./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec4_product28.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec4_product28.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 619b5b07f7bee6d460265c38ff6f46d0f3c88b87f6fc28a24021d9529c74e42f --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 17:59:37,499 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 17:59:37,501 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 17:59:37,524 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 17:59:37,524 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 17:59:37,525 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 17:59:37,526 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 17:59:37,528 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 17:59:37,529 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 17:59:37,530 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 17:59:37,531 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 17:59:37,532 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 17:59:37,532 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 17:59:37,533 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 17:59:37,534 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 17:59:37,535 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 17:59:37,536 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 17:59:37,536 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 17:59:37,538 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 17:59:37,541 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 17:59:37,543 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 17:59:37,546 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 17:59:37,546 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 17:59:37,548 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 17:59:37,553 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 17:59:37,556 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 17:59:37,557 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 17:59:37,557 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 17:59:37,558 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 17:59:37,558 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 17:59:37,559 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 17:59:37,559 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 17:59:37,560 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 17:59:37,561 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 17:59:37,562 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 17:59:37,563 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 17:59:37,564 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 17:59:37,564 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 17:59:37,565 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 17:59:37,565 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 17:59:37,567 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 17:59:37,567 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 17:59:37,594 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 17:59:37,595 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 17:59:37,595 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 17:59:37,595 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 17:59:37,596 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 17:59:37,596 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 17:59:37,597 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 17:59:37,597 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 17:59:37,597 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 17:59:37,597 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 17:59:37,598 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 17:59:37,598 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 17:59:37,598 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 17:59:37,599 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 17:59:37,599 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 17:59:37,599 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 17:59:37,599 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 17:59:37,599 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 17:59:37,599 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 17:59:37,600 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 17:59:37,600 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 17:59:37,600 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 17:59:37,600 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 17:59:37,600 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 17:59:37,600 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 17:59:37,601 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 17:59:37,601 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 17:59:37,601 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 17:59:37,601 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 17:59:37,601 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 17:59:37,601 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 17:59:37,602 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 17:59:37,602 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 17:59:37,602 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 619b5b07f7bee6d460265c38ff6f46d0f3c88b87f6fc28a24021d9529c74e42f [2022-02-20 17:59:37,821 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 17:59:37,845 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 17:59:37,847 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 17:59:37,848 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 17:59:37,849 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 17:59:37,850 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec4_product28.cil.c [2022-02-20 17:59:37,909 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/2085f1385/e4032167496140b0a89997fe866fc7dc/FLAGf1f51f1e9 [2022-02-20 17:59:38,426 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 17:59:38,427 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec4_product28.cil.c [2022-02-20 17:59:38,448 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/2085f1385/e4032167496140b0a89997fe866fc7dc/FLAGf1f51f1e9 [2022-02-20 17:59:38,880 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/2085f1385/e4032167496140b0a89997fe866fc7dc [2022-02-20 17:59:38,882 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 17:59:38,883 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 17:59:38,884 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 17:59:38,886 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 17:59:38,888 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 17:59:38,889 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:59:38" (1/1) ... [2022-02-20 17:59:38,890 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@6bdfd659 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:38, skipping insertion in model container [2022-02-20 17:59:38,891 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:59:38" (1/1) ... [2022-02-20 17:59:38,896 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 17:59:38,965 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 17:59:39,197 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec4_product28.cil.c[8467,8480] [2022-02-20 17:59:39,458 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 17:59:39,471 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 17:59:39,515 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec4_product28.cil.c[8467,8480] [2022-02-20 17:59:39,614 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 17:59:39,645 INFO L208 MainTranslator]: Completed translation [2022-02-20 17:59:39,646 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:39 WrapperNode [2022-02-20 17:59:39,646 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 17:59:39,648 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 17:59:39,648 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 17:59:39,648 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 17:59:39,654 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:39" (1/1) ... [2022-02-20 17:59:39,678 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:39" (1/1) ... [2022-02-20 17:59:39,738 INFO L137 Inliner]: procedures = 128, calls = 208, calls flagged for inlining = 55, calls inlined = 45, statements flattened = 854 [2022-02-20 17:59:39,739 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 17:59:39,740 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 17:59:39,740 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 17:59:39,740 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 17:59:39,747 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:39" (1/1) ... [2022-02-20 17:59:39,747 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:39" (1/1) ... [2022-02-20 17:59:39,753 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:39" (1/1) ... [2022-02-20 17:59:39,753 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:39" (1/1) ... [2022-02-20 17:59:39,769 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:39" (1/1) ... [2022-02-20 17:59:39,778 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:39" (1/1) ... [2022-02-20 17:59:39,782 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:39" (1/1) ... [2022-02-20 17:59:39,789 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 17:59:39,790 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 17:59:39,790 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 17:59:39,790 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 17:59:39,791 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:39" (1/1) ... [2022-02-20 17:59:39,811 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 17:59:39,821 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:59:39,836 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 17:59:39,849 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 17:59:39,877 INFO L130 BoogieDeclarations]: Found specification of procedure getClientPrivateKey [2022-02-20 17:59:39,878 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientPrivateKey [2022-02-20 17:59:39,878 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailEncryptionKey [2022-02-20 17:59:39,878 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailEncryptionKey [2022-02-20 17:59:39,878 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailEncryptionKey [2022-02-20 17:59:39,878 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailEncryptionKey [2022-02-20 17:59:39,878 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2022-02-20 17:59:39,879 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2022-02-20 17:59:39,880 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2022-02-20 17:59:39,880 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2022-02-20 17:59:39,881 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable [2022-02-20 17:59:39,881 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable [2022-02-20 17:59:39,881 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2022-02-20 17:59:39,881 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2022-02-20 17:59:39,881 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailIsEncrypted [2022-02-20 17:59:39,881 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailIsEncrypted [2022-02-20 17:59:39,881 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailSignKey [2022-02-20 17:59:39,882 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailSignKey [2022-02-20 17:59:39,882 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2022-02-20 17:59:39,882 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2022-02-20 17:59:39,882 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2022-02-20 17:59:39,882 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailFrom [2022-02-20 17:59:39,882 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailFrom [2022-02-20 17:59:39,882 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2022-02-20 17:59:39,883 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2022-02-20 17:59:39,883 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 17:59:39,883 INFO L130 BoogieDeclarations]: Found specification of procedure isSigned [2022-02-20 17:59:39,883 INFO L138 BoogieDeclarations]: Found implementation of procedure isSigned [2022-02-20 17:59:39,883 INFO L130 BoogieDeclarations]: Found specification of procedure isKeyPairValid [2022-02-20 17:59:39,883 INFO L138 BoogieDeclarations]: Found implementation of procedure isKeyPairValid [2022-02-20 17:59:39,883 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2022-02-20 17:59:39,884 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2022-02-20 17:59:39,884 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2022-02-20 17:59:39,884 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2022-02-20 17:59:39,884 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2022-02-20 17:59:39,884 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2022-02-20 17:59:39,885 INFO L130 BoogieDeclarations]: Found specification of procedure findPublicKey [2022-02-20 17:59:39,885 INFO L138 BoogieDeclarations]: Found implementation of procedure findPublicKey [2022-02-20 17:59:39,885 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2022-02-20 17:59:39,885 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2022-02-20 17:59:39,885 INFO L130 BoogieDeclarations]: Found specification of procedure isEncrypted [2022-02-20 17:59:39,885 INFO L138 BoogieDeclarations]: Found implementation of procedure isEncrypted [2022-02-20 17:59:39,886 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2022-02-20 17:59:39,886 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2022-02-20 17:59:39,886 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 17:59:39,886 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2022-02-20 17:59:39,886 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2022-02-20 17:59:39,886 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 17:59:39,886 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 17:59:40,103 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 17:59:40,113 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 17:59:40,841 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 17:59:40,856 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 17:59:40,856 INFO L299 CfgBuilder]: Removed 1 assume(true) statements. [2022-02-20 17:59:40,858 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:59:40 BoogieIcfgContainer [2022-02-20 17:59:40,858 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 17:59:40,860 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 17:59:40,860 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 17:59:40,865 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 17:59:40,865 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 05:59:38" (1/3) ... [2022-02-20 17:59:40,866 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@66954bf0 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:59:40, skipping insertion in model container [2022-02-20 17:59:40,866 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:39" (2/3) ... [2022-02-20 17:59:40,867 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@66954bf0 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:59:40, skipping insertion in model container [2022-02-20 17:59:40,867 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:59:40" (3/3) ... [2022-02-20 17:59:40,868 INFO L111 eAbstractionObserver]: Analyzing ICFG email_spec4_product28.cil.c [2022-02-20 17:59:40,873 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 17:59:40,873 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 17:59:40,949 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 17:59:40,958 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 17:59:40,958 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 17:59:41,006 INFO L276 IsEmpty]: Start isEmpty. Operand has 327 states, 253 states have (on average 1.5217391304347827) internal successors, (385), 257 states have internal predecessors, (385), 50 states have call successors, (50), 22 states have call predecessors, (50), 22 states have return successors, (50), 50 states have call predecessors, (50), 50 states have call successors, (50) [2022-02-20 17:59:41,028 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 105 [2022-02-20 17:59:41,029 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:41,030 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:41,030 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:41,035 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:41,036 INFO L85 PathProgramCache]: Analyzing trace with hash 1302958000, now seen corresponding path program 1 times [2022-02-20 17:59:41,043 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:41,044 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1348914474] [2022-02-20 17:59:41,044 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:41,045 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:41,249 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,399 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:59:41,402 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,411 INFO L290 TraceCheckUtils]: 0: Hoare triple {386#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {330#true} is VALID [2022-02-20 17:59:41,412 INFO L290 TraceCheckUtils]: 1: Hoare triple {330#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {330#true} is VALID [2022-02-20 17:59:41,412 INFO L290 TraceCheckUtils]: 2: Hoare triple {330#true} assume true; {330#true} is VALID [2022-02-20 17:59:41,412 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {330#true} {330#true} #958#return; {330#true} is VALID [2022-02-20 17:59:41,420 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:59:41,423 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,426 INFO L290 TraceCheckUtils]: 0: Hoare triple {387#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {330#true} is VALID [2022-02-20 17:59:41,427 INFO L290 TraceCheckUtils]: 1: Hoare triple {330#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {330#true} is VALID [2022-02-20 17:59:41,427 INFO L290 TraceCheckUtils]: 2: Hoare triple {330#true} assume true; {330#true} is VALID [2022-02-20 17:59:41,427 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {330#true} {330#true} #960#return; {330#true} is VALID [2022-02-20 17:59:41,427 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:41,431 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,456 INFO L290 TraceCheckUtils]: 0: Hoare triple {386#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {388#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:41,457 INFO L290 TraceCheckUtils]: 1: Hoare triple {388#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {389#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:41,457 INFO L290 TraceCheckUtils]: 2: Hoare triple {389#(= |setClientId_#in~handle| 1)} assume true; {389#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:41,458 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {389#(= |setClientId_#in~handle| 1)} {340#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #962#return; {331#false} is VALID [2022-02-20 17:59:41,459 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:59:41,470 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,477 INFO L290 TraceCheckUtils]: 0: Hoare triple {387#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {330#true} is VALID [2022-02-20 17:59:41,477 INFO L290 TraceCheckUtils]: 1: Hoare triple {330#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {330#true} is VALID [2022-02-20 17:59:41,478 INFO L290 TraceCheckUtils]: 2: Hoare triple {330#true} assume true; {330#true} is VALID [2022-02-20 17:59:41,478 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {330#true} {331#false} #964#return; {331#false} is VALID [2022-02-20 17:59:41,478 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:59:41,483 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,492 INFO L290 TraceCheckUtils]: 0: Hoare triple {386#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {330#true} is VALID [2022-02-20 17:59:41,493 INFO L290 TraceCheckUtils]: 1: Hoare triple {330#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {330#true} is VALID [2022-02-20 17:59:41,493 INFO L290 TraceCheckUtils]: 2: Hoare triple {330#true} assume true; {330#true} is VALID [2022-02-20 17:59:41,493 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {330#true} {331#false} #966#return; {331#false} is VALID [2022-02-20 17:59:41,494 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:59:41,497 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,504 INFO L290 TraceCheckUtils]: 0: Hoare triple {387#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {330#true} is VALID [2022-02-20 17:59:41,506 INFO L290 TraceCheckUtils]: 1: Hoare triple {330#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {330#true} is VALID [2022-02-20 17:59:41,507 INFO L290 TraceCheckUtils]: 2: Hoare triple {330#true} assume true; {330#true} is VALID [2022-02-20 17:59:41,509 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {330#true} {331#false} #968#return; {331#false} is VALID [2022-02-20 17:59:41,518 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2022-02-20 17:59:41,521 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,532 INFO L290 TraceCheckUtils]: 0: Hoare triple {390#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {330#true} is VALID [2022-02-20 17:59:41,532 INFO L290 TraceCheckUtils]: 1: Hoare triple {330#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {330#true} is VALID [2022-02-20 17:59:41,533 INFO L290 TraceCheckUtils]: 2: Hoare triple {330#true} assume true; {330#true} is VALID [2022-02-20 17:59:41,533 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {330#true} {331#false} #946#return; {331#false} is VALID [2022-02-20 17:59:41,533 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 17:59:41,537 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,546 INFO L290 TraceCheckUtils]: 0: Hoare triple {330#true} ~handle := #in~handle;havoc ~retValue_acc~28; {330#true} is VALID [2022-02-20 17:59:41,546 INFO L290 TraceCheckUtils]: 1: Hoare triple {330#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {330#true} is VALID [2022-02-20 17:59:41,547 INFO L290 TraceCheckUtils]: 2: Hoare triple {330#true} assume true; {330#true} is VALID [2022-02-20 17:59:41,547 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {330#true} {331#false} #904#return; {331#false} is VALID [2022-02-20 17:59:41,547 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 17:59:41,549 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,552 INFO L290 TraceCheckUtils]: 0: Hoare triple {330#true} ~handle := #in~handle;havoc ~retValue_acc~11; {330#true} is VALID [2022-02-20 17:59:41,553 INFO L290 TraceCheckUtils]: 1: Hoare triple {330#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {330#true} is VALID [2022-02-20 17:59:41,553 INFO L290 TraceCheckUtils]: 2: Hoare triple {330#true} assume true; {330#true} is VALID [2022-02-20 17:59:41,553 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {330#true} {331#false} #906#return; {331#false} is VALID [2022-02-20 17:59:41,554 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 17:59:41,555 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,558 INFO L290 TraceCheckUtils]: 0: Hoare triple {330#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~33; {330#true} is VALID [2022-02-20 17:59:41,559 INFO L290 TraceCheckUtils]: 1: Hoare triple {330#true} assume 1 == ~handle; {330#true} is VALID [2022-02-20 17:59:41,559 INFO L290 TraceCheckUtils]: 2: Hoare triple {330#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~33 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~33; {330#true} is VALID [2022-02-20 17:59:41,559 INFO L290 TraceCheckUtils]: 3: Hoare triple {330#true} assume true; {330#true} is VALID [2022-02-20 17:59:41,559 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {330#true} {331#false} #908#return; {331#false} is VALID [2022-02-20 17:59:41,560 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83 [2022-02-20 17:59:41,561 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,564 INFO L290 TraceCheckUtils]: 0: Hoare triple {390#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {330#true} is VALID [2022-02-20 17:59:41,564 INFO L290 TraceCheckUtils]: 1: Hoare triple {330#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {330#true} is VALID [2022-02-20 17:59:41,565 INFO L290 TraceCheckUtils]: 2: Hoare triple {330#true} assume true; {330#true} is VALID [2022-02-20 17:59:41,565 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {330#true} {331#false} #914#return; {331#false} is VALID [2022-02-20 17:59:41,565 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 89 [2022-02-20 17:59:41,566 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,569 INFO L290 TraceCheckUtils]: 0: Hoare triple {330#true} ~handle := #in~handle;havoc ~retValue_acc~16; {330#true} is VALID [2022-02-20 17:59:41,569 INFO L290 TraceCheckUtils]: 1: Hoare triple {330#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~16; {330#true} is VALID [2022-02-20 17:59:41,570 INFO L290 TraceCheckUtils]: 2: Hoare triple {330#true} assume true; {330#true} is VALID [2022-02-20 17:59:41,570 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {330#true} {331#false} #916#return; {331#false} is VALID [2022-02-20 17:59:41,570 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 17:59:41,571 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,574 INFO L290 TraceCheckUtils]: 0: Hoare triple {330#true} ~handle := #in~handle;havoc ~retValue_acc~28; {330#true} is VALID [2022-02-20 17:59:41,575 INFO L290 TraceCheckUtils]: 1: Hoare triple {330#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {330#true} is VALID [2022-02-20 17:59:41,575 INFO L290 TraceCheckUtils]: 2: Hoare triple {330#true} assume true; {330#true} is VALID [2022-02-20 17:59:41,575 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {330#true} {331#false} #918#return; {331#false} is VALID [2022-02-20 17:59:41,576 INFO L290 TraceCheckUtils]: 0: Hoare triple {330#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(16, 5);call #Ultimate.allocInit(20, 6);call #Ultimate.allocInit(4, 7);call