoing(~sender#1, ~email~0#1); {25002#false} is VALID [2022-02-20 18:00:13,396 INFO L290 TraceCheckUtils]: 73: Hoare triple {25002#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret56#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~12#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~12#1; {25002#false} is VALID [2022-02-20 18:00:13,396 INFO L272 TraceCheckUtils]: 74: Hoare triple {25002#false} call sign_#t~ret56#1 := getClientPrivateKey(sign_~client#1); {25001#true} is VALID [2022-02-20 18:00:13,396 INFO L290 TraceCheckUtils]: 75: Hoare triple {25001#true} ~handle := #in~handle;havoc ~retValue_acc~35; {25001#true} is VALID [2022-02-20 18:00:13,397 INFO L290 TraceCheckUtils]: 76: Hoare triple {25001#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {25001#true} is VALID [2022-02-20 18:00:13,397 INFO L290 TraceCheckUtils]: 77: Hoare triple {25001#true} assume true; {25001#true} is VALID [2022-02-20 18:00:13,397 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {25001#true} {25002#false} #1146#return; {25002#false} is VALID [2022-02-20 18:00:13,397 INFO L290 TraceCheckUtils]: 79: Hoare triple {25002#false} assume -2147483648 <= sign_#t~ret56#1 && sign_#t~ret56#1 <= 2147483647;sign_~tmp~12#1 := sign_#t~ret56#1;havoc sign_#t~ret56#1;sign_~privkey~0#1 := sign_~tmp~12#1; {25002#false} is VALID [2022-02-20 18:00:13,397 INFO L290 TraceCheckUtils]: 80: Hoare triple {25002#false} assume 0 == sign_~privkey~0#1; {25002#false} is VALID [2022-02-20 18:00:13,397 INFO L290 TraceCheckUtils]: 81: Hoare triple {25002#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret45#1, outgoing__wrappee__AddressBook_#t~ret46#1, outgoing__wrappee__AddressBook_#t~ret47#1, outgoing__wrappee__AddressBook_#t~ret48#1, outgoing__wrappee__AddressBook_#t~ret49#1, outgoing__wrappee__AddressBook_#t~ret50#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~8#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~2#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~1#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~8#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~2#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~1#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {25002#false} is VALID [2022-02-20 18:00:13,398 INFO L272 TraceCheckUtils]: 82: Hoare triple {25002#false} call outgoing__wrappee__AddressBook_#t~ret45#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {25001#true} is VALID [2022-02-20 18:00:13,398 INFO L290 TraceCheckUtils]: 83: Hoare triple {25001#true} ~handle := #in~handle;havoc ~retValue_acc~29; {25001#true} is VALID [2022-02-20 18:00:13,398 INFO L290 TraceCheckUtils]: 84: Hoare triple {25001#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {25001#true} is VALID [2022-02-20 18:00:13,398 INFO L290 TraceCheckUtils]: 85: Hoare triple {25001#true} assume true; {25001#true} is VALID [2022-02-20 18:00:13,398 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {25001#true} {25002#false} #1148#return; {25002#false} is VALID [2022-02-20 18:00:13,398 INFO L290 TraceCheckUtils]: 87: Hoare triple {25002#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret45#1 && outgoing__wrappee__AddressBook_#t~ret45#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~8#1 := outgoing__wrappee__AddressBook_#t~ret45#1;havoc outgoing__wrappee__AddressBook_#t~ret45#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~8#1; {25002#false} is VALID [2022-02-20 18:00:13,398 INFO L290 TraceCheckUtils]: 88: Hoare triple {25002#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {25002#false} is VALID [2022-02-20 18:00:13,399 INFO L272 TraceCheckUtils]: 89: Hoare triple {25002#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {25002#false} is VALID [2022-02-20 18:00:13,399 INFO L290 TraceCheckUtils]: 90: Hoare triple {25002#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {25002#false} is VALID [2022-02-20 18:00:13,399 INFO L290 TraceCheckUtils]: 91: Hoare triple {25002#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {25002#false} is VALID [2022-02-20 18:00:13,399 INFO L290 TraceCheckUtils]: 92: Hoare triple {25002#false} #t~ret44#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret44#1 && #t~ret44#1 <= 2147483647;~tmp~7#1 := #t~ret44#1;havoc #t~ret44#1; {25002#false} is VALID [2022-02-20 18:00:13,399 INFO L272 TraceCheckUtils]: 93: Hoare triple {25002#false} call setEmailFrom(~msg#1, ~tmp~7#1); {25068#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:13,399 INFO L290 TraceCheckUtils]: 94: Hoare triple {25068#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25001#true} is VALID [2022-02-20 18:00:13,399 INFO L290 TraceCheckUtils]: 95: Hoare triple {25001#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25001#true} is VALID [2022-02-20 18:00:13,400 INFO L290 TraceCheckUtils]: 96: Hoare triple {25001#true} assume true; {25001#true} is VALID [2022-02-20 18:00:13,400 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {25001#true} {25002#false} #1172#return; {25002#false} is VALID [2022-02-20 18:00:13,400 INFO L290 TraceCheckUtils]: 98: Hoare triple {25002#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret42#1, mail_#t~ret43#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret84#1, __utac_acc__SignForward_spec__1_#t~ret85#1, __utac_acc__SignForward_spec__1_#t~ret86#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~17#1, __utac_acc__SignForward_spec__1_~tmp___0~6#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~17#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~6#1;call __utac_acc__SignForward_spec__1_#t~ret84#1 := puts(38, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret84#1 && __utac_acc__SignForward_spec__1_#t~ret84#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret84#1; {25002#false} is VALID [2022-02-20 18:00:13,400 INFO L272 TraceCheckUtils]: 99: Hoare triple {25002#false} call __utac_acc__SignForward_spec__1_#t~ret85#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {25001#true} is VALID [2022-02-20 18:00:13,400 INFO L290 TraceCheckUtils]: 100: Hoare triple {25001#true} ~handle := #in~handle;havoc ~retValue_acc~20; {25001#true} is VALID [2022-02-20 18:00:13,400 INFO L290 TraceCheckUtils]: 101: Hoare triple {25001#true} assume 1 == ~handle;~retValue_acc~20 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~20; {25001#true} is VALID [2022-02-20 18:00:13,400 INFO L290 TraceCheckUtils]: 102: Hoare triple {25001#true} assume true; {25001#true} is VALID [2022-02-20 18:00:13,401 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {25001#true} {25002#false} #1174#return; {25002#false} is VALID [2022-02-20 18:00:13,401 INFO L290 TraceCheckUtils]: 104: Hoare triple {25002#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret85#1 && __utac_acc__SignForward_spec__1_#t~ret85#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~6#1 := __utac_acc__SignForward_spec__1_#t~ret85#1;havoc __utac_acc__SignForward_spec__1_#t~ret85#1; {25002#false} is VALID [2022-02-20 18:00:13,401 INFO L290 TraceCheckUtils]: 105: Hoare triple {25002#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~6#1; {25002#false} is VALID [2022-02-20 18:00:13,401 INFO L272 TraceCheckUtils]: 106: Hoare triple {25002#false} call __utac_acc__SignForward_spec__1_#t~ret86#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {25001#true} is VALID [2022-02-20 18:00:13,401 INFO L290 TraceCheckUtils]: 107: Hoare triple {25001#true} ~handle := #in~handle;havoc ~retValue_acc~35; {25001#true} is VALID [2022-02-20 18:00:13,401 INFO L290 TraceCheckUtils]: 108: Hoare triple {25001#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {25001#true} is VALID [2022-02-20 18:00:13,401 INFO L290 TraceCheckUtils]: 109: Hoare triple {25001#true} assume true; {25001#true} is VALID [2022-02-20 18:00:13,402 INFO L284 TraceCheckUtils]: 110: Hoare quadruple {25001#true} {25002#false} #1176#return; {25002#false} is VALID [2022-02-20 18:00:13,402 INFO L290 TraceCheckUtils]: 111: Hoare triple {25002#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret86#1 && __utac_acc__SignForward_spec__1_#t~ret86#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~17#1 := __utac_acc__SignForward_spec__1_#t~ret86#1;havoc __utac_acc__SignForward_spec__1_#t~ret86#1; {25002#false} is VALID [2022-02-20 18:00:13,402 INFO L290 TraceCheckUtils]: 112: Hoare triple {25002#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~17#1;assume { :begin_inline___automaton_fail } true; {25002#false} is VALID [2022-02-20 18:00:13,402 INFO L290 TraceCheckUtils]: 113: Hoare triple {25002#false} assume !false; {25002#false} is VALID [2022-02-20 18:00:13,402 INFO L134 CoverageAnalysis]: Checked inductivity of 36 backedges. 14 proven. 0 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 18:00:13,403 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:00:13,403 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1441567959] [2022-02-20 18:00:13,403 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1441567959] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:00:13,403 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:00:13,403 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 18:00:13,403 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [37293621] [2022-02-20 18:00:13,403 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:00:13,404 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 6.7272727272727275) internal successors, (74), 8 states have internal predecessors, (74), 4 states have call successors, (16), 6 states have call predecessors, (16), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) Word has length 114 [2022-02-20 18:00:13,404 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:00:13,405 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 6.7272727272727275) internal successors, (74), 8 states have internal predecessors, (74), 4 states have call successors, (16), 6 states have call predecessors, (16), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 18:00:13,480 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 103 edges. 103 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:13,480 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 18:00:13,480 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:00:13,481 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 18:00:13,481 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:00:13,481 INFO L87 Difference]: Start difference. First operand 454 states and 708 transitions. Second operand has 12 states, 11 states have (on average 6.7272727272727275) internal successors, (74), 8 states have internal predecessors, (74), 4 states have call successors, (16), 6 states have call predecessors, (16), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13)