write~init~int(37, 7, 0, 1);call write~init~int(115, 7, 1, 1);call write~init~int(10, 7, 2, 1);call write~init~int(0, 7, 3, 1);call #Ultimate.allocInit(10, 8);call #Ultimate.allocInit(12, 9);call #Ultimate.allocInit(10, 10);call #Ultimate.allocInit(18, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(21, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(16, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(44, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(11, 21);call #Ultimate.allocInit(19, 22);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(100, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(21, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(25, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {330#true} is VALID [2022-02-20 17:59:41,576 INFO L290 TraceCheckUtils]: 1: Hoare triple {330#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet67#1, main_#t~ret68#1, main_~retValue_acc~40#1, main_~tmp~17#1;assume -2147483648 <= main_#t~nondet67#1 && main_#t~nondet67#1 <= 2147483647;main_~retValue_acc~40#1 := main_#t~nondet67#1;havoc main_#t~nondet67#1;havoc main_~tmp~17#1;assume { :begin_inline_select_helpers } true; {330#true} is VALID [2022-02-20 17:59:41,577 INFO L290 TraceCheckUtils]: 2: Hoare triple {330#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {330#true} is VALID [2022-02-20 17:59:41,577 INFO L290 TraceCheckUtils]: 3: Hoare triple {330#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {330#true} is VALID [2022-02-20 17:59:41,577 INFO L290 TraceCheckUtils]: 4: Hoare triple {330#true} main_#t~ret68#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret68#1 && main_#t~ret68#1 <= 2147483647;main_~tmp~17#1 := main_#t~ret68#1;havoc main_#t~ret68#1; {330#true} is VALID [2022-02-20 17:59:41,577 INFO L290 TraceCheckUtils]: 5: Hoare triple {330#true} assume 0 != main_~tmp~17#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet64#1, setup_#t~nondet65#1, setup_#t~nondet66#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {330#true} is VALID [2022-02-20 17:59:41,578 INFO L272 TraceCheckUtils]: 6: Hoare triple {330#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {386#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:41,579 INFO L290 TraceCheckUtils]: 7: Hoare triple {386#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {330#true} is VALID [2022-02-20 17:59:41,579 INFO L290 TraceCheckUtils]: 8: Hoare triple {330#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {330#true} is VALID [2022-02-20 17:59:41,579 INFO L290 TraceCheckUtils]: 9: Hoare triple {330#true} assume true; {330#true} is VALID [2022-02-20 17:59:41,579 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {330#true} {330#true} #958#return; {330#true} is VALID [2022-02-20 17:59:41,579 INFO L290 TraceCheckUtils]: 11: Hoare triple {330#true} assume { :end_inline_setup_bob__wrappee__Base } true; {330#true} is VALID [2022-02-20 17:59:41,580 INFO L272 TraceCheckUtils]: 12: Hoare triple {330#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {387#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:41,581 INFO L290 TraceCheckUtils]: 13: Hoare triple {387#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {330#true} is VALID [2022-02-20 17:59:41,581 INFO L290 TraceCheckUtils]: 14: Hoare triple {330#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {330#true} is VALID [2022-02-20 17:59:41,581 INFO L290 TraceCheckUtils]: 15: Hoare triple {330#true} assume true; {330#true} is VALID [2022-02-20 17:59:41,581 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {330#true} {330#true} #960#return; {330#true} is VALID [2022-02-20 17:59:41,582 INFO L290 TraceCheckUtils]: 17: Hoare triple {330#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 19, 0;havoc setup_#t~nondet64#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {340#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:59:41,583 INFO L272 TraceCheckUtils]: 18: Hoare triple {340#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {386#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:41,584 INFO L290 TraceCheckUtils]: 19: Hoare triple {386#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {388#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:41,584 INFO L290 TraceCheckUtils]: 20: Hoare triple {388#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {389#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:41,585 INFO L290 TraceCheckUtils]: 21: Hoare triple {389#(= |setClientId_#in~handle| 1)} assume true; {389#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:41,601 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {389#(= |setClientId_#in~handle| 1)} {340#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #962#return; {331#false} is VALID [2022-02-20 17:59:41,602 INFO L290 TraceCheckUtils]: 23: Hoare triple {331#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {331#false} is VALID [2022-02-20 17:59:41,602 INFO L272 TraceCheckUtils]: 24: Hoare triple {331#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {387#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:41,602 INFO L290 TraceCheckUtils]: 25: Hoare triple {387#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {330#true} is VALID [2022-02-20 17:59:41,603 INFO L290 TraceCheckUtils]: 26: Hoare triple {330#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {330#true} is VALID [2022-02-20 17:59:41,603 INFO L290 TraceCheckUtils]: 27: Hoare triple {330#true} assume true; {330#true} is VALID [2022-02-20 17:59:41,603 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {330#true} {331#false} #964#return; {331#false} is VALID [2022-02-20 17:59:41,603 INFO L290 TraceCheckUtils]: 29: Hoare triple {331#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 20, 0;havoc setup_#t~nondet65#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {331#false} is VALID [2022-02-20 17:59:41,604 INFO L272 TraceCheckUtils]: 30: Hoare triple {331#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {386#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:41,604 INFO L290 TraceCheckUtils]: 31: Hoare triple {386#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {330#true} is VALID [2022-02-20 17:59:41,604 INFO L290 TraceCheckUtils]: 32: Hoare triple {330#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {330#true} is VALID [2022-02-20 17:59:41,604 INFO L290 TraceCheckUtils]: 33: Hoare triple {330#true} assume true; {330#true} is VALID [2022-02-20 17:59:41,605 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {330#true} {331#false} #966#return; {331#false} is VALID [2022-02-20 17:59:41,605 INFO L290 TraceCheckUtils]: 35: Hoare triple {331#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {331#false} is VALID [2022-02-20 17:59:41,605 INFO L272 TraceCheckUtils]: 36: Hoare triple {331#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {387#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:41,605 INFO L290 TraceCheckUtils]: 37: Hoare triple {387#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {330#true} is VALID [2022-02-20 17:59:41,606 INFO L290 TraceCheckUtils]: 38: Hoare triple {330#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {330#true} is VALID [2022-02-20 17:59:41,606 INFO L290 TraceCheckUtils]: 39: Hoare triple {330#true} assume true; {330#true} is VALID [2022-02-20 17:59:41,606 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {330#true} {331#false} #968#return; {331#false} is VALID [2022-02-20 17:59:41,606 INFO L290 TraceCheckUtils]: 41: Hoare triple {331#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 21, 0;havoc setup_#t~nondet66#1; {331#false} is VALID [2022-02-20 17:59:41,607 INFO L290 TraceCheckUtils]: 42: Hoare triple {331#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {331#false} is VALID [2022-02-20 17:59:41,607 INFO L290 TraceCheckUtils]: 43: Hoare triple {331#false} assume !true; {331#false} is VALID [2022-02-20 17:59:41,608 INFO L290 TraceCheckUtils]: 44: Hoare triple {331#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_#t~ret61#1, bobToRjh_#t~ret62#1, bobToRjh_~tmp~16#1, bobToRjh_~tmp___0~7#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~16#1;havoc bobToRjh_~tmp___0~7#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret59#1 := puts(17, 0);assume -2147483648 <= bobToRjh_#t~ret59#1 && bobToRjh_#t~ret59#1 <= 2147483647;havoc bobToRjh_#t~ret59#1; {331#false} is VALID [2022-02-20 17:59:41,608 INFO L272 TraceCheckUtils]: 45: Hoare triple {331#false} call sendEmail(~bob~0, ~rjh~0); {331#false} is VALID [2022-02-20 17:59:41,608 INFO L290 TraceCheckUtils]: 46: Hoare triple {331#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~39#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~39#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {331#false} is VALID [2022-02-20 17:59:41,608 INFO L272 TraceCheckUtils]: 47: Hoare triple {331#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {390#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:41,609 INFO L290 TraceCheckUtils]: 48: Hoare triple {390#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {330#true} is VALID [2022-02-20 17:59:41,609 INFO L290 TraceCheckUtils]: 49: Hoare triple {330#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {330#true} is VALID [2022-02-20 17:59:41,609 INFO L290 TraceCheckUtils]: 50: Hoare triple {330#true} assume true; {330#true} is VALID [2022-02-20 17:59:41,609 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {330#true} {331#false} #946#return; {331#false} is VALID [2022-02-20 17:59:41,610 INFO L290 TraceCheckUtils]: 52: Hoare triple {331#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {331#false} is VALID [2022-02-20 17:59:41,610 INFO L290 TraceCheckUtils]: 53: Hoare triple {331#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {331#false} is VALID [2022-02-20 17:59:41,610 INFO L290 TraceCheckUtils]: 54: Hoare triple {331#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~39#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~39#1; {331#false} is VALID [2022-02-20 17:59:41,610 INFO L290 TraceCheckUtils]: 55: Hoare triple {331#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {331#false} is VALID [2022-02-20 17:59:41,611 INFO L272 TraceCheckUtils]: 56: Hoare triple {331#false} call outgoing(~sender#1, ~email~0#1); {331#false} is VALID [2022-02-20 17:59:41,611 INFO L290 TraceCheckUtils]: 57: Hoare triple {331#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret18#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~6#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~6#1; {331#false} is VALID [2022-02-20 17:59:41,611 INFO L272 TraceCheckUtils]: 58: Hoare triple {331#false} call sign_#t~ret18#1 := getClientPrivateKey(sign_~client#1); {330#true} is VALID [2022-02-20 17:59:41,612 INFO L290 TraceCheckUtils]: 59: Hoare triple {330#true} ~handle := #in~handle;havoc ~retValue_acc~28; {330#true} is VALID [2022-02-20 17:59:41,612 INFO L290 TraceCheckUtils]: 60: Hoare triple {330#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {330#true} is VALID [2022-02-20 17:59:41,612 INFO L290 TraceCheckUtils]: 61: Hoare triple {330#true} assume true; {330#true} is VALID [2022-02-20 17:59:41,612 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {330#true} {331#false} #904#return; {331#false} is VALID [2022-02-20 17:59:41,613 INFO L290 TraceCheckUtils]: 63: Hoare triple {331#false} assume -2147483648 <= sign_#t~ret18#1 && sign_#t~ret18#1 <= 2147483647;sign_~tmp~6#1 := sign_#t~ret18#1;havoc sign_#t~ret18#1;sign_~privkey~1#1 := sign_~tmp~6#1; {331#false} is VALID [2022-02-20 17:59:41,613 INFO L290 TraceCheckUtils]: 64: Hoare triple {331#false} assume 0 == sign_~privkey~1#1; {331#false} is VALID [2022-02-20 17:59:41,613 INFO L290 TraceCheckUtils]: 65: Hoare triple {331#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret8#1, outgoing__wrappee__Encrypt_#t~ret9#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~2#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~0#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~2#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~0#1; {331#false} is VALID [2022-02-20 17:59:41,613 INFO L272 TraceCheckUtils]: 66: Hoare triple {331#false} call outgoing__wrappee__Encrypt_#t~ret8#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {330#true} is VALID [2022-02-20 17:59:41,614 INFO L290 TraceCheckUtils]: 67: Hoare triple {330#true} ~handle := #in~handle;havoc ~retValue_acc~11; {330#true} is VALID [2022-02-20 17:59:41,614 INFO L290 TraceCheckUtils]: 68: Hoare triple {330#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {330#true} is VALID [2022-02-20 17:59:41,614 INFO L290 TraceCheckUtils]: 69: Hoare triple {330#true} assume true; {330#true} is VALID [2022-02-20 17:59:41,614 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {330#true} {331#false} #906#return; {331#false} is VALID [2022-02-20 17:59:41,615 INFO L290 TraceCheckUtils]: 71: Hoare triple {331#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret8#1 && outgoing__wrappee__Encrypt_#t~ret8#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~2#1 := outgoing__wrappee__Encrypt_#t~ret8#1;havoc outgoing__wrappee__Encrypt_#t~ret8#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~2#1; {331#false} is VALID [2022-02-20 17:59:41,615 INFO L272 TraceCheckUtils]: 72: Hoare triple {331#false} call outgoing__wrappee__Encrypt_#t~ret9#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {330#true} is VALID [2022-02-20 17:59:41,615 INFO L290 TraceCheckUtils]: 73: Hoare triple {330#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~33; {330#true} is VALID [2022-02-20 17:59:41,615 INFO L290 TraceCheckUtils]: 74: Hoare triple {330#true} assume 1 == ~handle; {330#true} is VALID [2022-02-20 17:59:41,615 INFO L290 TraceCheckUtils]: 75: Hoare triple {330#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~33 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~33; {330#true} is VALID [2022-02-20 17:59:41,616 INFO L290 TraceCheckUtils]: 76: Hoare triple {330#true} assume true; {330#true} is VALID [2022-02-20 17:59:41,616 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {330#true} {331#false} #908#return; {331#false} is VALID [2022-02-20 17:59:41,616 INFO L290 TraceCheckUtils]: 78: Hoare triple {331#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret9#1 && outgoing__wrappee__Encrypt_#t~ret9#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~0#1 := outgoing__wrappee__Encrypt_#t~ret9#1;havoc outgoing__wrappee__Encrypt_#t~ret9#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~0#1; {331#false} is VALID [2022-02-20 17:59:41,616 INFO L290 TraceCheckUtils]: 79: Hoare triple {331#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {331#false} is VALID [2022-02-20 17:59:41,617 INFO L290 TraceCheckUtils]: 80: Hoare triple {331#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret7#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~1#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~35#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~35#1; {331#false} is VALID [2022-02-20 17:59:41,617 INFO L290 TraceCheckUtils]: 81: Hoare triple {331#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~35#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~35#1; {331#false} is VALID [2022-02-20 17:59:41,617 INFO L290 TraceCheckUtils]: 82: Hoare triple {331#false} outgoing__wrappee__Keys_#t~ret7#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret7#1 && outgoing__wrappee__Keys_#t~ret7#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~1#1 := outgoing__wrappee__Keys_#t~ret7#1;havoc outgoing__wrappee__Keys_#t~ret7#1; {331#false} is VALID [2022-02-20 17:59:41,618 INFO L272 TraceCheckUtils]: 83: Hoare triple {331#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~1#1); {390#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:41,618 INFO L290 TraceCheckUtils]: 84: Hoare triple {390#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {330#true} is VALID [2022-02-20 17:59:41,618 INFO L290 TraceCheckUtils]: 85: Hoare triple {330#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {330#true} is VALID [2022-02-20 17:59:41,618 INFO L290 TraceCheckUtils]: 86: Hoare triple {330#true} assume true; {330#true} is VALID [2022-02-20 17:59:41,618 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {330#true} {331#false} #914#return; {331#false} is VALID [2022-02-20 17:59:41,619 INFO L290 TraceCheckUtils]: 88: Hoare triple {331#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret5#1, mail_#t~ret6#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~0#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret80#1, __utac_acc__SignForward_spec__1_#t~ret81#1, __utac_acc__SignForward_spec__1_#t~ret82#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~19#1, __utac_acc__SignForward_spec__1_~tmp___0~9#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~19#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~9#1;call __utac_acc__SignForward_spec__1_#t~ret80#1 := puts(25, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret80#1 && __utac_acc__SignForward_spec__1_#t~ret80#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret80#1; {331#false} is VALID [2022-02-20 17:59:41,619 INFO L272 TraceCheckUtils]: 89: Hoare triple {331#false} call __utac_acc__SignForward_spec__1_#t~ret81#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {330#true} is VALID [2022-02-20 17:59:41,619 INFO L290 TraceCheckUtils]: 90: Hoare triple {330#true} ~handle := #in~handle;havoc ~retValue_acc~16; {330#true} is VALID [2022-02-20 17:59:41,619 INFO L290 TraceCheckUtils]: 91: Hoare triple {330#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~16; {330#true} is VALID [2022-02-20 17:59:41,620 INFO L290 TraceCheckUtils]: 92: Hoare triple {330#true} assume true; {330#true} is VALID [2022-02-20 17:59:41,620 INFO L284 TraceCheckUtils]: 93: Hoare quadruple {330#true} {331#false} #916#return; {331#false} is VALID [2022-02-20 17:59:41,620 INFO L290 TraceCheckUtils]: 94: Hoare triple {331#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret81#1 && __utac_acc__SignForward_spec__1_#t~ret81#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~9#1 := __utac_acc__SignForward_spec__1_#t~ret81#1;havoc __utac_acc__SignForward_spec__1_#t~ret81#1; {331#false} is VALID [2022-02-20 17:59:41,620 INFO L290 TraceCheckUtils]: 95: Hoare triple {331#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~9#1; {331#false} is VALID [2022-02-20 17:59:41,621 INFO L272 TraceCheckUtils]: 96: Hoare triple {331#false} call __utac_acc__SignForward_spec__1_#t~ret82#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {330#true} is VALID [2022-02-20 17:59:41,621 INFO L290 TraceCheckUtils]: 97: Hoare triple {330#true} ~handle := #in~handle;havoc ~retValue_acc~28; {330#true} is VALID [2022-02-20 17:59:41,621 INFO L290 TraceCheckUtils]: 98: Hoare triple {330#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {330#true} is VALID [2022-02-20 17:59:41,621 INFO L290 TraceCheckUtils]: 99: Hoare triple {330#true} assume true; {330#true} is VALID [2022-02-20 17:59:41,622 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {330#true} {331#false} #918#return; {331#false} is VALID [2022-02-20 17:59:41,622 INFO L290 TraceCheckUtils]: 101: Hoare triple {331#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret82#1 && __utac_acc__SignForward_spec__1_#t~ret82#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~19#1 := __utac_acc__SignForward_spec__1_#t~ret82#1;havoc __utac_acc__SignForward_spec__1_#t~ret82#1; {331#false} is VALID [2022-02-20 17:59:41,622 INFO L290 TraceCheckUtils]: 102: Hoare triple {331#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~19#1;assume { :begin_inline___automaton_fail } true; {331#false} is VALID [2022-02-20 17:59:41,622 INFO L290 TraceCheckUtils]: 103: Hoare triple {331#false} assume !false; {331#false} is VALID [2022-02-20 17:59:41,623 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 26 trivial. 0 not checked. [2022-02-20 17:59:41,624 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:41,624 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1348914474] [2022-02-20 17:59:41,625 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1348914474] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:59:41,625 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1535097502] [2022-02-20 17:59:41,625 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:41,626 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:41,626 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:59:41,632 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:59:41,648 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 17:59:41,949 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,955 INFO L263 TraceCheckSpWp]: Trace formula consists of 1016 conjuncts, 1 conjunts are in the unsatisfiable core [2022-02-20 17:59:42,014 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:42,023 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:59:42,292 INFO L290 TraceCheckUtils]: 0: Hoare triple {330#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(16, 5);call #Ultimate.allocInit(20, 6);call #Ultimate.allocInit(4, 7);call write~init~int(37, 7, 0, 1);call write~init~int(115, 7, 1, 1);call write~init~int(10, 7, 2, 1);call write~init~int(0, 7, 3, 1);call #Ultimate.allocInit(10, 8);call #Ultimate.allocInit(12, 9);call #Ultimate.allocInit(10, 10);call #Ultimate.allocInit(18, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(21, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(16, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(44, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(11, 21);call #Ultimate.allocInit(19, 22);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(100, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(21, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(25, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {330#true} is VALID [2022-02-20 17:59:42,292 INFO L290 TraceCheckUtils]: 1: Hoare triple {330#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet67#1, main_#t~ret68#1, main_~retValue_acc~40#1, main_~tmp~17#1;assume -2147483648 <= main_#t~nondet67#1 && main_#t~nondet67#1 <= 2147483647;main_~retValue_acc~40#1 := main_#t~nondet67#1;havoc main_#t~nondet67#1;havoc main_~tmp~17#1;assume { :begin_inline_select_helpers } true; {330#true} is VALID [2022-02-20 17:59:42,292 INFO L290 TraceCheckUtils]: 2: Hoare triple {330#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {330#true} is VALID [2022-02-20 17:59:42,293 INFO L290 TraceCheckUtils]: 3: Hoare triple {330#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {330#true} is VALID [2022-02-20 17:59:42,293 INFO L290 TraceCheckUtils]: 4: Hoare triple {330#true} main_#t~ret68#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret68#1 && main_#t~ret68#1 <= 2147483647;main_~tmp~17#1 := main_#t~ret68#1;havoc main_#t~ret68#1; {330#true} is VALID [2022-02-20 17:59:42,293 INFO L290 TraceCheckUtils]: 5: Hoare triple {330#true} assume 0 != main_~tmp~17#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet64#1, setup_#t~nondet65#1, setup_#t~nondet66#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {330#true} is VALID [2022-02-20 17:59:42,293 INFO L272 TraceCheckUtils]: 6: Hoare triple {330#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {330#true} is VALID [2022-02-20 17:59:42,293 INFO L290 TraceCheckUtils]: 7: Hoare triple {330#true} ~handle := #in~handle;~value := #in~value; {330#true} is VALID [2022-02-20 17:59:42,294 INFO L290 TraceCheckUtils]: 8: Hoare triple {330#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {330#true} is VALID [2022-02-20 17:59:42,294 INFO L290 TraceCheckUtils]: 9: Hoare triple {330#true} assume true; {330#true} is VALID [2022-02-20 17:59:42,294 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {330#true} {330#true} #958#return; {330#true} is VALID [2022-02-20 17:59:42,294 INFO L290 TraceCheckUtils]: 11: Hoare triple {330#true} assume { :end_inline_setup_bob__wrappee__Base } true; {330#true} is VALID [2022-02-20 17:59:42,294 INFO L272 TraceCheckUtils]: 12: Hoare triple {330#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {330#true} is VALID [2022-02-20 17:59:42,295 INFO L290 TraceCheckUtils]: 13: Hoare triple {330#true} ~handle := #in~handle;~value := #in~value; {330#true} is VALID [2022-02-20 17:59:42,295 INFO L290 TraceCheckUtils]: 14: Hoare triple {330#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {330#true} is VALID [2022-02-20 17:59:42,295 INFO L290 TraceCheckUtils]: 15: Hoare triple {330#true} assume true; {330#true} is VALID [2022-02-20 17:59:42,295 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {330#true} {330#true} #960#return; {330#true} is VALID [2022-02-20 17:59:42,295 INFO L290 TraceCheckUtils]: 17: Hoare triple {330#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 19, 0;havoc setup_#t~nondet64#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {330#true} is VALID [2022-02-20 17:59:42,296 INFO L272 TraceCheckUtils]: 18: Hoare triple {330#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {330#true} is VALID [2022-02-20 17:59:42,296 INFO L290 TraceCheckUtils]: 19: Hoare triple {330#true} ~handle := #in~handle;~value := #in~value; {330#true} is VALID [2022-02-20 17:59:42,296 INFO L290 TraceCheckUtils]: 20: Hoare triple {330#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {330#true} is VALID [2022-02-20 17:59:42,296 INFO L290 TraceCheckUtils]: 21: Hoare triple {330#true} assume true; {330#true} is VALID [2022-02-20 17:59:42,296 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {330#true} {330#true} #962#return; {330#true} is VALID [2022-02-20 17:59:42,297 INFO L290 TraceCheckUtils]: 23: Hoare triple {330#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {330#true} is VALID [2022-02-20 17:59:42,297 INFO L272 TraceCheckUtils]: 24: Hoare triple {330#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {330#true} is VALID [2022-02-20 17:59:42,297 INFO L290 TraceCheckUtils]: 25: Hoare triple {330#true} ~handle := #in~handle;~value := #in~value; {330#true} is VALID [2022-02-20 17:59:42,297 INFO L290 TraceCheckUtils]: 26: Hoare triple {330#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {330#true} is VALID [2022-02-20 17:59:42,297 INFO L290 TraceCheckUtils]: 27: Hoare triple {330#true} assume true; {330#true} is VALID [2022-02-20 17:59:42,298 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {330#true} {330#true} #964#return; {330#true} is VALID [2022-02-20 17:59:42,298 INFO L290 TraceCheckUtils]: 29: Hoare triple {330#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 20, 0;havoc setup_#t~nondet65#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {330#true} is VALID [2022-02-20 17:59:42,298 INFO L272 TraceCheckUtils]: 30: Hoare triple {330#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {330#true} is VALID [2022-02-20 17:59:42,298 INFO L290 TraceCheckUtils]: 31: Hoare triple {330#true} ~handle := #in~handle;~value := #in~value; {330#true} is VALID [2022-02-20 17:59:42,298 INFO L290 TraceCheckUtils]: 32: Hoare triple {330#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {330#true} is VALID [2022-02-20 17:59:42,299 INFO L290 TraceCheckUtils]: 33: Hoare triple {330#true} assume true; {330#true} is VALID [2022-02-20 17:59:42,299 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {330#true} {330#true} #966#return; {330#true} is VALID [2022-02-20 17:59:42,299 INFO L290 TraceCheckUtils]: 35: Hoare triple {330#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {330#true} is VALID [2022-02-20 17:59:42,299 INFO L272 TraceCheckUtils]: 36: Hoare triple {330#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {330#true} is VALID [2022-02-20 17:59:42,299 INFO L290 TraceCheckUtils]: 37: Hoare triple {330#true} ~handle := #in~handle;~value := #in~value; {330#true} is VALID [2022-02-20 17:59:42,300 INFO L290 TraceCheckUtils]: 38: Hoare triple {330#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {330#true} is VALID [2022-02-20 17:59:42,300 INFO L290 TraceCheckUtils]: 39: Hoare triple {330#true} assume true; {330#true} is VALID [2022-02-20 17:59:42,300 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {330#true} {330#true} #968#return; {330#true} is VALID [2022-02-20 17:59:42,300 INFO L290 TraceCheckUtils]: 41: Hoare triple {330#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 21, 0;havoc setup_#t~nondet66#1; {330#true} is VALID [2022-02-20 17:59:42,300 INFO L290 TraceCheckUtils]: 42: Hoare triple {330#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {330#true} is VALID [2022-02-20 17:59:42,301 INFO L290 TraceCheckUtils]: 43: Hoare triple {330#true} assume !true; {331#false} is VALID [2022-02-20 17:59:42,301 INFO L290 TraceCheckUtils]: 44: Hoare triple {331#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_#t~ret61#1, bobToRjh_#t~ret62#1, bobToRjh_~tmp~16#1, bobToRjh_~tmp___0~7#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~16#1;havoc bobToRjh_~tmp___0~7#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret59#1 := puts(17, 0);assume -2147483648 <= bobToRjh_#t~ret59#1 && bobToRjh_#t~ret59#1 <= 2147483647;havoc bobToRjh_#t~ret59#1; {331#false} is VALID [2022-02-20 17:59:42,301 INFO L272 TraceCheckUtils]: 45: Hoare triple {331#false} call sendEmail(~bob~0, ~rjh~0); {331#false} is VALID [2022-02-20 17:59:42,302 INFO L290 TraceCheckUtils]: 46: Hoare triple {331#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~39#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~39#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {331#false} is VALID [2022-02-20 17:59:42,302 INFO L272 TraceCheckUtils]: 47: Hoare triple {331#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {331#false} is VALID [2022-02-20 17:59:42,302 INFO L290 TraceCheckUtils]: 48: Hoare triple {331#false} ~handle := #in~handle;~value := #in~value; {331#false} is VALID [2022-02-20 17:59:42,302 INFO L290 TraceCheckUtils]: 49: Hoare triple {331#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {331#false} is VALID [2022-02-20 17:59:42,302 INFO L290 TraceCheckUtils]: 50: Hoare triple {331#false} assume true; {331#false} is VALID [2022-02-20 17:59:42,302 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {331#false} {331#false} #946#return; {331#false} is VALID [2022-02-20 17:59:42,303 INFO L290 TraceCheckUtils]: 52: Hoare triple {331#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {331#false} is VALID [2022-02-20 17:59:42,303 INFO L290 TraceCheckUtils]: 53: Hoare triple {331#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {331#false} is VALID [2022-02-20 17:59:42,303 INFO L290 TraceCheckUtils]: 54: Hoare triple {331#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~39#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~39#1; {331#false} is VALID [2022-02-20 17:59:42,303 INFO L290 TraceCheckUtils]: 55: Hoare triple {331#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {331#false} is VALID [2022-02-20 17:59:42,303 INFO L272 TraceCheckUtils]: 56: Hoare triple {331#false} call outgoing(~sender#1, ~email~0#1); {331#false} is VALID [2022-02-20 17:59:42,304 INFO L290 TraceCheckUtils]: 57: Hoare triple {331#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret18#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~6#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~6#1; {331#false} is VALID [2022-02-20 17:59:42,304 INFO L272 TraceCheckUtils]: 58: Hoare triple {331#false} call sign_#t~ret18#1 := getClientPrivateKey(sign_~client#1); {331#false} is VALID [2022-02-20 17:59:42,304 INFO L290 TraceCheckUtils]: 59: Hoare triple {331#false} ~handle := #in~handle;havoc ~retValue_acc~28; {331#false} is VALID [2022-02-20 17:59:42,304 INFO L290 TraceCheckUtils]: 60: Hoare triple {331#false} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {331#false} is VALID [2022-02-20 17:59:42,304 INFO L290 TraceCheckUtils]: 61: Hoare triple {331#false} assume true; {331#false} is VALID [2022-02-20 17:59:42,305 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {331#false} {331#false} #904#return; {331#false} is VALID [2022-02-20 17:59:42,305 INFO L290 TraceCheckUtils]: 63: Hoare triple {331#false} assume -2147483648 <= sign_#t~ret18#1 && sign_#t~ret18#1 <= 2147483647;sign_~tmp~6#1 := sign_#t~ret18#1;havoc sign_#t~ret18#1;sign_~privkey~1#1 := sign_~tmp~6#1; {331#false} is VALID [2022-02-20 17:59:42,305 INFO L290 TraceCheckUtils]: 64: Hoare triple {331#false} assume 0 == sign_~privkey~1#1; {331#false} is VALID [2022-02-20 17:59:42,305 INFO L290 TraceCheckUtils]: 65: Hoare triple {331#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret8#1, outgoing__wrappee__Encrypt_#t~ret9#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~2#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~0#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~2#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~0#1; {331#false} is VALID [2022-02-20 17:59:42,305 INFO L272 TraceCheckUtils]: 66: Hoare triple {331#false} call outgoing__wrappee__Encrypt_#t~ret8#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {331#false} is VALID [2022-02-20 17:59:42,306 INFO L290 TraceCheckUtils]: 67: Hoare triple {331#false} ~handle := #in~handle;havoc ~retValue_acc~11; {331#false} is VALID [2022-02-20 17:59:42,306 INFO L290 TraceCheckUtils]: 68: Hoare triple {331#false} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {331#false} is VALID [2022-02-20 17:59:42,306 INFO L290 TraceCheckUtils]: 69: Hoare triple {331#false} assume true; {331#false} is VALID [2022-02-20 17:59:42,306 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {331#false} {331#false} #906#return; {331#false} is VALID [2022-02-20 17:59:42,306 INFO L290 TraceCheckUtils]: 71: Hoare triple {331#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret8#1 && outgoing__wrappee__Encrypt_#t~ret8#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~2#1 := outgoing__wrappee__Encrypt_#t~ret8#1;havoc outgoing__wrappee__Encrypt_#t~ret8#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~2#1; {331#false} is VALID [2022-02-20 17:59:42,307 INFO L272 TraceCheckUtils]: 72: Hoare triple {331#false} call outgoing__wrappee__Encrypt_#t~ret9#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {331#false} is VALID [2022-02-20 17:59:42,307 INFO L290 TraceCheckUtils]: 73: Hoare triple {331#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~33; {331#false} is VALID [2022-02-20 17:59:42,307 INFO L290 TraceCheckUtils]: 74: Hoare triple {331#false} assume 1 == ~handle; {331#false} is VALID [2022-02-20 17:59:42,307 INFO L290 TraceCheckUtils]: 75: Hoare triple {331#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~33 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~33; {331#false} is VALID [2022-02-20 17:59:42,307 INFO L290 TraceCheckUtils]: 76: Hoare triple {331#false} assume true; {331#false} is VALID [2022-02-20 17:59:42,308 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {331#false} {331#false} #908#return; {331#false} is VALID [2022-02-20 17:59:42,308 INFO L290 TraceCheckUtils]: 78: Hoare triple {331#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret9#1 && outgoing__wrappee__Encrypt_#t~ret9#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~0#1 := outgoing__wrappee__Encrypt_#t~ret9#1;havoc outgoing__wrappee__Encrypt_#t~ret9#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~0#1; {331#false} is VALID [2022-02-20 17:59:42,308 INFO L290 TraceCheckUtils]: 79: Hoare triple {331#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {331#false} is VALID [2022-02-20 17:59:42,308 INFO L290 TraceCheckUtils]: 80: Hoare triple {331#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret7#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~1#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~35#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~35#1; {331#false} is VALID [2022-02-20 17:59:42,308 INFO L290 TraceCheckUtils]: 81: Hoare triple {331#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~35#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~35#1; {331#false} is VALID [2022-02-20 17:59:42,309 INFO L290 TraceCheckUtils]: 82: Hoare triple {331#false} outgoing__wrappee__Keys_#t~ret7#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret7#1 && outgoing__wrappee__Keys_#t~ret7#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~1#1 := outgoing__wrappee__Keys_#t~ret7#1;havoc outgoing__wrappee__Keys_#t~ret7#1; {331#false} is VALID [2022-02-20 17:59:42,309 INFO L272 TraceCheckUtils]: 83: Hoare triple {331#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~1#1); {331#false} is VALID [2022-02-20 17:59:42,309 INFO L290 TraceCheckUtils]: 84: Hoare triple {331#false} ~handle := #in~handle;~value := #in~value; {331#false} is VALID [2022-02-20 17:59:42,309 INFO L290 TraceCheckUtils]: 85: Hoare triple {331#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {331#false} is VALID [2022-02-20 17:59:42,309 INFO L290 TraceCheckUtils]: 86: Hoare triple {331#false} assume true; {331#false} is VALID [2022-02-20 17:59:42,310 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {331#false} {331#false} #914#return; {331#false} is VALID [2022-02-20 17:59:42,310 INFO L290 TraceCheckUtils]: 88: Hoare triple {331#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret5#1, mail_#t~ret6#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~0#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret80#1, __utac_acc__SignForward_spec__1_#t~ret81#1, __utac_acc__SignForward_spec__1_#t~ret82#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~19#1, __utac_acc__SignForward_spec__1_~tmp___0~9#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~19#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~9#1;call __utac_acc__SignForward_spec__1_#t~ret80#1 := puts(25, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret80#1 && __utac_acc__SignForward_spec__1_#t~ret80#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret80#1; {331#false} is VALID [2022-02-20 17:59:42,310 INFO L272 TraceCheckUtils]: 89: Hoare triple {331#false} call __utac_acc__SignForward_spec__1_#t~ret81#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {331#false} is VALID [2022-02-20 17:59:42,310 INFO L290 TraceCheckUtils]: 90: Hoare triple {331#false} ~handle := #in~handle;havoc ~retValue_acc~16; {331#false} is VALID [2022-02-20 17:59:42,310 INFO L290 TraceCheckUtils]: 91: Hoare triple {331#false} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~16; {331#false} is VALID [2022-02-20 17:59:42,311 INFO L290 TraceCheckUtils]: 92: Hoare triple {331#false} assume true; {331#false} is VALID [2022-02-20 17:59:42,311 INFO L284 TraceCheckUtils]: 93: Hoare quadruple {331#false} {331#false} #916#return; {331#false} is VALID [2022-02-20 17:59:42,311 INFO L290 TraceCheckUtils]: 94: Hoare triple {331#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret81#1 && __utac_acc__SignForward_spec__1_#t~ret81#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~9#1 := __utac_acc__SignForward_spec__1_#t~ret81#1;havoc __utac_acc__SignForward_spec__1_#t~ret81#1; {331#false} is VALID [2022-02-20 17:59:42,311 INFO L290 TraceCheckUtils]: 95: Hoare triple {331#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~9#1; {331#false} is VALID [2022-02-20 17:59:42,311 INFO L272 TraceCheckUtils]: 96: Hoare triple {331#false} call __utac_acc__SignForward_spec__1_#t~ret82#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {331#false} is VALID [2022-02-20 17:59:42,312 INFO L290 TraceCheckUtils]: 97: Hoare triple {331#false} ~handle := #in~handle;havoc ~retValue_acc~28; {331#false} is VALID [2022-02-20 17:59:42,312 INFO L290 TraceCheckUtils]: 98: Hoare triple {331#false} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {331#false} is VALID [2022-02-20 17:59:42,312 INFO L290 TraceCheckUtils]: 99: Hoare triple {331#false} assume true; {331#false} is VALID [2022-02-20 17:59:42,312 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {331#false} {331#false} #918#return; {331#false} is VALID [2022-02-20 17:59:42,312 INFO L290 TraceCheckUtils]: 101: Hoare triple {331#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret82#1 && __utac_acc__SignForward_spec__1_#t~ret82#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~19#1 := __utac_acc__SignForward_spec__1_#t~ret82#1;havoc __utac_acc__SignForward_spec__1_#t~ret82#1; {331#false} is VALID [2022-02-20 17:59:42,312 INFO L290 TraceCheckUtils]: 102: Hoare triple {331#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~19#1;assume { :begin_inline___automaton_fail } true; {331#false} is VALID [2022-02-20 17:59:42,313 INFO L290 TraceCheckUtils]: 103: Hoare triple {331#false} assume !false; {331#false} is VALID [2022-02-20 17:59:42,313 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 32 trivial. 0 not checked. [2022-02-20 17:59:42,313 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:59:42,314 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1535097502] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:42,314 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:59:42,314 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [8] total 8 [2022-02-20 17:59:42,316 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2045462576] [2022-02-20 17:59:42,317 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:42,322 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 29.0) internal successors, (58), 2 states have internal predecessors, (58), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) Word has length 104 [2022-02-20 17:59:42,323 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:42,328 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 29.0) internal successors, (58), 2 states have internal predecessors, (58), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:59:42,416 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 86 edges. 86 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:42,417 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 17:59:42,417 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:42,438 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 17:59:42,439 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2022-02-20 17:59:42,445 INFO L87 Difference]: Start difference. First operand has 327 states, 253 states have (on average 1.5217391304347827) internal successors, (385), 257 states have internal predecessors, (385), 50 states have call successors, (50), 22 states have call predecessors, (50), 22 states have return successors, (50), 50 states have call predecessors, (50), 50 states have call successors, (50) Second operand has 2 states, 2 states have (on average 29.0) internal successors, (58), 2 states have internal predecessors, (58), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:59:42,775 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:42,776 INFO L93 Difference]: Finished difference Result 505 states and 732 transitions. [2022-02-20 17:59:42,776 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 17:59:42,776 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 29.0) internal successors, (58), 2 states have internal predecessors, (58), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) Word has length 104 [2022-02-20 17:59:42,777 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:42,778 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 29.0) internal successors, (58), 2 states have internal predecessors, (58), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:59:42,797 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 732 transitions. [2022-02-20 17:59:42,798 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 29.0) internal successors, (58), 2 states have internal predecessors, (58), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:59:42,811 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 732 transitions. [2022-02-20 17:59:42,812 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 732 transitions. [2022-02-20 17:59:43,492 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 732 edges. 732 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:43,520 INFO L225 Difference]: With dead ends: 505 [2022-02-20 17:59:43,521 INFO L226 Difference]: Without dead ends: 320 [2022-02-20 17:59:43,525 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 133 GetRequests, 127 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2022-02-20 17:59:43,528 INFO L933 BasicCegarLoop]: 481 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 481 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:43,529 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 481 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:59:43,544 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 320 states. [2022-02-20 17:59:43,571 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 320 to 320. [2022-02-20 17:59:43,571 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:43,573 INFO L82 GeneralOperation]: Start isEquivalent. First operand 320 states. Second operand has 320 states, 247 states have (on average 1.51417004048583) internal successors, (374), 250 states have internal predecessors, (374), 50 states have call successors, (50), 22 states have call predecessors, (50), 22 states have return successors, (49), 49 states have call predecessors, (49), 49 states have call successors, (49) [2022-02-20 17:59:43,576 INFO L74 IsIncluded]: Start isIncluded. First operand 320 states. Second operand has 320 states, 247 states have (on average 1.51417004048583) internal successors, (374), 250 states have internal predecessors, (374), 50 states have call successors, (50), 22 states have call predecessors, (50), 22 states have return successors, (49), 49 states have call predecessors, (49), 49 states have call successors, (49) [2022-02-20 17:59:43,577 INFO L87 Difference]: Start difference. First operand 320 states. Second operand has 320 states, 247 states have (on average 1.51417004048583) internal successors, (374), 250 states have internal predecessors, (374), 50 states have call successors, (50), 22 states have call predecessors, (50), 22 states have return successors, (49), 49 states have call predecessors, (49), 49 states have call successors, (49) [2022-02-20 17:59:43,596 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:43,596 INFO L93 Difference]: Finished difference Result 320 states and 473 transitions. [2022-02-20 17:59:43,597 INFO L276 IsEmpty]: Start isEmpty. Operand 320 states and 473 transitions. [2022-02-20 17:59:43,598 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:43,599 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:43,600 INFO L74 IsIncluded]: Start isIncluded. First operand has 320 states, 247 states have (on average 1.51417004048583) internal successors, (374), 250 states have internal predecessors, (374), 50 states have call successors, (50), 22 states have call predecessors, (50), 22 states have return successors, (49), 49 states have call predecessors, (49), 49 states have call successors, (49) Second operand 320 states. [2022-02-20 17:59:43,601 INFO L87 Difference]: Start difference. First operand has 320 states, 247 states have (on average 1.51417004048583) internal successors, (374), 250 states have internal predecessors, (374), 50 states have call successors, (50), 22 states have call predecessors, (50), 22 states have return successors, (49), 49 states have call predecessors, (49), 49 states have call successors, (49) Second operand 320 states. [2022-02-20 17:59:43,618 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:43,619 INFO L93 Difference]: Finished difference Result 320 states and 473 transitions. [2022-02-20 17:59:43,619 INFO L276 IsEmpty]: Start isEmpty. Operand 320 states and 473 transitions. [2022-02-20 17:59:43,620 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:43,620 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:43,620 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:43,621 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:43,622 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 320 states, 247 states have (on average 1.51417004048583) internal successors, (374), 250 states have internal predecessors, (374), 50 states have call successors, (50), 22 states have call predecessors, (50), 22 states have return successors, (49), 49 states have call predecessors, (49), 49 states have call successors, (49) [2022-02-20 17:59:43,638 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 320 states to 320 states and 473 transitions. [2022-02-20 17:59:43,639 INFO L78 Accepts]: Start accepts. Automaton has 320 states and 473 transitions. Word has length 104 [2022-02-20 17:59:43,640 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:43,640 INFO L470 AbstractCegarLoop]: Abstraction has 320 states and 473 transitions. [2022-02-20 17:59:43,640 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 29.0) internal successors, (58), 2 states have internal predecessors, (58), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:59:43,641 INFO L276 IsEmpty]: Start isEmpty. Operand 320 states and 473 transitions. [2022-02-20 17:59:43,643 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 106 [2022-02-20 17:59:43,643 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:43,643 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:43,670 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-02-20 17:59:43,868 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable0 [2022-02-20 17:59:43,868 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:43,869 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:43,869 INFO L85 PathProgramCache]: Analyzing trace with hash 598678511, now seen corresponding path program 1 times [2022-02-20 17:59:43,869 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:43,869 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1199456250] [2022-02-20 17:59:43,869 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:43,869 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:43,912 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:43,951 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:59:43,953 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:43,956 INFO L290 TraceCheckUtils]: 0: Hoare triple {2538#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2482#true} is VALID [2022-02-20 17:59:43,957 INFO L290 TraceCheckUtils]: 1: Hoare triple {2482#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2482#true} is VALID [2022-02-20 17:59:43,957 INFO L290 TraceCheckUtils]: 2: Hoare triple {2482#true} assume true; {2482#true} is VALID [2022-02-20 17:59:43,957 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2482#true} {2482#true} #958#return; {2482#true} is VALID [2022-02-20 17:59:43,963 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:59:43,966 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:43,969 INFO L290 TraceCheckUtils]: 0: Hoare triple {2539#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2482#true} is VALID [2022-02-20 17:59:43,969 INFO L290 TraceCheckUtils]: 1: Hoare triple {2482#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2482#true} is VALID [2022-02-20 17:59:43,969 INFO L290 TraceCheckUtils]: 2: Hoare triple {2482#true} assume true; {2482#true} is VALID [2022-02-20 17:59:43,970 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2482#true} {2482#true} #960#return; {2482#true} is VALID [2022-02-20 17:59:43,970 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:43,973 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:43,987 INFO L290 TraceCheckUtils]: 0: Hoare triple {2538#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2540#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:43,988 INFO L290 TraceCheckUtils]: 1: Hoare triple {2540#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2541#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:43,988 INFO L290 TraceCheckUtils]: 2: Hoare triple {2541#(= |setClientId_#in~handle| 1)} assume true; {2541#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:43,989 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2541#(= |setClientId_#in~handle| 1)} {2492#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #962#return; {2483#false} is VALID [2022-02-20 17:59:43,989 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:59:43,991 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:43,994 INFO L290 TraceCheckUtils]: 0: Hoare triple {2539#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2482#true} is VALID [2022-02-20 17:59:43,994 INFO L290 TraceCheckUtils]: 1: Hoare triple {2482#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2482#true} is VALID [2022-02-20 17:59:43,994 INFO L290 TraceCheckUtils]: 2: Hoare triple {2482#true} assume true; {2482#true} is VALID [2022-02-20 17:59:43,994 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2482#true} {2483#false} #964#return; {2483#false} is VALID [2022-02-20 17:59:43,995 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:59:43,997 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:44,000 INFO L290 TraceCheckUtils]: 0: Hoare triple {2538#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2482#true} is VALID [2022-02-20 17:59:44,000 INFO L290 TraceCheckUtils]: 1: Hoare triple {2482#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2482#true} is VALID [2022-02-20 17:59:44,000 INFO L290 TraceCheckUtils]: 2: Hoare triple {2482#true} assume true; {2482#true} is VALID [2022-02-20 17:59:44,000 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2482#true} {2483#false} #966#return; {2483#false} is VALID [2022-02-20 17:59:44,001 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:59:44,003 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:44,005 INFO L290 TraceCheckUtils]: 0: Hoare triple {2539#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2482#true} is VALID [2022-02-20 17:59:44,005 INFO L290 TraceCheckUtils]: 1: Hoare triple {2482#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2482#true} is VALID [2022-02-20 17:59:44,006 INFO L290 TraceCheckUtils]: 2: Hoare triple {2482#true} assume true; {2482#true} is VALID [2022-02-20 17:59:44,006 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2482#true} {2483#false} #968#return; {2483#false} is VALID [2022-02-20 17:59:44,013 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-02-20 17:59:44,015 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:44,017 INFO L290 TraceCheckUtils]: 0: Hoare triple {2542#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2482#true} is VALID [2022-02-20 17:59:44,017 INFO L290 TraceCheckUtils]: 1: Hoare triple {2482#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2482#true} is VALID [2022-02-20 17:59:44,018 INFO L290 TraceCheckUtils]: 2: Hoare triple {2482#true} assume true; {2482#true} is VALID [2022-02-20 17:59:44,018 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2482#true} {2483#false} #946#return; {2483#false} is VALID [2022-02-20 17:59:44,018 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 17:59:44,019 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:44,021 INFO L290 TraceCheckUtils]: 0: Hoare triple {2482#true} ~handle := #in~handle;havoc ~retValue_acc~28; {2482#true} is VALID [2022-02-20 17:59:44,022 INFO L290 TraceCheckUtils]: 1: Hoare triple {2482#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {2482#true} is VALID [2022-02-20 17:59:44,022 INFO L290 TraceCheckUtils]: 2: Hoare triple {2482#true} assume true; {2482#true} is VALID [2022-02-20 17:59:44,022 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2482#true} {2483#false} #904#return; {2483#false} is VALID [2022-02-20 17:59:44,022 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 17:59:44,023 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:44,026 INFO L290 TraceCheckUtils]: 0: Hoare triple {2482#true} ~handle := #in~handle;havoc ~retValue_acc~11; {2482#true} is VALID [2022-02-20 17:59:44,026 INFO L290 TraceCheckUtils]: 1: Hoare triple {2482#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {2482#true} is VALID [2022-02-20 17:59:44,026 INFO L290 TraceCheckUtils]: 2: Hoare triple {2482#true} assume true; {2482#true} is VALID [2022-02-20 17:59:44,026 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2482#true} {2483#false} #906#return; {2483#false} is VALID [2022-02-20 17:59:44,027 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 73 [2022-02-20 17:59:44,028 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:44,030 INFO L290 TraceCheckUtils]: 0: Hoare triple {2482#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~33; {2482#true} is VALID [2022-02-20 17:59:44,030 INFO L290 TraceCheckUtils]: 1: Hoare triple {2482#true} assume 1 == ~handle; {2482#true} is VALID [2022-02-20 17:59:44,030 INFO L290 TraceCheckUtils]: 2: Hoare triple {2482#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~33 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~33; {2482#true} is VALID [2022-02-20 17:59:44,031 INFO L290 TraceCheckUtils]: 3: Hoare triple {2482#true} assume true; {2482#true} is VALID [2022-02-20 17:59:44,031 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {2482#true} {2483#false} #908#return; {2483#false} is VALID [2022-02-20 17:59:44,031 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 17:59:44,032 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:44,035 INFO L290 TraceCheckUtils]: 0: Hoare triple {2542#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2482#true} is VALID [2022-02-20 17:59:44,035 INFO L290 TraceCheckUtils]: 1: Hoare triple {2482#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2482#true} is VALID [2022-02-20 17:59:44,035 INFO L290 TraceCheckUtils]: 2: Hoare triple {2482#true} assume true; {2482#true} is VALID [2022-02-20 17:59:44,035 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2482#true} {2483#false} #914#return; {2483#false} is VALID [2022-02-20 17:59:44,036 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90 [2022-02-20 17:59:44,037 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:44,039 INFO L290 TraceCheckUtils]: 0: Hoare triple {2482#true} ~handle := #in~handle;havoc ~retValue_acc~16; {2482#true} is VALID [2022-02-20 17:59:44,039 INFO L290 TraceCheckUtils]: 1: Hoare triple {2482#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~16; {2482#true} is VALID [2022-02-20 17:59:44,039 INFO L290 TraceCheckUtils]: 2: Hoare triple {2482#true} assume true; {2482#true} is VALID [2022-02-20 17:59:44,039 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2482#true} {2483#false} #916#return; {2483#false} is VALID [2022-02-20 17:59:44,039 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 97 [2022-02-20 17:59:44,040 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:44,043 INFO L290 TraceCheckUtils]: 0: Hoare triple {2482#true} ~handle := #in~handle;havoc ~retValue_acc~28; {2482#true} is VALID [2022-02-20 17:59:44,043 INFO L290 TraceCheckUtils]: 1: Hoare triple {2482#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {2482#true} is VALID [2022-02-20 17:59:44,043 INFO L290 TraceCheckUtils]: 2: Hoare triple {2482#true} assume true; {2482#true} is VALID [2022-02-20 17:59:44,043 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2482#true} {2483#false} #918#return; {2483#false} is VALID [2022-02-20 17:59:44,043 INFO L290 TraceCheckUtils]: 0: Hoare triple {2482#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(16, 5);call #Ultimate.allocInit(20, 6);call #Ultimate.allocInit(4, 7);call write~init~int(37, 7, 0, 1);call write~init~int(115, 7, 1, 1);call write~init~int(10, 7, 2, 1);call write~init~int(0, 7, 3, 1);call #Ultimate.allocInit(10, 8);call #Ultimate.allocInit(12, 9);call #Ultimate.allocInit(10, 10);call #Ultimate.allocInit(18, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(21, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(16, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(44, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(11, 21);call #Ultimate.allocInit(19, 22);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(100, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(21, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(25, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {2482#true} is VALID [2022-02-20 17:59:44,044 INFO L290 TraceCheckUtils]: 1: Hoare triple {2482#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet67#1, main_#t~ret68#1, main_~retValue_acc~40#1, main_~tmp~17#1;assume -2147483648 <= main_#t~nondet67#1 && main_#t~nondet67#1 <= 2147483647;main_~retValue_acc~40#1 := main_#t~nondet67#1;havoc main_#t~nondet67#1;havoc main_~tmp~17#1;assume { :begin_inline_select_helpers } true; {2482#true} is VALID [2022-02-20 17:59:44,044 INFO L290 TraceCheckUtils]: 2: Hoare triple {2482#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2482#true} is VALID [2022-02-20 17:59:44,044 INFO L290 TraceCheckUtils]: 3: Hoare triple {2482#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {2482#true} is VALID [2022-02-20 17:59:44,044 INFO L290 TraceCheckUtils]: 4: Hoare triple {2482#true} main_#t~ret68#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret68#1 && main_#t~ret68#1 <= 2147483647;main_~tmp~17#1 := main_#t~ret68#1;havoc main_#t~ret68#1; {2482#true} is VALID [2022-02-20 17:59:44,044 INFO L290 TraceCheckUtils]: 5: Hoare triple {2482#true} assume 0 != main_~tmp~17#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet64#1, setup_#t~nondet65#1, setup_#t~nondet66#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2482#true} is VALID [2022-02-20 17:59:44,045 INFO L272 TraceCheckUtils]: 6: Hoare triple {2482#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2538#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:44,045 INFO L290 TraceCheckUtils]: 7: Hoare triple {2538#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2482#true} is VALID [2022-02-20 17:59:44,045 INFO L290 TraceCheckUtils]: 8: Hoare triple {2482#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2482#true} is VALID [2022-02-20 17:59:44,046 INFO L290 TraceCheckUtils]: 9: Hoare triple {2482#true} assume true; {2482#true} is VALID [2022-02-20 17:59:44,046 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2482#true} {2482#true} #958#return; {2482#true} is VALID [2022-02-20 17:59:44,046 INFO L290 TraceCheckUtils]: 11: Hoare triple {2482#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2482#true} is VALID [2022-02-20 17:59:44,060 INFO L272 TraceCheckUtils]: 12: Hoare triple {2482#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2539#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:44,060 INFO L290 TraceCheckUtils]: 13: Hoare triple {2539#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2482#true} is VALID [2022-02-20 17:59:44,060 INFO L290 TraceCheckUtils]: 14: Hoare triple {2482#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2482#true} is VALID [2022-02-20 17:59:44,060 INFO L290 TraceCheckUtils]: 15: Hoare triple {2482#true} assume true; {2482#true} is VALID [2022-02-20 17:59:44,060 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2482#true} {2482#true} #960#return; {2482#true} is VALID [2022-02-20 17:59:44,061 INFO L290 TraceCheckUtils]: 17: Hoare triple {2482#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 19, 0;havoc setup_#t~nondet64#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2492#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:59:44,062 INFO L272 TraceCheckUtils]: 18: Hoare triple {2492#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2538#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:44,062 INFO L290 TraceCheckUtils]: 19: Hoare triple {2538#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2540#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:44,063 INFO L290 TraceCheckUtils]: 20: Hoare triple {2540#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2541#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:44,063 INFO L290 TraceCheckUtils]: 21: Hoare triple {2541#(= |setClientId_#in~handle| 1)} assume true; {2541#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:44,064 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {2541#(= |setClientId_#in~handle| 1)} {2492#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #962#return; {2483#false} is VALID [2022-02-20 17:59:44,064 INFO L290 TraceCheckUtils]: 23: Hoare triple {2483#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {2483#false} is VALID [2022-02-20 17:59:44,064 INFO L272 TraceCheckUtils]: 24: Hoare triple {2483#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2539#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:44,064 INFO L290 TraceCheckUtils]: 25: Hoare triple {2539#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2482#true} is VALID [2022-02-20 17:59:44,064 INFO L290 TraceCheckUtils]: 26: Hoare triple {2482#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2482#true} is VALID [2022-02-20 17:59:44,064 INFO L290 TraceCheckUtils]: 27: Hoare triple {2482#true} assume true; {2482#true} is VALID [2022-02-20 17:59:44,064 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2482#true} {2483#false} #964#return; {2483#false} is VALID [2022-02-20 17:59:44,064 INFO L290 TraceCheckUtils]: 29: Hoare triple {2483#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 20, 0;havoc setup_#t~nondet65#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2483#false} is VALID [2022-02-20 17:59:44,065 INFO L272 TraceCheckUtils]: 30: Hoare triple {2483#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2538#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:44,065 INFO L290 TraceCheckUtils]: 31: Hoare triple {2538#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2482#true} is VALID [2022-02-20 17:59:44,065 INFO L290 TraceCheckUtils]: 32: Hoare triple {2482#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2482#true} is VALID [2022-02-20 17:59:44,065 INFO L290 TraceCheckUtils]: 33: Hoare triple {2482#true} assume true; {2482#true} is VALID [2022-02-20 17:59:44,065 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {2482#true} {2483#false} #966#return; {2483#false} is VALID [2022-02-20 17:59:44,065 INFO L290 TraceCheckUtils]: 35: Hoare triple {2483#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {2483#false} is VALID [2022-02-20 17:59:44,065 INFO L272 TraceCheckUtils]: 36: Hoare triple {2483#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2539#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:44,065 INFO L290 TraceCheckUtils]: 37: Hoare triple {2539#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2482#true} is VALID [2022-02-20 17:59:44,066 INFO L290 TraceCheckUtils]: 38: Hoare triple {2482#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2482#true} is VALID [2022-02-20 17:59:44,066 INFO L290 TraceCheckUtils]: 39: Hoare triple {2482#true} assume true; {2482#true} is VALID [2022-02-20 17:59:44,066 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2482#true} {2483#false} #968#return; {2483#false} is VALID [2022-02-20 17:59:44,066 INFO L290 TraceCheckUtils]: 41: Hoare triple {2483#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 21, 0;havoc setup_#t~nondet66#1; {2483#false} is VALID [2022-02-20 17:59:44,066 INFO L290 TraceCheckUtils]: 42: Hoare triple {2483#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {2483#false} is VALID [2022-02-20 17:59:44,066 INFO L290 TraceCheckUtils]: 43: Hoare triple {2483#false} assume !false; {2483#false} is VALID [2022-02-20 17:59:44,066 INFO L290 TraceCheckUtils]: 44: Hoare triple {2483#false} assume !(test_~splverifierCounter~0#1 < 4); {2483#false} is VALID [2022-02-20 17:59:44,066 INFO L290 TraceCheckUtils]: 45: Hoare triple {2483#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_#t~ret61#1, bobToRjh_#t~ret62#1, bobToRjh_~tmp~16#1, bobToRjh_~tmp___0~7#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~16#1;havoc bobToRjh_~tmp___0~7#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret59#1 := puts(17, 0);assume -2147483648 <= bobToRjh_#t~ret59#1 && bobToRjh_#t~ret59#1 <= 2147483647;havoc bobToRjh_#t~ret59#1; {2483#false} is VALID [2022-02-20 17:59:44,067 INFO L272 TraceCheckUtils]: 46: Hoare triple {2483#false} call sendEmail(~bob~0, ~rjh~0); {2483#false} is VALID [2022-02-20 17:59:44,067 INFO L290 TraceCheckUtils]: 47: Hoare triple {2483#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~39#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~39#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2483#false} is VALID [2022-02-20 17:59:44,067 INFO L272 TraceCheckUtils]: 48: Hoare triple {2483#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2542#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:44,067 INFO L290 TraceCheckUtils]: 49: Hoare triple {2542#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2482#true} is VALID [2022-02-20 17:59:44,067 INFO L290 TraceCheckUtils]: 50: Hoare triple {2482#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2482#true} is VALID [2022-02-20 17:59:44,067 INFO L290 TraceCheckUtils]: 51: Hoare triple {2482#true} assume true; {2482#true} is VALID [2022-02-20 17:59:44,067 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {2482#true} {2483#false} #946#return; {2483#false} is VALID [2022-02-20 17:59:44,067 INFO L290 TraceCheckUtils]: 53: Hoare triple {2483#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {2483#false} is VALID [2022-02-20 17:59:44,068 INFO L290 TraceCheckUtils]: 54: Hoare triple {2483#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {2483#false} is VALID [2022-02-20 17:59:44,068 INFO L290 TraceCheckUtils]: 55: Hoare triple {2483#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~39#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~39#1; {2483#false} is VALID [2022-02-20 17:59:44,068 INFO L290 TraceCheckUtils]: 56: Hoare triple {2483#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {2483#false} is VALID [2022-02-20 17:59:44,068 INFO L272 TraceCheckUtils]: 57: Hoare triple {2483#false} call outgoing(~sender#1, ~email~0#1); {2483#false} is VALID [2022-02-20 17:59:44,068 INFO L290 TraceCheckUtils]: 58: Hoare triple {2483#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret18#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~6#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~6#1; {2483#false} is VALID [2022-02-20 17:59:44,068 INFO L272 TraceCheckUtils]: 59: Hoare triple {2483#false} call sign_#t~ret18#1 := getClientPrivateKey(sign_~client#1); {2482#true} is VALID [2022-02-20 17:59:44,068 INFO L290 TraceCheckUtils]: 60: Hoare triple {2482#true} ~handle := #in~handle;havoc ~retValue_acc~28; {2482#true} is VALID [2022-02-20 17:59:44,068 INFO L290 TraceCheckUtils]: 61: Hoare triple {2482#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {2482#true} is VALID [2022-02-20 17:59:44,068 INFO L290 TraceCheckUtils]: 62: Hoare triple {2482#true} assume true; {2482#true} is VALID [2022-02-20 17:59:44,069 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {2482#true} {2483#false} #904#return; {2483#false} is VALID [2022-02-20 17:59:44,069 INFO L290 TraceCheckUtils]: 64: Hoare triple {2483#false} assume -2147483648 <= sign_#t~ret18#1 && sign_#t~ret18#1 <= 2147483647;sign_~tmp~6#1 := sign_#t~ret18#1;havoc sign_#t~ret18#1;sign_~privkey~1#1 := sign_~tmp~6#1; {2483#false} is VALID [2022-02-20 17:59:44,069 INFO L290 TraceCheckUtils]: 65: Hoare triple {2483#false} assume 0 == sign_~privkey~1#1; {2483#false} is VALID [2022-02-20 17:59:44,069 INFO L290 TraceCheckUtils]: 66: Hoare triple {2483#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret8#1, outgoing__wrappee__Encrypt_#t~ret9#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~2#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~0#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~2#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~0#1; {2483#false} is VALID [2022-02-20 17:59:44,069 INFO L272 TraceCheckUtils]: 67: Hoare triple {2483#false} call outgoing__wrappee__Encrypt_#t~ret8#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {2482#true} is VALID [2022-02-20 17:59:44,069 INFO L290 TraceCheckUtils]: 68: Hoare triple {2482#true} ~handle := #in~handle;havoc ~retValue_acc~11; {2482#true} is VALID [2022-02-20 17:59:44,069 INFO L290 TraceCheckUtils]: 69: Hoare triple {2482#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {2482#true} is VALID [2022-02-20 17:59:44,069 INFO L290 TraceCheckUtils]: 70: Hoare triple {2482#true} assume true; {2482#true} is VALID [2022-02-20 17:59:44,070 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {2482#true} {2483#false} #906#return; {2483#false} is VALID [2022-02-20 17:59:44,070 INFO L290 TraceCheckUtils]: 72: Hoare triple {2483#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret8#1 && outgoing__wrappee__Encrypt_#t~ret8#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~2#1 := outgoing__wrappee__Encrypt_#t~ret8#1;havoc outgoing__wrappee__Encrypt_#t~ret8#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~2#1; {2483#false} is VALID [2022-02-20 17:59:44,070 INFO L272 TraceCheckUtils]: 73: Hoare triple {2483#false} call outgoing__wrappee__Encrypt_#t~ret9#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {2482#true} is VALID [2022-02-20 17:59:44,070 INFO L290 TraceCheckUtils]: 74: Hoare triple {2482#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~33; {2482#true} is VALID [2022-02-20 17:59:44,070 INFO L290 TraceCheckUtils]: 75: Hoare triple {2482#true} assume 1 == ~handle; {2482#true} is VALID [2022-02-20 17:59:44,070 INFO L290 TraceCheckUtils]: 76: Hoare triple {2482#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~33 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~33; {2482#true} is VALID [2022-02-20 17:59:44,071 INFO L290 TraceCheckUtils]: 77: Hoare triple {2482#true} assume true; {2482#true} is VALID [2022-02-20 17:59:44,071 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {2482#true} {2483#false} #908#return; {2483#false} is VALID [2022-02-20 17:59:44,071 INFO L290 TraceCheckUtils]: 79: Hoare triple {2483#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret9#1 && outgoing__wrappee__Encrypt_#t~ret9#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~0#1 := outgoing__wrappee__Encrypt_#t~ret9#1;havoc outgoing__wrappee__Encrypt_#t~ret9#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~0#1; {2483#false} is VALID [2022-02-20 17:59:44,071 INFO L290 TraceCheckUtils]: 80: Hoare triple {2483#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {2483#false} is VALID [2022-02-20 17:59:44,071 INFO L290 TraceCheckUtils]: 81: Hoare triple {2483#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret7#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~1#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~35#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~35#1; {2483#false} is VALID [2022-02-20 17:59:44,071 INFO L290 TraceCheckUtils]: 82: Hoare triple {2483#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~35#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~35#1; {2483#false} is VALID [2022-02-20 17:59:44,072 INFO L290 TraceCheckUtils]: 83: Hoare triple {2483#false} outgoing__wrappee__Keys_#t~ret7#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret7#1 && outgoing__wrappee__Keys_#t~ret7#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~1#1 := outgoing__wrappee__Keys_#t~ret7#1;havoc outgoing__wrappee__Keys_#t~ret7#1; {2483#false} is VALID [2022-02-20 17:59:44,072 INFO L272 TraceCheckUtils]: 84: Hoare triple {2483#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~1#1); {2542#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:44,072 INFO L290 TraceCheckUtils]: 85: Hoare triple {2542#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2482#true} is VALID [2022-02-20 17:59:44,072 INFO L290 TraceCheckUtils]: 86: Hoare triple {2482#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2482#true} is VALID [2022-02-20 17:59:44,072 INFO L290 TraceCheckUtils]: 87: Hoare triple {2482#true} assume true; {2482#true} is VALID [2022-02-20 17:59:44,072 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {2482#true} {2483#false} #914#return; {2483#false} is VALID [2022-02-20 17:59:44,073 INFO L290 TraceCheckUtils]: 89: Hoare triple {2483#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret5#1, mail_#t~ret6#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~0#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret80#1, __utac_acc__SignForward_spec__1_#t~ret81#1, __utac_acc__SignForward_spec__1_#t~ret82#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~19#1, __utac_acc__SignForward_spec__1_~tmp___0~9#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~19#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~9#1;call __utac_acc__SignForward_spec__1_#t~ret80#1 := puts(25, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret80#1 && __utac_acc__SignForward_spec__1_#t~ret80#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret80#1; {2483#false} is VALID [2022-02-20 17:59:44,073 INFO L272 TraceCheckUtils]: 90: Hoare triple {2483#false} call __utac_acc__SignForward_spec__1_#t~ret81#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {2482#true} is VALID [2022-02-20 17:59:44,073 INFO L290 TraceCheckUtils]: 91: Hoare triple {2482#true} ~handle := #in~handle;havoc ~retValue_acc~16; {2482#true} is VALID [2022-02-20 17:59:44,073 INFO L290 TraceCheckUtils]: 92: Hoare triple {2482#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~16; {2482#true} is VALID [2022-02-20 17:59:44,073 INFO L290 TraceCheckUtils]: 93: Hoare triple {2482#true} assume true; {2482#true} is VALID [2022-02-20 17:59:44,073 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {2482#true} {2483#false} #916#return; {2483#false} is VALID [2022-02-20 17:59:44,074 INFO L290 TraceCheckUtils]: 95: Hoare triple {2483#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret81#1 && __utac_acc__SignForward_spec__1_#t~ret81#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~9#1 := __utac_acc__SignForward_spec__1_#t~ret81#1;havoc __utac_acc__SignForward_spec__1_#t~ret81#1; {2483#false} is VALID [2022-02-20 17:59:44,074 INFO L290 TraceCheckUtils]: 96: Hoare triple {2483#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~9#1; {2483#false} is VALID [2022-02-20 17:59:44,074 INFO L272 TraceCheckUtils]: 97: Hoare triple {2483#false} call __utac_acc__SignForward_spec__1_#t~ret82#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {2482#true} is VALID [2022-02-20 17:59:44,074 INFO L290 TraceCheckUtils]: 98: Hoare triple {2482#true} ~handle := #in~handle;havoc ~retValue_acc~28; {2482#true} is VALID [2022-02-20 17:59:44,074 INFO L290 TraceCheckUtils]: 99: Hoare triple {2482#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {2482#true} is VALID [2022-02-20 17:59:44,074 INFO L290 TraceCheckUtils]: 100: Hoare triple {2482#true} assume true; {2482#true} is VALID [2022-02-20 17:59:44,075 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {2482#true} {2483#false} #918#return; {2483#false} is VALID [2022-02-20 17:59:44,075 INFO L290 TraceCheckUtils]: 102: Hoare triple {2483#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret82#1 && __utac_acc__SignForward_spec__1_#t~ret82#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~19#1 := __utac_acc__SignForward_spec__1_#t~ret82#1;havoc __utac_acc__SignForward_spec__1_#t~ret82#1; {2483#false} is VALID [2022-02-20 17:59:44,075 INFO L290 TraceCheckUtils]: 103: Hoare triple {2483#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~19#1;assume { :begin_inline___automaton_fail } true; {2483#false} is VALID [2022-02-20 17:59:44,091 INFO L290 TraceCheckUtils]: 104: Hoare triple {2483#false} assume !false; {2483#false} is VALID [2022-02-20 17:59:44,092 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 26 trivial. 0 not checked. [2022-02-20 17:59:44,092 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:44,092 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1199456250] [2022-02-20 17:59:44,092 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1199456250] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:59:44,093 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [804685436] [2022-02-20 17:59:44,093 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:44,093 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:44,093 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:59:44,094 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:59:44,102 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 17:59:44,389 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:44,393 INFO L263 TraceCheckSpWp]: Trace formula consists of 1017 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 17:59:44,453 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:44,455 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:59:44,712 INFO L290 TraceCheckUtils]: 0: Hoare triple {2482#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(16, 5);call #Ultimate.allocInit(20, 6);call #Ultimate.allocInit(4, 7);call write~init~int(37, 7, 0, 1);call write~init~int(115, 7, 1, 1);call write~init~int(10, 7, 2, 1);call write~init~int(0, 7, 3, 1);call #Ultimate.allocInit(10, 8);call #Ultimate.allocInit(12, 9);call #Ultimate.allocInit(10, 10);call #Ultimate.allocInit(18, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(21, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(16, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(44, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(11, 21);call #Ultimate.allocInit(19, 22);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(100, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(21, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(25, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {2482#true} is VALID [2022-02-20 17:59:44,712 INFO L290 TraceCheckUtils]: 1: Hoare triple {2482#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet67#1, main_#t~ret68#1, main_~retValue_acc~40#1, main_~tmp~17#1;assume -2147483648 <= main_#t~nondet67#1 && main_#t~nondet67#1 <= 2147483647;main_~retValue_acc~40#1 := main_#t~nondet67#1;havoc main_#t~nondet67#1;havoc main_~tmp~17#1;assume { :begin_inline_select_helpers } true; {2482#true} is VALID [2022-02-20 17:59:44,713 INFO L290 TraceCheckUtils]: 2: Hoare triple {2482#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2482#true} is VALID [2022-02-20 17:59:44,713 INFO L290 TraceCheckUtils]: 3: Hoare triple {2482#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {2482#true} is VALID [2022-02-20 17:59:44,713 INFO L290 TraceCheckUtils]: 4: Hoare triple {2482#true} main_#t~ret68#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret68#1 && main_#t~ret68#1 <= 2147483647;main_~tmp~17#1 := main_#t~ret68#1;havoc main_#t~ret68#1; {2482#true} is VALID [2022-02-20 17:59:44,713 INFO L290 TraceCheckUtils]: 5: Hoare triple {2482#true} assume 0 != main_~tmp~17#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet64#1, setup_#t~nondet65#1, setup_#t~nondet66#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2482#true} is VALID [2022-02-20 17:59:44,713 INFO L272 TraceCheckUtils]: 6: Hoare triple {2482#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2482#true} is VALID [2022-02-20 17:59:44,713 INFO L290 TraceCheckUtils]: 7: Hoare triple {2482#true} ~handle := #in~handle;~value := #in~value; {2482#true} is VALID [2022-02-20 17:59:44,714 INFO L290 TraceCheckUtils]: 8: Hoare triple {2482#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2482#true} is VALID [2022-02-20 17:59:44,714 INFO L290 TraceCheckUtils]: 9: Hoare triple {2482#true} assume true; {2482#true} is VALID [2022-02-20 17:59:44,714 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2482#true} {2482#true} #958#return; {2482#true} is VALID [2022-02-20 17:59:44,714 INFO L290 TraceCheckUtils]: 11: Hoare triple {2482#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2482#true} is VALID [2022-02-20 17:59:44,714 INFO L272 TraceCheckUtils]: 12: Hoare triple {2482#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2482#true} is VALID [2022-02-20 17:59:44,715 INFO L290 TraceCheckUtils]: 13: Hoare triple {2482#true} ~handle := #in~handle;~value := #in~value; {2482#true} is VALID [2022-02-20 17:59:44,715 INFO L290 TraceCheckUtils]: 14: Hoare triple {2482#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2482#true} is VALID [2022-02-20 17:59:44,715 INFO L290 TraceCheckUtils]: 15: Hoare triple {2482#true} assume true; {2482#true} is VALID [2022-02-20 17:59:44,715 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2482#true} {2482#true} #960#return; {2482#true} is VALID [2022-02-20 17:59:44,715 INFO L290 TraceCheckUtils]: 17: Hoare triple {2482#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 19, 0;havoc setup_#t~nondet64#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2482#true} is VALID [2022-02-20 17:59:44,715 INFO L272 TraceCheckUtils]: 18: Hoare triple {2482#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2482#true} is VALID [2022-02-20 17:59:44,716 INFO L290 TraceCheckUtils]: 19: Hoare triple {2482#true} ~handle := #in~handle;~value := #in~value; {2482#true} is VALID [2022-02-20 17:59:44,716 INFO L290 TraceCheckUtils]: 20: Hoare triple {2482#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2482#true} is VALID [2022-02-20 17:59:44,716 INFO L290 TraceCheckUtils]: 21: Hoare triple {2482#true} assume true; {2482#true} is VALID [2022-02-20 17:59:44,716 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {2482#true} {2482#true} #962#return; {2482#true} is VALID [2022-02-20 17:59:44,716 INFO L290 TraceCheckUtils]: 23: Hoare triple {2482#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {2482#true} is VALID [2022-02-20 17:59:44,716 INFO L272 TraceCheckUtils]: 24: Hoare triple {2482#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2482#true} is VALID [2022-02-20 17:59:44,717 INFO L290 TraceCheckUtils]: 25: Hoare triple {2482#true} ~handle := #in~handle;~value := #in~value; {2482#true} is VALID [2022-02-20 17:59:44,717 INFO L290 TraceCheckUtils]: 26: Hoare triple {2482#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2482#true} is VALID [2022-02-20 17:59:44,717 INFO L290 TraceCheckUtils]: 27: Hoare triple {2482#true} assume true; {2482#true} is VALID [2022-02-20 17:59:44,717 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2482#true} {2482#true} #964#return; {2482#true} is VALID [2022-02-20 17:59:44,717 INFO L290 TraceCheckUtils]: 29: Hoare triple {2482#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 20, 0;havoc setup_#t~nondet65#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2482#true} is VALID [2022-02-20 17:59:44,717 INFO L272 TraceCheckUtils]: 30: Hoare triple {2482#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2482#true} is VALID [2022-02-20 17:59:44,718 INFO L290 TraceCheckUtils]: 31: Hoare triple {2482#true} ~handle := #in~handle;~value := #in~value; {2482#true} is VALID [2022-02-20 17:59:44,718 INFO L290 TraceCheckUtils]: 32: Hoare triple {2482#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2482#true} is VALID [2022-02-20 17:59:44,718 INFO L290 TraceCheckUtils]: 33: Hoare triple {2482#true} assume true; {2482#true} is VALID [2022-02-20 17:59:44,718 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {2482#true} {2482#true} #966#return; {2482#true} is VALID [2022-02-20 17:59:44,718 INFO L290 TraceCheckUtils]: 35: Hoare triple {2482#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {2482#true} is VALID [2022-02-20 17:59:44,718 INFO L272 TraceCheckUtils]: 36: Hoare triple {2482#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2482#true} is VALID [2022-02-20 17:59:44,719 INFO L290 TraceCheckUtils]: 37: Hoare triple {2482#true} ~handle := #in~handle;~value := #in~value; {2482#true} is VALID [2022-02-20 17:59:44,719 INFO L290 TraceCheckUtils]: 38: Hoare triple {2482#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2482#true} is VALID [2022-02-20 17:59:44,719 INFO L290 TraceCheckUtils]: 39: Hoare triple {2482#true} assume true; {2482#true} is VALID [2022-02-20 17:59:44,719 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2482#true} {2482#true} #968#return; {2482#true} is VALID [2022-02-20 17:59:44,719 INFO L290 TraceCheckUtils]: 41: Hoare triple {2482#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 21, 0;havoc setup_#t~nondet66#1; {2482#true} is VALID [2022-02-20 17:59:44,720 INFO L290 TraceCheckUtils]: 42: Hoare triple {2482#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {2672#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:59:44,720 INFO L290 TraceCheckUtils]: 43: Hoare triple {2672#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {2672#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:59:44,721 INFO L290 TraceCheckUtils]: 44: Hoare triple {2672#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {2483#false} is VALID [2022-02-20 17:59:44,721 INFO L290 TraceCheckUtils]: 45: Hoare triple {2483#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_#t~ret61#1, bobToRjh_#t~ret62#1, bobToRjh_~tmp~16#1, bobToRjh_~tmp___0~7#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~16#1;havoc bobToRjh_~tmp___0~7#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret59#1 := puts(17, 0);assume -2147483648 <= bobToRjh_#t~ret59#1 && bobToRjh_#t~ret59#1 <= 2147483647;havoc bobToRjh_#t~ret59#1; {2483#false} is VALID [2022-02-20 17:59:44,721 INFO L272 TraceCheckUtils]: 46: Hoare triple {2483#false} call sendEmail(~bob~0, ~rjh~0); {2483#false} is VALID [2022-02-20 17:59:44,721 INFO L290 TraceCheckUtils]: 47: Hoare triple {2483#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~39#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~39#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2483#false} is VALID [2022-02-20 17:59:44,721 INFO L272 TraceCheckUtils]: 48: Hoare triple {2483#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2483#false} is VALID [2022-02-20 17:59:44,722 INFO L290 TraceCheckUtils]: 49: Hoare triple {2483#false} ~handle := #in~handle;~value := #in~value; {2483#false} is VALID [2022-02-20 17:59:44,722 INFO L290 TraceCheckUtils]: 50: Hoare triple {2483#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2483#false} is VALID [2022-02-20 17:59:44,722 INFO L290 TraceCheckUtils]: 51: Hoare triple {2483#false} assume true; {2483#false} is VALID [2022-02-20 17:59:44,722 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {2483#false} {2483#false} #946#return; {2483#false} is VALID [2022-02-20 17:59:44,722 INFO L290 TraceCheckUtils]: 53: Hoare triple {2483#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {2483#false} is VALID [2022-02-20 17:59:44,722 INFO L290 TraceCheckUtils]: 54: Hoare triple {2483#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {2483#false} is VALID [2022-02-20 17:59:44,723 INFO L290 TraceCheckUtils]: 55: Hoare triple {2483#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~39#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~39#1; {2483#false} is VALID [2022-02-20 17:59:44,723 INFO L290 TraceCheckUtils]: 56: Hoare triple {2483#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {2483#false} is VALID [2022-02-20 17:59:44,723 INFO L272 TraceCheckUtils]: 57: Hoare triple {2483#false} call outgoing(~sender#1, ~email~0#1); {2483#false} is VALID [2022-02-20 17:59:44,723 INFO L290 TraceCheckUtils]: 58: Hoare triple {2483#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret18#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~6#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~6#1; {2483#false} is VALID [2022-02-20 17:59:44,723 INFO L272 TraceCheckUtils]: 59: Hoare triple {2483#false} call sign_#t~ret18#1 := getClientPrivateKey(sign_~client#1); {2483#false} is VALID [2022-02-20 17:59:44,723 INFO L290 TraceCheckUtils]: 60: Hoare triple {2483#false} ~handle := #in~handle;havoc ~retValue_acc~28; {2483#false} is VALID [2022-02-20 17:59:44,724 INFO L290 TraceCheckUtils]: 61: Hoare triple {2483#false} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {2483#false} is VALID [2022-02-20 17:59:44,724 INFO L290 TraceCheckUtils]: 62: Hoare triple {2483#false} assume true; {2483#false} is VALID [2022-02-20 17:59:44,724 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {2483#false} {2483#false} #904#return; {2483#false} is VALID [2022-02-20 17:59:44,724 INFO L290 TraceCheckUtils]: 64: Hoare triple {2483#false} assume -2147483648 <= sign_#t~ret18#1 && sign_#t~ret18#1 <= 2147483647;sign_~tmp~6#1 := sign_#t~ret18#1;havoc sign_#t~ret18#1;sign_~privkey~1#1 := sign_~tmp~6#1; {2483#false} is VALID [2022-02-20 17:59:44,724 INFO L290 TraceCheckUtils]: 65: Hoare triple {2483#false} assume 0 == sign_~privkey~1#1; {2483#false} is VALID [2022-02-20 17:59:44,724 INFO L290 TraceCheckUtils]: 66: Hoare triple {2483#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret8#1, outgoing__wrappee__Encrypt_#t~ret9#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~2#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~0#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~2#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~0#1; {2483#false} is VALID [2022-02-20 17:59:44,725 INFO L272 TraceCheckUtils]: 67: Hoare triple {2483#false} call outgoing__wrappee__Encrypt_#t~ret8#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {2483#false} is VALID [2022-02-20 17:59:44,725 INFO L290 TraceCheckUtils]: 68: Hoare triple {2483#false} ~handle := #in~handle;havoc ~retValue_acc~11; {2483#false} is VALID [2022-02-20 17:59:44,725 INFO L290 TraceCheckUtils]: 69: Hoare triple {2483#false} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {2483#false} is VALID [2022-02-20 17:59:44,725 INFO L290 TraceCheckUtils]: 70: Hoare triple {2483#false} assume true; {2483#false} is VALID [2022-02-20 17:59:44,725 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {2483#false} {2483#false} #906#return; {2483#false} is VALID [2022-02-20 17:59:44,725 INFO L290 TraceCheckUtils]: 72: Hoare triple {2483#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret8#1 && outgoing__wrappee__Encrypt_#t~ret8#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~2#1 := outgoing__wrappee__Encrypt_#t~ret8#1;havoc outgoing__wrappee__Encrypt_#t~ret8#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~2#1; {2483#false} is VALID [2022-02-20 17:59:44,726 INFO L272 TraceCheckUtils]: 73: Hoare triple {2483#false} call outgoing__wrappee__Encrypt_#t~ret9#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {2483#false} is VALID [2022-02-20 17:59:44,726 INFO L290 TraceCheckUtils]: 74: Hoare triple {2483#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~33; {2483#false} is VALID [2022-02-20 17:59:44,726 INFO L290 TraceCheckUtils]: 75: Hoare triple {2483#false} assume 1 == ~handle; {2483#false} is VALID [2022-02-20 17:59:44,726 INFO L290 TraceCheckUtils]: 76: Hoare triple {2483#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~33 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~33; {2483#false} is VALID [2022-02-20 17:59:44,726 INFO L290 TraceCheckUtils]: 77: Hoare triple {2483#false} assume true; {2483#false} is VALID [2022-02-20 17:59:44,727 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {2483#false} {2483#false} #908#return; {2483#false} is VALID [2022-02-20 17:59:44,727 INFO L290 TraceCheckUtils]: 79: Hoare triple {2483#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret9#1 && outgoing__wrappee__Encrypt_#t~ret9#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~0#1 := outgoing__wrappee__Encrypt_#t~ret9#1;havoc outgoing__wrappee__Encrypt_#t~ret9#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~0#1; {2483#false} is VALID [2022-02-20 17:59:44,727 INFO L290 TraceCheckUtils]: 80: Hoare triple {2483#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {2483#false} is VALID [2022-02-20 17:59:44,727 INFO L290 TraceCheckUtils]: 81: Hoare triple {2483#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret7#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~1#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~35#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~35#1; {2483#false} is VALID [2022-02-20 17:59:44,727 INFO L290 TraceCheckUtils]: 82: Hoare triple {2483#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~35#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~35#1; {2483#false} is VALID [2022-02-20 17:59:44,728 INFO L290 TraceCheckUtils]: 83: Hoare triple {2483#false} outgoing__wrappee__Keys_#t~ret7#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret7#1 && outgoing__wrappee__Keys_#t~ret7#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~1#1 := outgoing__wrappee__Keys_#t~ret7#1;havoc outgoing__wrappee__Keys_#t~ret7#1; {2483#false} is VALID [2022-02-20 17:59:44,728 INFO L272 TraceCheckUtils]: 84: Hoare triple {2483#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~1#1); {2483#false} is VALID [2022-02-20 17:59:44,728 INFO L290 TraceCheckUtils]: 85: Hoare triple {2483#false} ~handle := #in~handle;~value := #in~value; {2483#false} is VALID [2022-02-20 17:59:44,728 INFO L290 TraceCheckUtils]: 86: Hoare triple {2483#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2483#false} is VALID [2022-02-20 17:59:44,728 INFO L290 TraceCheckUtils]: 87: Hoare triple {2483#false} assume true; {2483#false} is VALID [2022-02-20 17:59:44,729 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {2483#false} {2483#false} #914#return; {2483#false} is VALID [2022-02-20 17:59:44,729 INFO L290 TraceCheckUtils]: 89: Hoare triple {2483#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret5#1, mail_#t~ret6#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~0#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret80#1, __utac_acc__SignForward_spec__1_#t~ret81#1, __utac_acc__SignForward_spec__1_#t~ret82#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~19#1, __utac_acc__SignForward_spec__1_~tmp___0~9#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~19#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~9#1;call __utac_acc__SignForward_spec__1_#t~ret80#1 := puts(25, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret80#1 && __utac_acc__SignForward_spec__1_#t~ret80#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret80#1; {2483#false} is VALID [2022-02-20 17:59:44,729 INFO L272 TraceCheckUtils]: 90: Hoare triple {2483#false} call __utac_acc__SignForward_spec__1_#t~ret81#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {2483#false} is VALID [2022-02-20 17:59:44,729 INFO L290 TraceCheckUtils]: 91: Hoare triple {2483#false} ~handle := #in~handle;havoc ~retValue_acc~16; {2483#false} is VALID [2022-02-20 17:59:44,729 INFO L290 TraceCheckUtils]: 92: Hoare triple {2483#false} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~16; {2483#false} is VALID [2022-02-20 17:59:44,729 INFO L290 TraceCheckUtils]: 93: Hoare triple {2483#false} assume true; {2483#false} is VALID [2022-02-20 17:59:44,730 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {2483#false} {2483#false} #916#return; {2483#false} is VALID [2022-02-20 17:59:44,730 INFO L290 TraceCheckUtils]: 95: Hoare triple {2483#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret81#1 && __utac_acc__SignForward_spec__1_#t~ret81#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~9#1 := __utac_acc__SignForward_spec__1_#t~ret81#1;havoc __utac_acc__SignForward_spec__1_#t~ret81#1; {2483#false} is VALID [2022-02-20 17:59:44,730 INFO L290 TraceCheckUtils]: 96: Hoare triple {2483#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~9#1; {2483#false} is VALID [2022-02-20 17:59:44,730 INFO L272 TraceCheckUtils]: 97: Hoare triple {2483#false} call __utac_acc__SignForward_spec__1_#t~ret82#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {2483#false} is VALID [2022-02-20 17:59:44,730 INFO L290 TraceCheckUtils]: 98: Hoare triple {2483#false} ~handle := #in~handle;havoc ~retValue_acc~28; {2483#false} is VALID [2022-02-20 17:59:44,731 INFO L290 TraceCheckUtils]: 99: Hoare triple {2483#false} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {2483#false} is VALID [2022-02-20 17:59:44,731 INFO L290 TraceCheckUtils]: 100: Hoare triple {2483#false} assume true; {2483#false} is VALID [2022-02-20 17:59:44,731 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {2483#false} {2483#false} #918#return; {2483#false} is VALID [2022-02-20 17:59:44,731 INFO L290 TraceCheckUtils]: 102: Hoare triple {2483#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret82#1 && __utac_acc__SignForward_spec__1_#t~ret82#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~19#1 := __utac_acc__SignForward_spec__1_#t~ret82#1;havoc __utac_acc__SignForward_spec__1_#t~ret82#1; {2483#false} is VALID [2022-02-20 17:59:44,731 INFO L290 TraceCheckUtils]: 103: Hoare triple {2483#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~19#1;assume { :begin_inline___automaton_fail } true; {2483#false} is VALID [2022-02-20 17:59:44,731 INFO L290 TraceCheckUtils]: 104: Hoare triple {2483#false} assume !false; {2483#false} is VALID [2022-02-20 17:59:44,732 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 32 trivial. 0 not checked. [2022-02-20 17:59:44,732 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:59:44,732 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [804685436] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:44,732 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:59:44,733 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [8] total 9 [2022-02-20 17:59:44,733 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1166623571] [2022-02-20 17:59:44,733 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:44,734 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 19.666666666666668) internal successors, (59), 3 states have internal predecessors, (59), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) Word has length 105 [2022-02-20 17:59:44,735 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:44,735 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 19.666666666666668) internal successors, (59), 3 states have internal predecessors, (59), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:59:44,799 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 87 edges. 87 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:44,799 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 17:59:44,799 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:44,800 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 17:59:44,800 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:59:44,800 INFO L87 Difference]: Start difference. First operand 320 states and 473 transitions. Second operand has 3 states, 3 states have (on average 19.666666666666668) internal successors, (59), 3 states have internal predecessors, (59), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:59:45,204 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:45,204 INFO L93 Difference]: Finished difference Result 495 states and 713 transitions. [2022-02-20 17:59:45,204 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 17:59:45,205 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 19.666666666666668) internal successors, (59), 3 states have internal predecessors, (59), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) Word has length 105 [2022-02-20 17:59:45,205 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:45,205 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 19.666666666666668) internal successors, (59), 3 states have internal predecessors, (59), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:59:45,250 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 713 transitions. [2022-02-20 17:59:45,250 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 19.666666666666668) internal successors, (59), 3 states have internal predecessors, (59), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:59:45,263 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 713 transitions. [2022-02-20 17:59:45,263 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 713 transitions. [2022-02-20 17:59:45,796 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 713 edges. 713 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:45,808 INFO L225 Difference]: With dead ends: 495 [2022-02-20 17:59:45,808 INFO L226 Difference]: Without dead ends: 323 [2022-02-20 17:59:45,809 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 134 GetRequests, 127 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:59:45,810 INFO L933 BasicCegarLoop]: 471 mSDtfsCounter, 1 mSDsluCounter, 469 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 940 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:45,810 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 940 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:59:45,811 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 323 states. [2022-02-20 17:59:45,837 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 323 to 322. [2022-02-20 17:59:45,837 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:45,838 INFO L82 GeneralOperation]: Start isEquivalent. First operand 323 states. Second operand has 322 states, 249 states have (on average 1.5100401606425702) internal successors, (376), 252 states have internal predecessors, (376), 50 states have call successors, (50), 22 states have call predecessors, (50), 22 states have return successors, (49), 49 states have call predecessors, (49), 49 states have call successors, (49) [2022-02-20 17:59:45,839 INFO L74 IsIncluded]: Start isIncluded. First operand 323 states. Second operand has 322 states, 249 states have (on average 1.5100401606425702) internal successors, (376), 252 states have internal predecessors, (376), 50 states have call successors, (50), 22 states have call predecessors, (50), 22 states have return successors, (49), 49 states have call predecessors, (49), 49 states have call successors, (49) [2022-02-20 17:59:45,840 INFO L87 Difference]: Start difference. First operand 323 states. Second operand has 322 states, 249 states have (on average 1.5100401606425702) internal successors, (376), 252 states have internal predecessors, (376), 50 states have call successors, (50), 22 states have call predecessors, (50), 22 states have return successors, (49), 49 states have call predecessors, (49), 49 states have call successors, (49) [2022-02-20 17:59:45,853 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:45,854 INFO L93 Difference]: Finished difference Result 323 states and 476 transitions. [2022-02-20 17:59:45,854 INFO L276 IsEmpty]: Start isEmpty. Operand 323 states and 476 transitions. [2022-02-20 17:59:45,855 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:45,855 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:45,856 INFO L74 IsIncluded]: Start isIncluded. First operand has 322 states, 249 states have (on average 1.5100401606425702) internal successors, (376), 252 states have internal predecessors, (376), 50 states have call successors, (50), 22 states have call predecessors, (50), 22 states have return successors, (49), 49 states have call predecessors, (49), 49 states have call successors, (49) Second operand 323 states. [2022-02-20 17:59:45,857 INFO L87 Difference]: Start difference. First operand has 322 states, 249 states have (on average 1.5100401606425702) internal successors, (376), 252 states have internal predecessors, (376), 50 states have call successors, (50), 22 states have call predecessors, (50), 22 states have return successors, (49), 49 states have call predecessors, (49), 49 states have call successors, (49) Second operand 323 states. [2022-02-20 17:59:45,871 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:45,871 INFO L93 Difference]: Finished difference Result 323 states and 476 transitions. [2022-02-20 17:59:45,871 INFO L276 IsEmpty]: Start isEmpty. Operand 323 states and 476 transitions. [2022-02-20 17:59:45,873 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:45,873 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:45,873 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:45,873 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:45,874 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 322 states, 249 states have (on average 1.5100401606425702) internal successors, (376), 252 states have internal predecessors, (376), 50 states have call successors, (50), 22 states have call predecessors, (50), 22 states have return successors, (49), 49 states have call predecessors, (49), 49 states have call successors, (49) [2022-02-20 17:59:45,887 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 322 states to 322 states and 475 transitions. [2022-02-20 17:59:45,887 INFO L78 Accepts]: Start accepts. Automaton has 322 states and 475 transitions. Word has length 105 [2022-02-20 17:59:45,888 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:45,888 INFO L470 AbstractCegarLoop]: Abstraction has 322 states and 475 transitions. [2022-02-20 17:59:45,889 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 19.666666666666668) internal successors, (59), 3 states have internal predecessors, (59), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:59:45,889 INFO L276 IsEmpty]: Start isEmpty. Operand 322 states and 475 transitions. [2022-02-20 17:59:45,896 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 112 [2022-02-20 17:59:45,896 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:45,897 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:45,914 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-02-20 17:59:46,099 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable1 [2022-02-20 17:59:46,100 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:46,100 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:46,100 INFO L85 PathProgramCache]: Analyzing trace with hash 120398534, now seen corresponding path program 1 times [2022-02-20 17:59:46,100 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:46,100 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1823168051] [2022-02-20 17:59:46,100 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:46,101 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:46,144 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:46,189 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:59:46,191 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:46,194 INFO L290 TraceCheckUtils]: 0: Hoare triple {4687#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4631#true} is VALID [2022-02-20 17:59:46,194 INFO L290 TraceCheckUtils]: 1: Hoare triple {4631#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4631#true} is VALID [2022-02-20 17:59:46,194 INFO L290 TraceCheckUtils]: 2: Hoare triple {4631#true} assume true; {4631#true} is VALID [2022-02-20 17:59:46,194 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4631#true} {4631#true} #958#return; {4631#true} is VALID [2022-02-20 17:59:46,201 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:59:46,202 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:46,205 INFO L290 TraceCheckUtils]: 0: Hoare triple {4688#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4631#true} is VALID [2022-02-20 17:59:46,206 INFO L290 TraceCheckUtils]: 1: Hoare triple {4631#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4631#true} is VALID [2022-02-20 17:59:46,206 INFO L290 TraceCheckUtils]: 2: Hoare triple {4631#true} assume true; {4631#true} is VALID [2022-02-20 17:59:46,206 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4631#true} {4631#true} #960#return; {4631#true} is VALID [2022-02-20 17:59:46,206 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:46,209 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:46,228 INFO L290 TraceCheckUtils]: 0: Hoare triple {4687#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4689#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:46,229 INFO L290 TraceCheckUtils]: 1: Hoare triple {4689#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4690#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:46,230 INFO L290 TraceCheckUtils]: 2: Hoare triple {4690#(= |setClientId_#in~handle| 1)} assume true; {4690#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:46,231 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4690#(= |setClientId_#in~handle| 1)} {4641#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #962#return; {4632#false} is VALID [2022-02-20 17:59:46,231 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:59:46,233 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:46,236 INFO L290 TraceCheckUtils]: 0: Hoare triple {4688#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4631#true} is VALID [2022-02-20 17:59:46,236 INFO L290 TraceCheckUtils]: 1: Hoare triple {4631#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4631#true} is VALID [2022-02-20 17:59:46,236 INFO L290 TraceCheckUtils]: 2: Hoare triple {4631#true} assume true; {4631#true} is VALID [2022-02-20 17:59:46,236 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4631#true} {4632#false} #964#return; {4632#false} is VALID [2022-02-20 17:59:46,236 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:59:46,239 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:46,244 INFO L290 TraceCheckUtils]: 0: Hoare triple {4687#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4631#true} is VALID [2022-02-20 17:59:46,244 INFO L290 TraceCheckUtils]: 1: Hoare triple {4631#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4631#true} is VALID [2022-02-20 17:59:46,244 INFO L290 TraceCheckUtils]: 2: Hoare triple {4631#true} assume true; {4631#true} is VALID [2022-02-20 17:59:46,245 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4631#true} {4632#false} #966#return; {4632#false} is VALID [2022-02-20 17:59:46,245 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:59:46,247 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:46,250 INFO L290 TraceCheckUtils]: 0: Hoare triple {4688#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4631#true} is VALID [2022-02-20 17:59:46,250 INFO L290 TraceCheckUtils]: 1: Hoare triple {4631#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4631#true} is VALID [2022-02-20 17:59:46,250 INFO L290 TraceCheckUtils]: 2: Hoare triple {4631#true} assume true; {4631#true} is VALID [2022-02-20 17:59:46,250 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4631#true} {4632#false} #968#return; {4632#false} is VALID [2022-02-20 17:59:46,258 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 54 [2022-02-20 17:59:46,259 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:46,261 INFO L290 TraceCheckUtils]: 0: Hoare triple {4691#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4631#true} is VALID [2022-02-20 17:59:46,262 INFO L290 TraceCheckUtils]: 1: Hoare triple {4631#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4631#true} is VALID [2022-02-20 17:59:46,262 INFO L290 TraceCheckUtils]: 2: Hoare triple {4631#true} assume true; {4631#true} is VALID [2022-02-20 17:59:46,262 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4631#true} {4632#false} #946#return; {4632#false} is VALID [2022-02-20 17:59:46,262 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65 [2022-02-20 17:59:46,263 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:46,265 INFO L290 TraceCheckUtils]: 0: Hoare triple {4631#true} ~handle := #in~handle;havoc ~retValue_acc~28; {4631#true} is VALID [2022-02-20 17:59:46,265 INFO L290 TraceCheckUtils]: 1: Hoare triple {4631#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {4631#true} is VALID [2022-02-20 17:59:46,265 INFO L290 TraceCheckUtils]: 2: Hoare triple {4631#true} assume true; {4631#true} is VALID [2022-02-20 17:59:46,266 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4631#true} {4632#false} #904#return; {4632#false} is VALID [2022-02-20 17:59:46,266 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 73 [2022-02-20 17:59:46,267 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:46,269 INFO L290 TraceCheckUtils]: 0: Hoare triple {4631#true} ~handle := #in~handle;havoc ~retValue_acc~11; {4631#true} is VALID [2022-02-20 17:59:46,269 INFO L290 TraceCheckUtils]: 1: Hoare triple {4631#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {4631#true} is VALID [2022-02-20 17:59:46,269 INFO L290 TraceCheckUtils]: 2: Hoare triple {4631#true} assume true; {4631#true} is VALID [2022-02-20 17:59:46,269 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4631#true} {4632#false} #906#return; {4632#false} is VALID [2022-02-20 17:59:46,270 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 17:59:46,271 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:46,273 INFO L290 TraceCheckUtils]: 0: Hoare triple {4631#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~33; {4631#true} is VALID [2022-02-20 17:59:46,273 INFO L290 TraceCheckUtils]: 1: Hoare triple {4631#true} assume 1 == ~handle; {4631#true} is VALID [2022-02-20 17:59:46,273 INFO L290 TraceCheckUtils]: 2: Hoare triple {4631#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~33 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~33; {4631#true} is VALID [2022-02-20 17:59:46,273 INFO L290 TraceCheckUtils]: 3: Hoare triple {4631#true} assume true; {4631#true} is VALID [2022-02-20 17:59:46,273 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {4631#true} {4632#false} #908#return; {4632#false} is VALID [2022-02-20 17:59:46,274 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90 [2022-02-20 17:59:46,275 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:46,277 INFO L290 TraceCheckUtils]: 0: Hoare triple {4691#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4631#true} is VALID [2022-02-20 17:59:46,277 INFO L290 TraceCheckUtils]: 1: Hoare triple {4631#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4631#true} is VALID [2022-02-20 17:59:46,277 INFO L290 TraceCheckUtils]: 2: Hoare triple {4631#true} assume true; {4631#true} is VALID [2022-02-20 17:59:46,277 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4631#true} {4632#false} #914#return; {4632#false} is VALID [2022-02-20 17:59:46,278 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 17:59:46,279 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:46,281 INFO L290 TraceCheckUtils]: 0: Hoare triple {4631#true} ~handle := #in~handle;havoc ~retValue_acc~16; {4631#true} is VALID [2022-02-20 17:59:46,281 INFO L290 TraceCheckUtils]: 1: Hoare triple {4631#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~16; {4631#true} is VALID [2022-02-20 17:59:46,281 INFO L290 TraceCheckUtils]: 2: Hoare triple {4631#true} assume true; {4631#true} is VALID [2022-02-20 17:59:46,281 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4631#true} {4632#false} #916#return; {4632#false} is VALID [2022-02-20 17:59:46,281 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-02-20 17:59:46,282 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:46,284 INFO L290 TraceCheckUtils]: 0: Hoare triple {4631#true} ~handle := #in~handle;havoc ~retValue_acc~28; {4631#true} is VALID [2022-02-20 17:59:46,285 INFO L290 TraceCheckUtils]: 1: Hoare triple {4631#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {4631#true} is VALID [2022-02-20 17:59:46,285 INFO L290 TraceCheckUtils]: 2: Hoare triple {4631#true} assume true; {4631#true} is VALID [2022-02-20 17:59:46,285 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4631#true} {4632#false} #918#return; {4632#false} is VALID [2022-02-20 17:59:46,285 INFO L290 TraceCheckUtils]: 0: Hoare triple {4631#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(16, 5);call #Ultimate.allocInit(20, 6);call #Ultimate.allocInit(4, 7);call write~init~int(37, 7, 0, 1);call write~init~int(115, 7, 1, 1);call write~init~int(10, 7, 2, 1);call write~init~int(0, 7, 3, 1);call #Ultimate.allocInit(10, 8);call #Ultimate.allocInit(12, 9);call #Ultimate.allocInit(10, 10);call #Ultimate.allocInit(18, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(21, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(16, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(44, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(11, 21);call #Ultimate.allocInit(19, 22);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(100, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(21, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(25, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {4631#true} is VALID [2022-02-20 17:59:46,285 INFO L290 TraceCheckUtils]: 1: Hoare triple {4631#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet67#1, main_#t~ret68#1, main_~retValue_acc~40#1, main_~tmp~17#1;assume -2147483648 <= main_#t~nondet67#1 && main_#t~nondet67#1 <= 2147483647;main_~retValue_acc~40#1 := main_#t~nondet67#1;havoc main_#t~nondet67#1;havoc main_~tmp~17#1;assume { :begin_inline_select_helpers } true; {4631#true} is VALID [2022-02-20 17:59:46,285 INFO L290 TraceCheckUtils]: 2: Hoare triple {4631#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {4631#true} is VALID [2022-02-20 17:59:46,286 INFO L290 TraceCheckUtils]: 3: Hoare triple {4631#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {4631#true} is VALID [2022-02-20 17:59:46,286 INFO L290 TraceCheckUtils]: 4: Hoare triple {4631#true} main_#t~ret68#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret68#1 && main_#t~ret68#1 <= 2147483647;main_~tmp~17#1 := main_#t~ret68#1;havoc main_#t~ret68#1; {4631#true} is VALID [2022-02-20 17:59:46,286 INFO L290 TraceCheckUtils]: 5: Hoare triple {4631#true} assume 0 != main_~tmp~17#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet64#1, setup_#t~nondet65#1, setup_#t~nondet66#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {4631#true} is VALID [2022-02-20 17:59:46,287 INFO L272 TraceCheckUtils]: 6: Hoare triple {4631#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {4687#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:46,287 INFO L290 TraceCheckUtils]: 7: Hoare triple {4687#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4631#true} is VALID [2022-02-20 17:59:46,287 INFO L290 TraceCheckUtils]: 8: Hoare triple {4631#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4631#true} is VALID [2022-02-20 17:59:46,287 INFO L290 TraceCheckUtils]: 9: Hoare triple {4631#true} assume true; {4631#true} is VALID [2022-02-20 17:59:46,288 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {4631#true} {4631#true} #958#return; {4631#true} is VALID [2022-02-20 17:59:46,288 INFO L290 TraceCheckUtils]: 11: Hoare triple {4631#true} assume { :end_inline_setup_bob__wrappee__Base } true; {4631#true} is VALID [2022-02-20 17:59:46,288 INFO L272 TraceCheckUtils]: 12: Hoare triple {4631#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {4688#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:46,289 INFO L290 TraceCheckUtils]: 13: Hoare triple {4688#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4631#true} is VALID [2022-02-20 17:59:46,289 INFO L290 TraceCheckUtils]: 14: Hoare triple {4631#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4631#true} is VALID [2022-02-20 17:59:46,289 INFO L290 TraceCheckUtils]: 15: Hoare triple {4631#true} assume true; {4631#true} is VALID [2022-02-20 17:59:46,289 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {4631#true} {4631#true} #960#return; {4631#true} is VALID [2022-02-20 17:59:46,290 INFO L290 TraceCheckUtils]: 17: Hoare triple {4631#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 19, 0;havoc setup_#t~nondet64#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {4641#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:59:46,290 INFO L272 TraceCheckUtils]: 18: Hoare triple {4641#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {4687#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:46,291 INFO L290 TraceCheckUtils]: 19: Hoare triple {4687#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4689#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:46,291 INFO L290 TraceCheckUtils]: 20: Hoare triple {4689#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4690#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:46,292 INFO L290 TraceCheckUtils]: 21: Hoare triple {4690#(= |setClientId_#in~handle| 1)} assume true; {4690#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:46,292 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {4690#(= |setClientId_#in~handle| 1)} {4641#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #962#return; {4632#false} is VALID [2022-02-20 17:59:46,292 INFO L290 TraceCheckUtils]: 23: Hoare triple {4632#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {4632#false} is VALID [2022-02-20 17:59:46,293 INFO L272 TraceCheckUtils]: 24: Hoare triple {4632#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {4688#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:46,293 INFO L290 TraceCheckUtils]: 25: Hoare triple {4688#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4631#true} is VALID [2022-02-20 17:59:46,293 INFO L290 TraceCheckUtils]: 26: Hoare triple {4631#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4631#true} is VALID [2022-02-20 17:59:46,293 INFO L290 TraceCheckUtils]: 27: Hoare triple {4631#true} assume true; {4631#true} is VALID [2022-02-20 17:59:46,293 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {4631#true} {4632#false} #964#return; {4632#false} is VALID [2022-02-20 17:59:46,293 INFO L290 TraceCheckUtils]: 29: Hoare triple {4632#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 20, 0;havoc setup_#t~nondet65#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {4632#false} is VALID [2022-02-20 17:59:46,294 INFO L272 TraceCheckUtils]: 30: Hoare triple {4632#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {4687#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:46,294 INFO L290 TraceCheckUtils]: 31: Hoare triple {4687#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4631#true} is VALID [2022-02-20 17:59:46,294 INFO L290 TraceCheckUtils]: 32: Hoare triple {4631#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4631#true} is VALID [2022-02-20 17:59:46,294 INFO L290 TraceCheckUtils]: 33: Hoare triple {4631#true} assume true; {4631#true} is VALID [2022-02-20 17:59:46,294 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {4631#true} {4632#false} #966#return; {4632#false} is VALID [2022-02-20 17:59:46,294 INFO L290 TraceCheckUtils]: 35: Hoare triple {4632#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {4632#false} is VALID [2022-02-20 17:59:46,295 INFO L272 TraceCheckUtils]: 36: Hoare triple {4632#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {4688#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:46,295 INFO L290 TraceCheckUtils]: 37: Hoare triple {4688#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4631#true} is VALID [2022-02-20 17:59:46,295 INFO L290 TraceCheckUtils]: 38: Hoare triple {4631#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4631#true} is VALID [2022-02-20 17:59:46,295 INFO L290 TraceCheckUtils]: 39: Hoare triple {4631#true} assume true; {4631#true} is VALID [2022-02-20 17:59:46,295 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {4631#true} {4632#false} #968#return; {4632#false} is VALID [2022-02-20 17:59:46,295 INFO L290 TraceCheckUtils]: 41: Hoare triple {4632#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 21, 0;havoc setup_#t~nondet66#1; {4632#false} is VALID [2022-02-20 17:59:46,296 INFO L290 TraceCheckUtils]: 42: Hoare triple {4632#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {4632#false} is VALID [2022-02-20 17:59:46,296 INFO L290 TraceCheckUtils]: 43: Hoare triple {4632#false} assume !false; {4632#false} is VALID [2022-02-20 17:59:46,296 INFO L290 TraceCheckUtils]: 44: Hoare triple {4632#false} assume test_~splverifierCounter~0#1 < 4; {4632#false} is VALID [2022-02-20 17:59:46,296 INFO L290 TraceCheckUtils]: 45: Hoare triple {4632#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {4632#false} is VALID [2022-02-20 17:59:46,296 INFO L290 TraceCheckUtils]: 46: Hoare triple {4632#false} assume !(0 == test_~op1~0#1); {4632#false} is VALID [2022-02-20 17:59:46,296 INFO L290 TraceCheckUtils]: 47: Hoare triple {4632#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet27#1 && test_#t~nondet27#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet27#1;havoc test_#t~nondet27#1; {4632#false} is VALID [2022-02-20 17:59:46,297 INFO L290 TraceCheckUtils]: 48: Hoare triple {4632#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {4632#false} is VALID [2022-02-20 17:59:46,297 INFO L290 TraceCheckUtils]: 49: Hoare triple {4632#false} assume !false; {4632#false} is VALID [2022-02-20 17:59:46,300 INFO L290 TraceCheckUtils]: 50: Hoare triple {4632#false} assume !(test_~splverifierCounter~0#1 < 4); {4632#false} is VALID [2022-02-20 17:59:46,302 INFO L290 TraceCheckUtils]: 51: Hoare triple {4632#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_#t~ret61#1, bobToRjh_#t~ret62#1, bobToRjh_~tmp~16#1, bobToRjh_~tmp___0~7#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~16#1;havoc bobToRjh_~tmp___0~7#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret59#1 := puts(17, 0);assume -2147483648 <= bobToRjh_#t~ret59#1 && bobToRjh_#t~ret59#1 <= 2147483647;havoc bobToRjh_#t~ret59#1; {4632#false} is VALID [2022-02-20 17:59:46,302 INFO L272 TraceCheckUtils]: 52: Hoare triple {4632#false} call sendEmail(~bob~0, ~rjh~0); {4632#false} is VALID [2022-02-20 17:59:46,302 INFO L290 TraceCheckUtils]: 53: Hoare triple {4632#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~39#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~39#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {4632#false} is VALID [2022-02-20 17:59:46,303 INFO L272 TraceCheckUtils]: 54: Hoare triple {4632#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {4691#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:46,303 INFO L290 TraceCheckUtils]: 55: Hoare triple {4691#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4631#true} is VALID [2022-02-20 17:59:46,303 INFO L290 TraceCheckUtils]: 56: Hoare triple {4631#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4631#true} is VALID [2022-02-20 17:59:46,303 INFO L290 TraceCheckUtils]: 57: Hoare triple {4631#true} assume true; {4631#true} is VALID [2022-02-20 17:59:46,303 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {4631#true} {4632#false} #946#return; {4632#false} is VALID [2022-02-20 17:59:46,303 INFO L290 TraceCheckUtils]: 59: Hoare triple {4632#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {4632#false} is VALID [2022-02-20 17:59:46,306 INFO L290 TraceCheckUtils]: 60: Hoare triple {4632#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {4632#false} is VALID [2022-02-20 17:59:46,307 INFO L290 TraceCheckUtils]: 61: Hoare triple {4632#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~39#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~39#1; {4632#false} is VALID [2022-02-20 17:59:46,307 INFO L290 TraceCheckUtils]: 62: Hoare triple {4632#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {4632#false} is VALID [2022-02-20 17:59:46,307 INFO L272 TraceCheckUtils]: 63: Hoare triple {4632#false} call outgoing(~sender#1, ~email~0#1); {4632#false} is VALID [2022-02-20 17:59:46,307 INFO L290 TraceCheckUtils]: 64: Hoare triple {4632#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret18#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~6#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~6#1; {4632#false} is VALID [2022-02-20 17:59:46,307 INFO L272 TraceCheckUtils]: 65: Hoare triple {4632#false} call sign_#t~ret18#1 := getClientPrivateKey(sign_~client#1); {4631#true} is VALID [2022-02-20 17:59:46,307 INFO L290 TraceCheckUtils]: 66: Hoare triple {4631#true} ~handle := #in~handle;havoc ~retValue_acc~28; {4631#true} is VALID [2022-02-20 17:59:46,307 INFO L290 TraceCheckUtils]: 67: Hoare triple {4631#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {4631#true} is VALID [2022-02-20 17:59:46,307 INFO L290 TraceCheckUtils]: 68: Hoare triple {4631#true} assume true; {4631#true} is VALID [2022-02-20 17:59:46,308 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {4631#true} {4632#false} #904#return; {4632#false} is VALID [2022-02-20 17:59:46,308 INFO L290 TraceCheckUtils]: 70: Hoare triple {4632#false} assume -2147483648 <= sign_#t~ret18#1 && sign_#t~ret18#1 <= 2147483647;sign_~tmp~6#1 := sign_#t~ret18#1;havoc sign_#t~ret18#1;sign_~privkey~1#1 := sign_~tmp~6#1; {4632#false} is VALID [2022-02-20 17:59:46,308 INFO L290 TraceCheckUtils]: 71: Hoare triple {4632#false} assume 0 == sign_~privkey~1#1; {4632#false} is VALID [2022-02-20 17:59:46,308 INFO L290 TraceCheckUtils]: 72: Hoare triple {4632#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret8#1, outgoing__wrappee__Encrypt_#t~ret9#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~2#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~0#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~2#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~0#1; {4632#false} is VALID [2022-02-20 17:59:46,308 INFO L272 TraceCheckUtils]: 73: Hoare triple {4632#false} call outgoing__wrappee__Encrypt_#t~ret8#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {4631#true} is VALID [2022-02-20 17:59:46,308 INFO L290 TraceCheckUtils]: 74: Hoare triple {4631#true} ~handle := #in~handle;havoc ~retValue_acc~11; {4631#true} is VALID [2022-02-20 17:59:46,308 INFO L290 TraceCheckUtils]: 75: Hoare triple {4631#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {4631#true} is VALID [2022-02-20 17:59:46,308 INFO L290 TraceCheckUtils]: 76: Hoare triple {4631#true} assume true; {4631#true} is VALID [2022-02-20 17:59:46,308 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {4631#true} {4632#false} #906#return; {4632#false} is VALID [2022-02-20 17:59:46,309 INFO L290 TraceCheckUtils]: 78: Hoare triple {4632#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret8#1 && outgoing__wrappee__Encrypt_#t~ret8#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~2#1 := outgoing__wrappee__Encrypt_#t~ret8#1;havoc outgoing__wrappee__Encrypt_#t~ret8#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~2#1; {4632#false} is VALID [2022-02-20 17:59:46,309 INFO L272 TraceCheckUtils]: 79: Hoare triple {4632#false} call outgoing__wrappee__Encrypt_#t~ret9#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {4631#true} is VALID [2022-02-20 17:59:46,309 INFO L290 TraceCheckUtils]: 80: Hoare triple {4631#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~33; {4631#true} is VALID [2022-02-20 17:59:46,309 INFO L290 TraceCheckUtils]: 81: Hoare triple {4631#true} assume 1 == ~handle; {4631#true} is VALID [2022-02-20 17:59:46,309 INFO L290 TraceCheckUtils]: 82: Hoare triple {4631#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~33 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~33; {4631#true} is VALID [2022-02-20 17:59:46,309 INFO L290 TraceCheckUtils]: 83: Hoare triple {4631#true} assume true; {4631#true} is VALID [2022-02-20 17:59:46,312 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {4631#true} {4632#false} #908#return; {4632#false} is VALID [2022-02-20 17:59:46,312 INFO L290 TraceCheckUtils]: 85: Hoare triple {4632#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret9#1 && outgoing__wrappee__Encrypt_#t~ret9#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~0#1 := outgoing__wrappee__Encrypt_#t~ret9#1;havoc outgoing__wrappee__Encrypt_#t~ret9#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~0#1; {4632#false} is VALID [2022-02-20 17:59:46,312 INFO L290 TraceCheckUtils]: 86: Hoare triple {4632#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {4632#false} is VALID [2022-02-20 17:59:46,312 INFO L290 TraceCheckUtils]: 87: Hoare triple {4632#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret7#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~1#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~35#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~35#1; {4632#false} is VALID [2022-02-20 17:59:46,312 INFO L290 TraceCheckUtils]: 88: Hoare triple {4632#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~35#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~35#1; {4632#false} is VALID [2022-02-20 17:59:46,312 INFO L290 TraceCheckUtils]: 89: Hoare triple {4632#false} outgoing__wrappee__Keys_#t~ret7#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret7#1 && outgoing__wrappee__Keys_#t~ret7#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~1#1 := outgoing__wrappee__Keys_#t~ret7#1;havoc outgoing__wrappee__Keys_#t~ret7#1; {4632#false} is VALID [2022-02-20 17:59:46,312 INFO L272 TraceCheckUtils]: 90: Hoare triple {4632#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~1#1); {4691#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:46,312 INFO L290 TraceCheckUtils]: 91: Hoare triple {4691#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4631#true} is VALID [2022-02-20 17:59:46,312 INFO L290 TraceCheckUtils]: 92: Hoare triple {4631#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4631#true} is VALID [2022-02-20 17:59:46,313 INFO L290 TraceCheckUtils]: 93: Hoare triple {4631#true} assume true; {4631#true} is VALID [2022-02-20 17:59:46,313 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {4631#true} {4632#false} #914#return; {4632#false} is VALID [2022-02-20 17:59:46,313 INFO L290 TraceCheckUtils]: 95: Hoare triple {4632#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret5#1, mail_#t~ret6#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~0#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret80#1, __utac_acc__SignForward_spec__1_#t~ret81#1, __utac_acc__SignForward_spec__1_#t~ret82#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~19#1, __utac_acc__SignForward_spec__1_~tmp___0~9#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~19#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~9#1;call __utac_acc__SignForward_spec__1_#t~ret80#1 := puts(25, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret80#1 && __utac_acc__SignForward_spec__1_#t~ret80#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret80#1; {4632#false} is VALID [2022-02-20 17:59:46,313 INFO L272 TraceCheckUtils]: 96: Hoare triple {4632#false} call __utac_acc__SignForward_spec__1_#t~ret81#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {4631#true} is VALID [2022-02-20 17:59:46,313 INFO L290 TraceCheckUtils]: 97: Hoare triple {4631#true} ~handle := #in~handle;havoc ~retValue_acc~16; {4631#true} is VALID [2022-02-20 17:59:46,313 INFO L290 TraceCheckUtils]: 98: Hoare triple {4631#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~16; {4631#true} is VALID [2022-02-20 17:59:46,313 INFO L290 TraceCheckUtils]: 99: Hoare triple {4631#true} assume true; {4631#true} is VALID [2022-02-20 17:59:46,313 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {4631#true} {4632#false} #916#return; {4632#false} is VALID [2022-02-20 17:59:46,313 INFO L290 TraceCheckUtils]: 101: Hoare triple {4632#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret81#1 && __utac_acc__SignForward_spec__1_#t~ret81#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~9#1 := __utac_acc__SignForward_spec__1_#t~ret81#1;havoc __utac_acc__SignForward_spec__1_#t~ret81#1; {4632#false} is VALID [2022-02-20 17:59:46,314 INFO L290 TraceCheckUtils]: 102: Hoare triple {4632#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~9#1; {4632#false} is VALID [2022-02-20 17:59:46,314 INFO L272 TraceCheckUtils]: 103: Hoare triple {4632#false} call __utac_acc__SignForward_spec__1_#t~ret82#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {4631#true} is VALID [2022-02-20 17:59:46,314 INFO L290 TraceCheckUtils]: 104: Hoare triple {4631#true} ~handle := #in~handle;havoc ~retValue_acc~28; {4631#true} is VALID [2022-02-20 17:59:46,314 INFO L290 TraceCheckUtils]: 105: Hoare triple {4631#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {4631#true} is VALID [2022-02-20 17:59:46,314 INFO L290 TraceCheckUtils]: 106: Hoare triple {4631#true} assume true; {4631#true} is VALID [2022-02-20 17:59:46,314 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {4631#true} {4632#false} #918#return; {4632#false} is VALID [2022-02-20 17:59:46,314 INFO L290 TraceCheckUtils]: 108: Hoare triple {4632#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret82#1 && __utac_acc__SignForward_spec__1_#t~ret82#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~19#1 := __utac_acc__SignForward_spec__1_#t~ret82#1;havoc __utac_acc__SignForward_spec__1_#t~ret82#1; {4632#false} is VALID [2022-02-20 17:59:46,314 INFO L290 TraceCheckUtils]: 109: Hoare triple {4632#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~19#1;assume { :begin_inline___automaton_fail } true; {4632#false} is VALID [2022-02-20 17:59:46,314 INFO L290 TraceCheckUtils]: 110: Hoare triple {4632#false} assume !false; {4632#false} is VALID [2022-02-20 17:59:46,315 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 17:59:46,315 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:46,315 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1823168051] [2022-02-20 17:59:46,317 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1823168051] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:59:46,317 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [40453804] [2022-02-20 17:59:46,317 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:46,317 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:46,317 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:59:46,319 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:59:46,321 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-02-20 17:59:46,567 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:46,570 INFO L263 TraceCheckSpWp]: Trace formula consists of 1031 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 17:59:46,611 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:46,613 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:59:46,882 INFO L290 TraceCheckUtils]: 0: Hoare triple {4631#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(16, 5);call #Ultimate.allocInit(20, 6);call #Ultimate.allocInit(4, 7);call write~init~int(37, 7, 0, 1);call write~init~int(115, 7, 1, 1);call write~init~int(10, 7, 2, 1);call write~init~int(0, 7, 3, 1);call #Ultimate.allocInit(10, 8);call #Ultimate.allocInit(12, 9);call #Ultimate.allocInit(10, 10);call #Ultimate.allocInit(18, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(21, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(16, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(44, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(11, 21);call #Ultimate.allocInit(19, 22);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(100, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(21, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(25, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {4631#true} is VALID [2022-02-20 17:59:46,882 INFO L290 TraceCheckUtils]: 1: Hoare triple {4631#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet67#1, main_#t~ret68#1, main_~retValue_acc~40#1, main_~tmp~17#1;assume -2147483648 <= main_#t~nondet67#1 && main_#t~nondet67#1 <= 2147483647;main_~retValue_acc~40#1 := main_#t~nondet67#1;havoc main_#t~nondet67#1;havoc main_~tmp~17#1;assume { :begin_inline_select_helpers } true; {4631#true} is VALID [2022-02-20 17:59:46,882 INFO L290 TraceCheckUtils]: 2: Hoare triple {4631#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {4631#true} is VALID [2022-02-20 17:59:46,882 INFO L290 TraceCheckUtils]: 3: Hoare triple {4631#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {4631#true} is VALID [2022-02-20 17:59:46,882 INFO L290 TraceCheckUtils]: 4: Hoare triple {4631#true} main_#t~ret68#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret68#1 && main_#t~ret68#1 <= 2147483647;main_~tmp~17#1 := main_#t~ret68#1;havoc main_#t~ret68#1; {4631#true} is VALID [2022-02-20 17:59:46,883 INFO L290 TraceCheckUtils]: 5: Hoare triple {4631#true} assume 0 != main_~tmp~17#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet64#1, setup_#t~nondet65#1, setup_#t~nondet66#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {4631#true} is VALID [2022-02-20 17:59:46,883 INFO L272 TraceCheckUtils]: 6: Hoare triple {4631#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {4631#true} is VALID [2022-02-20 17:59:46,883 INFO L290 TraceCheckUtils]: 7: Hoare triple {4631#true} ~handle := #in~handle;~value := #in~value; {4631#true} is VALID [2022-02-20 17:59:46,883 INFO L290 TraceCheckUtils]: 8: Hoare triple {4631#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4631#true} is VALID [2022-02-20 17:59:46,883 INFO L290 TraceCheckUtils]: 9: Hoare triple {4631#true} assume true; {4631#true} is VALID [2022-02-20 17:59:46,884 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {4631#true} {4631#true} #958#return; {4631#true} is VALID [2022-02-20 17:59:46,884 INFO L290 TraceCheckUtils]: 11: Hoare triple {4631#true} assume { :end_inline_setup_bob__wrappee__Base } true; {4631#true} is VALID [2022-02-20 17:59:46,884 INFO L272 TraceCheckUtils]: 12: Hoare triple {4631#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {4631#true} is VALID [2022-02-20 17:59:46,884 INFO L290 TraceCheckUtils]: 13: Hoare triple {4631#true} ~handle := #in~handle;~value := #in~value; {4631#true} is VALID [2022-02-20 17:59:46,884 INFO L290 TraceCheckUtils]: 14: Hoare triple {4631#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4631#true} is VALID [2022-02-20 17:59:46,884 INFO L290 TraceCheckUtils]: 15: Hoare triple {4631#true} assume true; {4631#true} is VALID [2022-02-20 17:59:46,885 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {4631#true} {4631#true} #960#return; {4631#true} is VALID [2022-02-20 17:59:46,885 INFO L290 TraceCheckUtils]: 17: Hoare triple {4631#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 19, 0;havoc setup_#t~nondet64#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {4631#true} is VALID [2022-02-20 17:59:46,885 INFO L272 TraceCheckUtils]: 18: Hoare triple {4631#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {4631#true} is VALID [2022-02-20 17:59:46,885 INFO L290 TraceCheckUtils]: 19: Hoare triple {4631#true} ~handle := #in~handle;~value := #in~value; {4631#true} is VALID [2022-02-20 17:59:46,885 INFO L290 TraceCheckUtils]: 20: Hoare triple {4631#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4631#true} is VALID [2022-02-20 17:59:46,885 INFO L290 TraceCheckUtils]: 21: Hoare triple {4631#true} assume true; {4631#true} is VALID [2022-02-20 17:59:46,885 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {4631#true} {4631#true} #962#return; {4631#true} is VALID [2022-02-20 17:59:46,886 INFO L290 TraceCheckUtils]: 23: Hoare triple {4631#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {4631#true} is VALID [2022-02-20 17:59:46,886 INFO L272 TraceCheckUtils]: 24: Hoare triple {4631#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {4631#true} is VALID [2022-02-20 17:59:46,886 INFO L290 TraceCheckUtils]: 25: Hoare triple {4631#true} ~handle := #in~handle;~value := #in~value; {4631#true} is VALID [2022-02-20 17:59:46,886 INFO L290 TraceCheckUtils]: 26: Hoare triple {4631#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4631#true} is VALID [2022-02-20 17:59:46,886 INFO L290 TraceCheckUtils]: 27: Hoare triple {4631#true} assume true; {4631#true} is VALID [2022-02-20 17:59:46,886 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {4631#true} {4631#true} #964#return; {4631#true} is VALID [2022-02-20 17:59:46,887 INFO L290 TraceCheckUtils]: 29: Hoare triple {4631#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 20, 0;havoc setup_#t~nondet65#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {4631#true} is VALID [2022-02-20 17:59:46,887 INFO L272 TraceCheckUtils]: 30: Hoare triple {4631#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {4631#true} is VALID [2022-02-20 17:59:46,887 INFO L290 TraceCheckUtils]: 31: Hoare triple {4631#true} ~handle := #in~handle;~value := #in~value; {4631#true} is VALID [2022-02-20 17:59:46,887 INFO L290 TraceCheckUtils]: 32: Hoare triple {4631#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4631#true} is VALID [2022-02-20 17:59:46,887 INFO L290 TraceCheckUtils]: 33: Hoare triple {4631#true} assume true; {4631#true} is VALID [2022-02-20 17:59:46,887 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {4631#true} {4631#true} #966#return; {4631#true} is VALID [2022-02-20 17:59:46,887 INFO L290 TraceCheckUtils]: 35: Hoare triple {4631#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {4631#true} is VALID [2022-02-20 17:59:46,888 INFO L272 TraceCheckUtils]: 36: Hoare triple {4631#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {4631#true} is VALID [2022-02-20 17:59:46,888 INFO L290 TraceCheckUtils]: 37: Hoare triple {4631#true} ~handle := #in~handle;~value := #in~value; {4631#true} is VALID [2022-02-20 17:59:46,888 INFO L290 TraceCheckUtils]: 38: Hoare triple {4631#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4631#true} is VALID [2022-02-20 17:59:46,888 INFO L290 TraceCheckUtils]: 39: Hoare triple {4631#true} assume true; {4631#true} is VALID [2022-02-20 17:59:46,888 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {4631#true} {4631#true} #968#return; {4631#true} is VALID [2022-02-20 17:59:46,888 INFO L290 TraceCheckUtils]: 41: Hoare triple {4631#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 21, 0;havoc setup_#t~nondet66#1; {4631#true} is VALID [2022-02-20 17:59:46,889 INFO L290 TraceCheckUtils]: 42: Hoare triple {4631#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {4821#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:59:46,889 INFO L290 TraceCheckUtils]: 43: Hoare triple {4821#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !false; {4821#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:59:46,890 INFO L290 TraceCheckUtils]: 44: Hoare triple {4821#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {4821#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:59:46,890 INFO L290 TraceCheckUtils]: 45: Hoare triple {4821#(= |ULTIMATE.start_test_~op1~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {4821#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:59:46,891 INFO L290 TraceCheckUtils]: 46: Hoare triple {4821#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !(0 == test_~op1~0#1); {4632#false} is VALID [2022-02-20 17:59:46,891 INFO L290 TraceCheckUtils]: 47: Hoare triple {4632#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet27#1 && test_#t~nondet27#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet27#1;havoc test_#t~nondet27#1; {4632#false} is VALID [2022-02-20 17:59:46,891 INFO L290 TraceCheckUtils]: 48: Hoare triple {4632#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {4632#false} is VALID [2022-02-20 17:59:46,891 INFO L290 TraceCheckUtils]: 49: Hoare triple {4632#false} assume !false; {4632#false} is VALID [2022-02-20 17:59:46,891 INFO L290 TraceCheckUtils]: 50: Hoare triple {4632#false} assume !(test_~splverifierCounter~0#1 < 4); {4632#false} is VALID [2022-02-20 17:59:46,891 INFO L290 TraceCheckUtils]: 51: Hoare triple {4632#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_#t~ret61#1, bobToRjh_#t~ret62#1, bobToRjh_~tmp~16#1, bobToRjh_~tmp___0~7#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~16#1;havoc bobToRjh_~tmp___0~7#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret59#1 := puts(17, 0);assume -2147483648 <= bobToRjh_#t~ret59#1 && bobToRjh_#t~ret59#1 <= 2147483647;havoc bobToRjh_#t~ret59#1; {4632#false} is VALID [2022-02-20 17:59:46,892 INFO L272 TraceCheckUtils]: 52: Hoare triple {4632#false} call sendEmail(~bob~0, ~rjh~0); {4632#false} is VALID [2022-02-20 17:59:46,892 INFO L290 TraceCheckUtils]: 53: Hoare triple {4632#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~39#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~39#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {4632#false} is VALID [2022-02-20 17:59:46,892 INFO L272 TraceCheckUtils]: 54: Hoare triple {4632#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {4632#false} is VALID [2022-02-20 17:59:46,892 INFO L290 TraceCheckUtils]: 55: Hoare triple {4632#false} ~handle := #in~handle;~value := #in~value; {4632#false} is VALID [2022-02-20 17:59:46,892 INFO L290 TraceCheckUtils]: 56: Hoare triple {4632#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4632#false} is VALID [2022-02-20 17:59:46,892 INFO L290 TraceCheckUtils]: 57: Hoare triple {4632#false} assume true; {4632#false} is VALID [2022-02-20 17:59:46,892 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {4632#false} {4632#false} #946#return; {4632#false} is VALID [2022-02-20 17:59:46,893 INFO L290 TraceCheckUtils]: 59: Hoare triple {4632#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {4632#false} is VALID [2022-02-20 17:59:46,893 INFO L290 TraceCheckUtils]: 60: Hoare triple {4632#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {4632#false} is VALID [2022-02-20 17:59:46,893 INFO L290 TraceCheckUtils]: 61: Hoare triple {4632#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~39#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~39#1; {4632#false} is VALID [2022-02-20 17:59:46,893 INFO L290 TraceCheckUtils]: 62: Hoare triple {4632#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {4632#false} is VALID [2022-02-20 17:59:46,893 INFO L272 TraceCheckUtils]: 63: Hoare triple {4632#false} call outgoing(~sender#1, ~email~0#1); {4632#false} is VALID [2022-02-20 17:59:46,893 INFO L290 TraceCheckUtils]: 64: Hoare triple {4632#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret18#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~6#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~6#1; {4632#false} is VALID [2022-02-20 17:59:46,894 INFO L272 TraceCheckUtils]: 65: Hoare triple {4632#false} call sign_#t~ret18#1 := getClientPrivateKey(sign_~client#1); {4632#false} is VALID [2022-02-20 17:59:46,894 INFO L290 TraceCheckUtils]: 66: Hoare triple {4632#false} ~handle := #in~handle;havoc ~retValue_acc~28; {4632#false} is VALID [2022-02-20 17:59:46,894 INFO L290 TraceCheckUtils]: 67: Hoare triple {4632#false} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {4632#false} is VALID [2022-02-20 17:59:46,894 INFO L290 TraceCheckUtils]: 68: Hoare triple {4632#false} assume true; {4632#false} is VALID [2022-02-20 17:59:46,894 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {4632#false} {4632#false} #904#return; {4632#false} is VALID [2022-02-20 17:59:46,894 INFO L290 TraceCheckUtils]: 70: Hoare triple {4632#false} assume -2147483648 <= sign_#t~ret18#1 && sign_#t~ret18#1 <= 2147483647;sign_~tmp~6#1 := sign_#t~ret18#1;havoc sign_#t~ret18#1;sign_~privkey~1#1 := sign_~tmp~6#1; {4632#false} is VALID [2022-02-20 17:59:46,894 INFO L290 TraceCheckUtils]: 71: Hoare triple {4632#false} assume 0 == sign_~privkey~1#1; {4632#false} is VALID [2022-02-20 17:59:46,895 INFO L290 TraceCheckUtils]: 72: Hoare triple {4632#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret8#1, outgoing__wrappee__Encrypt_#t~ret9#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~2#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~0#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~2#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~0#1; {4632#false} is VALID [2022-02-20 17:59:46,895 INFO L272 TraceCheckUtils]: 73: Hoare triple {4632#false} call outgoing__wrappee__Encrypt_#t~ret8#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {4632#false} is VALID [2022-02-20 17:59:46,895 INFO L290 TraceCheckUtils]: 74: Hoare triple {4632#false} ~handle := #in~handle;havoc ~retValue_acc~11; {4632#false} is VALID [2022-02-20 17:59:46,895 INFO L290 TraceCheckUtils]: 75: Hoare triple {4632#false} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {4632#false} is VALID [2022-02-20 17:59:46,895 INFO L290 TraceCheckUtils]: 76: Hoare triple {4632#false} assume true; {4632#false} is VALID [2022-02-20 17:59:46,895 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {4632#false} {4632#false} #906#return; {4632#false} is VALID [2022-02-20 17:59:46,895 INFO L290 TraceCheckUtils]: 78: Hoare triple {4632#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret8#1 && outgoing__wrappee__Encrypt_#t~ret8#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~2#1 := outgoing__wrappee__Encrypt_#t~ret8#1;havoc outgoing__wrappee__Encrypt_#t~ret8#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~2#1; {4632#false} is VALID [2022-02-20 17:59:46,896 INFO L272 TraceCheckUtils]: 79: Hoare triple {4632#false} call outgoing__wrappee__Encrypt_#t~ret9#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {4632#false} is VALID [2022-02-20 17:59:46,896 INFO L290 TraceCheckUtils]: 80: Hoare triple {4632#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~33; {4632#false} is VALID [2022-02-20 17:59:46,896 INFO L290 TraceCheckUtils]: 81: Hoare triple {4632#false} assume 1 == ~handle; {4632#false} is VALID [2022-02-20 17:59:46,896 INFO L290 TraceCheckUtils]: 82: Hoare triple {4632#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~33 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~33; {4632#false} is VALID [2022-02-20 17:59:46,896 INFO L290 TraceCheckUtils]: 83: Hoare triple {4632#false} assume true; {4632#false} is VALID [2022-02-20 17:59:46,896 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {4632#false} {4632#false} #908#return; {4632#false} is VALID [2022-02-20 17:59:46,896 INFO L290 TraceCheckUtils]: 85: Hoare triple {4632#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret9#1 && outgoing__wrappee__Encrypt_#t~ret9#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~0#1 := outgoing__wrappee__Encrypt_#t~ret9#1;havoc outgoing__wrappee__Encrypt_#t~ret9#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~0#1; {4632#false} is VALID [2022-02-20 17:59:46,897 INFO L290 TraceCheckUtils]: 86: Hoare triple {4632#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {4632#false} is VALID [2022-02-20 17:59:46,897 INFO L290 TraceCheckUtils]: 87: Hoare triple {4632#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret7#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~1#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~35#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~35#1; {4632#false} is VALID [2022-02-20 17:59:46,897 INFO L290 TraceCheckUtils]: 88: Hoare triple {4632#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~35#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~35#1; {4632#false} is VALID [2022-02-20 17:59:46,897 INFO L290 TraceCheckUtils]: 89: Hoare triple {4632#false} outgoing__wrappee__Keys_#t~ret7#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret7#1 && outgoing__wrappee__Keys_#t~ret7#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~1#1 := outgoing__wrappee__Keys_#t~ret7#1;havoc outgoing__wrappee__Keys_#t~ret7#1; {4632#false} is VALID [2022-02-20 17:59:46,897 INFO L272 TraceCheckUtils]: 90: Hoare triple {4632#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~1#1); {4632#false} is VALID [2022-02-20 17:59:46,897 INFO L290 TraceCheckUtils]: 91: Hoare triple {4632#false} ~handle := #in~handle;~value := #in~value; {4632#false} is VALID [2022-02-20 17:59:46,897 INFO L290 TraceCheckUtils]: 92: Hoare triple {4632#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4632#false} is VALID [2022-02-20 17:59:46,898 INFO L290 TraceCheckUtils]: 93: Hoare triple {4632#false} assume true; {4632#false} is VALID [2022-02-20 17:59:46,898 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {4632#false} {4632#false} #914#return; {4632#false} is VALID [2022-02-20 17:59:46,898 INFO L290 TraceCheckUtils]: 95: Hoare triple {4632#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret5#1, mail_#t~ret6#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~0#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret80#1, __utac_acc__SignForward_spec__1_#t~ret81#1, __utac_acc__SignForward_spec__1_#t~ret82#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~19#1, __utac_acc__SignForward_spec__1_~tmp___0~9#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~19#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~9#1;call __utac_acc__SignForward_spec__1_#t~ret80#1 := puts(25, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret80#1 && __utac_acc__SignForward_spec__1_#t~ret80#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret80#1; {4632#false} is VALID [2022-02-20 17:59:46,898 INFO L272 TraceCheckUtils]: 96: Hoare triple {4632#false} call __utac_acc__SignForward_spec__1_#t~ret81#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {4632#false} is VALID [2022-02-20 17:59:46,898 INFO L290 TraceCheckUtils]: 97: Hoare triple {4632#false} ~handle := #in~handle;havoc ~retValue_acc~16; {4632#false} is VALID [2022-02-20 17:59:46,898 INFO L290 TraceCheckUtils]: 98: Hoare triple {4632#false} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~16; {4632#false} is VALID [2022-02-20 17:59:46,899 INFO L290 TraceCheckUtils]: 99: Hoare triple {4632#false} assume true; {4632#false} is VALID [2022-02-20 17:59:46,899 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {4632#false} {4632#false} #916#return; {4632#false} is VALID [2022-02-20 17:59:46,899 INFO L290 TraceCheckUtils]: 101: Hoare triple {4632#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret81#1 && __utac_acc__SignForward_spec__1_#t~ret81#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~9#1 := __utac_acc__SignForward_spec__1_#t~ret81#1;havoc __utac_acc__SignForward_spec__1_#t~ret81#1; {4632#false} is VALID [2022-02-20 17:59:46,899 INFO L290 TraceCheckUtils]: 102: Hoare triple {4632#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~9#1; {4632#false} is VALID [2022-02-20 17:59:46,899 INFO L272 TraceCheckUtils]: 103: Hoare triple {4632#false} call __utac_acc__SignForward_spec__1_#t~ret82#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {4632#false} is VALID [2022-02-20 17:59:46,899 INFO L290 TraceCheckUtils]: 104: Hoare triple {4632#false} ~handle := #in~handle;havoc ~retValue_acc~28; {4632#false} is VALID [2022-02-20 17:59:46,899 INFO L290 TraceCheckUtils]: 105: Hoare triple {4632#false} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {4632#false} is VALID [2022-02-20 17:59:46,900 INFO L290 TraceCheckUtils]: 106: Hoare triple {4632#false} assume true; {4632#false} is VALID [2022-02-20 17:59:46,900 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {4632#false} {4632#false} #918#return; {4632#false} is VALID [2022-02-20 17:59:46,900 INFO L290 TraceCheckUtils]: 108: Hoare triple {4632#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret82#1 && __utac_acc__SignForward_spec__1_#t~ret82#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~19#1 := __utac_acc__SignForward_spec__1_#t~ret82#1;havoc __utac_acc__SignForward_spec__1_#t~ret82#1; {4632#false} is VALID [2022-02-20 17:59:46,900 INFO L290 TraceCheckUtils]: 109: Hoare triple {4632#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~19#1;assume { :begin_inline___automaton_fail } true; {4632#false} is VALID [2022-02-20 17:59:46,900 INFO L290 TraceCheckUtils]: 110: Hoare triple {4632#false} assume !false; {4632#false} is VALID [2022-02-20 17:59:46,900 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 32 trivial. 0 not checked. [2022-02-20 17:59:46,901 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:59:46,901 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [40453804] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:46,901 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:59:46,901 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [8] total 9 [2022-02-20 17:59:46,901 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [601617290] [2022-02-20 17:59:46,902 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:46,902 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 21.666666666666668) internal successors, (65), 3 states have internal predecessors, (65), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) Word has length 111 [2022-02-20 17:59:46,903 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:46,903 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 21.666666666666668) internal successors, (65), 3 states have internal predecessors, (65), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:59:46,982 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 93 edges. 93 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:46,983 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 17:59:46,983 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:46,984 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 17:59:46,984 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:59:46,984 INFO L87 Difference]: Start difference. First operand 322 states and 475 transitions. Second operand has 3 states, 3 states have (on average 21.666666666666668) internal successors, (65), 3 states have internal predecessors, (65), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:59:47,492 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:47,493 INFO L93 Difference]: Finished difference Result 669 states and 1001 transitions. [2022-02-20 17:59:47,493 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 17:59:47,493 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 21.666666666666668) internal successors, (65), 3 states have internal predecessors, (65), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) Word has length 111 [2022-02-20 17:59:47,493 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:47,494 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 21.666666666666668) internal successors, (65), 3 states have internal predecessors, (65), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:59:47,511 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 999 transitions. [2022-02-20 17:59:47,511 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 21.666666666666668) internal successors, (65), 3 states have internal predecessors, (65), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:59:47,526 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 999 transitions. [2022-02-20 17:59:47,526 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 999 transitions. [2022-02-20 17:59:48,254 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 999 edges. 999 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:48,266 INFO L225 Difference]: With dead ends: 669 [2022-02-20 17:59:48,266 INFO L226 Difference]: Without dead ends: 374 [2022-02-20 17:59:48,268 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 140 GetRequests, 133 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:59:48,269 INFO L933 BasicCegarLoop]: 492 mSDtfsCounter, 99 mSDsluCounter, 427 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 114 SdHoareTripleChecker+Valid, 919 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:48,269 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [114 Valid, 919 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:59:48,270 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 374 states. [2022-02-20 17:59:48,293 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 374 to 366. [2022-02-20 17:59:48,293 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:48,294 INFO L82 GeneralOperation]: Start isEquivalent. First operand 374 states. Second operand has 366 states, 282 states have (on average 1.524822695035461) internal successors, (430), 285 states have internal predecessors, (430), 61 states have call successors, (61), 22 states have call predecessors, (61), 22 states have return successors, (60), 60 states have call predecessors, (60), 60 states have call successors, (60) [2022-02-20 17:59:48,295 INFO L74 IsIncluded]: Start isIncluded. First operand 374 states. Second operand has 366 states, 282 states have (on average 1.524822695035461) internal successors, (430), 285 states have internal predecessors, (430), 61 states have call successors, (61), 22 states have call predecessors, (61), 22 states have return successors, (60), 60 states have call predecessors, (60), 60 states have call successors, (60) [2022-02-20 17:59:48,296 INFO L87 Difference]: Start difference. First operand 374 states. Second operand has 366 states, 282 states have (on average 1.524822695035461) internal successors, (430), 285 states have internal predecessors, (430), 61 states have call successors, (61), 22 states have call predecessors, (61), 22 states have return successors, (60), 60 states have call predecessors, (60), 60 states have call successors, (60) [2022-02-20 17:59:48,310 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:48,313 INFO L93 Difference]: Finished difference Result 374 states and 560 transitions. [2022-02-20 17:59:48,313 INFO L276 IsEmpty]: Start isEmpty. Operand 374 states and 560 transitions. [2022-02-20 17:59:48,320 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:48,321 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:48,322 INFO L74 IsIncluded]: Start isIncluded. First operand has 366 states, 282 states have (on average 1.524822695035461) internal successors, (430), 285 states have internal predecessors, (430), 61 states have call successors, (61), 22 states have call predecessors, (61), 22 states have return successors, (60), 60 states have call predecessors, (60), 60 states have call successors, (60) Second operand 374 states. [2022-02-20 17:59:48,323 INFO L87 Difference]: Start difference. First operand has 366 states, 282 states have (on average 1.524822695035461) internal successors, (430), 285 states have internal predecessors, (430), 61 states have call successors, (61), 22 states have call predecessors, (61), 22 states have return successors, (60), 60 states have call predecessors, (60), 60 states have call successors, (60) Second operand 374 states. [2022-02-20 17:59:48,342 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:48,342 INFO L93 Difference]: Finished difference Result 374 states and 560 transitions. [2022-02-20 17:59:48,342 INFO L276 IsEmpty]: Start isEmpty. Operand 374 states and 560 transitions. [2022-02-20 17:59:48,344 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:48,344 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:48,344 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:48,344 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:48,346 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 366 states, 282 states have (on average 1.524822695035461) internal successors, (430), 285 states have internal predecessors, (430), 61 states have call successors, (61), 22 states have call predecessors, (61), 22 states have return successors, (60), 60 states have call predecessors, (60), 60 states have call successors, (60) [2022-02-20 17:59:48,361 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 366 states to 366 states and 551 transitions. [2022-02-20 17:59:48,361 INFO L78 Accepts]: Start accepts. Automaton has 366 states and 551 transitions. Word has length 111 [2022-02-20 17:59:48,361 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:48,362 INFO L470 AbstractCegarLoop]: Abstraction has 366 states and 551 transitions. [2022-02-20 17:59:48,362 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 21.666666666666668) internal successors, (65), 3 states have internal predecessors, (65), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:59:48,362 INFO L276 IsEmpty]: Start isEmpty. Operand 366 states and 551 transitions. [2022-02-20 17:59:48,364 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 113 [2022-02-20 17:59:48,364 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:48,364 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:48,393 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-02-20 17:59:48,580 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:48,581 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:48,581 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:48,581 INFO L85 PathProgramCache]: Analyzing trace with hash 1427798971, now seen corresponding path program 1 times [2022-02-20 17:59:48,582 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:48,582 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [235089276] [2022-02-20 17:59:48,582 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:48,582 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:48,612 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:48,641 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:59:48,643 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:48,646 INFO L290 TraceCheckUtils]: 0: Hoare triple {7278#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7222#true} is VALID [2022-02-20 17:59:48,646 INFO L290 TraceCheckUtils]: 1: Hoare triple {7222#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7222#true} is VALID [2022-02-20 17:59:48,646 INFO L290 TraceCheckUtils]: 2: Hoare triple {7222#true} assume true; {7222#true} is VALID [2022-02-20 17:59:48,646 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7222#true} {7222#true} #958#return; {7222#true} is VALID [2022-02-20 17:59:48,653 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:59:48,654 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:48,660 INFO L290 TraceCheckUtils]: 0: Hoare triple {7279#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7222#true} is VALID [2022-02-20 17:59:48,661 INFO L290 TraceCheckUtils]: 1: Hoare triple {7222#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7222#true} is VALID [2022-02-20 17:59:48,661 INFO L290 TraceCheckUtils]: 2: Hoare triple {7222#true} assume true; {7222#true} is VALID [2022-02-20 17:59:48,661 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7222#true} {7222#true} #960#return; {7222#true} is VALID [2022-02-20 17:59:48,661 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:48,663 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:48,681 INFO L290 TraceCheckUtils]: 0: Hoare triple {7278#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7280#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:48,681 INFO L290 TraceCheckUtils]: 1: Hoare triple {7280#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7281#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:48,682 INFO L290 TraceCheckUtils]: 2: Hoare triple {7281#(= |setClientId_#in~handle| 1)} assume true; {7281#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:48,683 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7281#(= |setClientId_#in~handle| 1)} {7232#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #962#return; {7223#false} is VALID [2022-02-20 17:59:48,683 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:59:48,685 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:48,688 INFO L290 TraceCheckUtils]: 0: Hoare triple {7279#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7222#true} is VALID [2022-02-20 17:59:48,689 INFO L290 TraceCheckUtils]: 1: Hoare triple {7222#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7222#true} is VALID [2022-02-20 17:59:48,689 INFO L290 TraceCheckUtils]: 2: Hoare triple {7222#true} assume true; {7222#true} is VALID [2022-02-20 17:59:48,689 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7222#true} {7223#false} #964#return; {7223#false} is VALID [2022-02-20 17:59:48,689 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:59:48,693 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:48,696 INFO L290 TraceCheckUtils]: 0: Hoare triple {7278#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7222#true} is VALID [2022-02-20 17:59:48,696 INFO L290 TraceCheckUtils]: 1: Hoare triple {7222#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7222#true} is VALID [2022-02-20 17:59:48,696 INFO L290 TraceCheckUtils]: 2: Hoare triple {7222#true} assume true; {7222#true} is VALID [2022-02-20 17:59:48,697 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7222#true} {7223#false} #966#return; {7223#false} is VALID [2022-02-20 17:59:48,697 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:59:48,707 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:48,710 INFO L290 TraceCheckUtils]: 0: Hoare triple {7279#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7222#true} is VALID [2022-02-20 17:59:48,711 INFO L290 TraceCheckUtils]: 1: Hoare triple {7222#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7222#true} is VALID [2022-02-20 17:59:48,711 INFO L290 TraceCheckUtils]: 2: Hoare triple {7222#true} assume true; {7222#true} is VALID [2022-02-20 17:59:48,711 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7222#true} {7223#false} #968#return; {7223#false} is VALID [2022-02-20 17:59:48,718 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 55 [2022-02-20 17:59:48,720 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:48,724 INFO L290 TraceCheckUtils]: 0: Hoare triple {7282#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7222#true} is VALID [2022-02-20 17:59:48,725 INFO L290 TraceCheckUtils]: 1: Hoare triple {7222#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7222#true} is VALID [2022-02-20 17:59:48,725 INFO L290 TraceCheckUtils]: 2: Hoare triple {7222#true} assume true; {7222#true} is VALID [2022-02-20 17:59:48,725 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7222#true} {7223#false} #946#return; {7223#false} is VALID [2022-02-20 17:59:48,725 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 17:59:48,728 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:48,731 INFO L290 TraceCheckUtils]: 0: Hoare triple {7222#true} ~handle := #in~handle;havoc ~retValue_acc~28; {7222#true} is VALID [2022-02-20 17:59:48,731 INFO L290 TraceCheckUtils]: 1: Hoare triple {7222#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {7222#true} is VALID [2022-02-20 17:59:48,731 INFO L290 TraceCheckUtils]: 2: Hoare triple {7222#true} assume true; {7222#true} is VALID [2022-02-20 17:59:48,731 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7222#true} {7223#false} #904#return; {7223#false} is VALID [2022-02-20 17:59:48,732 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 74 [2022-02-20 17:59:48,733 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:48,735 INFO L290 TraceCheckUtils]: 0: Hoare triple {7222#true} ~handle := #in~handle;havoc ~retValue_acc~11; {7222#true} is VALID [2022-02-20 17:59:48,735 INFO L290 TraceCheckUtils]: 1: Hoare triple {7222#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {7222#true} is VALID [2022-02-20 17:59:48,735 INFO L290 TraceCheckUtils]: 2: Hoare triple {7222#true} assume true; {7222#true} is VALID [2022-02-20 17:59:48,736 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7222#true} {7223#false} #906#return; {7223#false} is VALID [2022-02-20 17:59:48,736 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2022-02-20 17:59:48,737 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:48,739 INFO L290 TraceCheckUtils]: 0: Hoare triple {7222#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~33; {7222#true} is VALID [2022-02-20 17:59:48,740 INFO L290 TraceCheckUtils]: 1: Hoare triple {7222#true} assume 1 == ~handle; {7222#true} is VALID [2022-02-20 17:59:48,740 INFO L290 TraceCheckUtils]: 2: Hoare triple {7222#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~33 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~33; {7222#true} is VALID [2022-02-20 17:59:48,740 INFO L290 TraceCheckUtils]: 3: Hoare triple {7222#true} assume true; {7222#true} is VALID [2022-02-20 17:59:48,740 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {7222#true} {7223#false} #908#return; {7223#false} is VALID [2022-02-20 17:59:48,740 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91 [2022-02-20 17:59:48,741 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:48,744 INFO L290 TraceCheckUtils]: 0: Hoare triple {7282#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7222#true} is VALID [2022-02-20 17:59:48,744 INFO L290 TraceCheckUtils]: 1: Hoare triple {7222#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7222#true} is VALID [2022-02-20 17:59:48,744 INFO L290 TraceCheckUtils]: 2: Hoare triple {7222#true} assume true; {7222#true} is VALID [2022-02-20 17:59:48,744 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7222#true} {7223#false} #914#return; {7223#false} is VALID [2022-02-20 17:59:48,745 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 97 [2022-02-20 17:59:48,746 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:48,748 INFO L290 TraceCheckUtils]: 0: Hoare triple {7222#true} ~handle := #in~handle;havoc ~retValue_acc~16; {7222#true} is VALID [2022-02-20 17:59:48,748 INFO L290 TraceCheckUtils]: 1: Hoare triple {7222#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~16; {7222#true} is VALID [2022-02-20 17:59:48,748 INFO L290 TraceCheckUtils]: 2: Hoare triple {7222#true} assume true; {7222#true} is VALID [2022-02-20 17:59:48,748 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7222#true} {7223#false} #916#return; {7223#false} is VALID [2022-02-20 17:59:48,749 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 104 [2022-02-20 17:59:48,750 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:48,755 INFO L290 TraceCheckUtils]: 0: Hoare triple {7222#true} ~handle := #in~handle;havoc ~retValue_acc~28; {7222#true} is VALID [2022-02-20 17:59:48,756 INFO L290 TraceCheckUtils]: 1: Hoare triple {7222#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {7222#true} is VALID [2022-02-20 17:59:48,756 INFO L290 TraceCheckUtils]: 2: Hoare triple {7222#true} assume true; {7222#true} is VALID [2022-02-20 17:59:48,756 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7222#true} {7223#false} #918#return; {7223#false} is VALID [2022-02-20 17:59:48,756 INFO L290 TraceCheckUtils]: 0: Hoare triple {7222#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(16, 5);call #Ultimate.allocInit(20, 6);call #Ultimate.allocInit(4, 7);call write~init~int(37, 7, 0, 1);call write~init~int(115, 7, 1, 1);call write~init~int(10, 7, 2, 1);call write~init~int(0, 7, 3, 1);call #Ultimate.allocInit(10, 8);call #Ultimate.allocInit(12, 9);call #Ultimate.allocInit(10, 10);call #Ultimate.allocInit(18, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(21, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(16, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(44, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(11, 21);call #Ultimate.allocInit(19, 22);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(100, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(21, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(25, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {7222#true} is VALID [2022-02-20 17:59:48,756 INFO L290 TraceCheckUtils]: 1: Hoare triple {7222#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet67#1, main_#t~ret68#1, main_~retValue_acc~40#1, main_~tmp~17#1;assume -2147483648 <= main_#t~nondet67#1 && main_#t~nondet67#1 <= 2147483647;main_~retValue_acc~40#1 := main_#t~nondet67#1;havoc main_#t~nondet67#1;havoc main_~tmp~17#1;assume { :begin_inline_select_helpers } true; {7222#true} is VALID [2022-02-20 17:59:48,756 INFO L290 TraceCheckUtils]: 2: Hoare triple {7222#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {7222#true} is VALID [2022-02-20 17:59:48,757 INFO L290 TraceCheckUtils]: 3: Hoare triple {7222#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {7222#true} is VALID [2022-02-20 17:59:48,757 INFO L290 TraceCheckUtils]: 4: Hoare triple {7222#true} main_#t~ret68#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret68#1 && main_#t~ret68#1 <= 2147483647;main_~tmp~17#1 := main_#t~ret68#1;havoc main_#t~ret68#1; {7222#true} is VALID [2022-02-20 17:59:48,757 INFO L290 TraceCheckUtils]: 5: Hoare triple {7222#true} assume 0 != main_~tmp~17#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet64#1, setup_#t~nondet65#1, setup_#t~nondet66#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {7222#true} is VALID [2022-02-20 17:59:48,758 INFO L272 TraceCheckUtils]: 6: Hoare triple {7222#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {7278#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:48,758 INFO L290 TraceCheckUtils]: 7: Hoare triple {7278#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7222#true} is VALID [2022-02-20 17:59:48,758 INFO L290 TraceCheckUtils]: 8: Hoare triple {7222#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7222#true} is VALID [2022-02-20 17:59:48,758 INFO L290 TraceCheckUtils]: 9: Hoare triple {7222#true} assume true; {7222#true} is VALID [2022-02-20 17:59:48,758 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {7222#true} {7222#true} #958#return; {7222#true} is VALID [2022-02-20 17:59:48,759 INFO L290 TraceCheckUtils]: 11: Hoare triple {7222#true} assume { :end_inline_setup_bob__wrappee__Base } true; {7222#true} is VALID [2022-02-20 17:59:48,759 INFO L272 TraceCheckUtils]: 12: Hoare triple {7222#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {7279#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:48,759 INFO L290 TraceCheckUtils]: 13: Hoare triple {7279#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7222#true} is VALID [2022-02-20 17:59:48,760 INFO L290 TraceCheckUtils]: 14: Hoare triple {7222#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7222#true} is VALID [2022-02-20 17:59:48,760 INFO L290 TraceCheckUtils]: 15: Hoare triple {7222#true} assume true; {7222#true} is VALID [2022-02-20 17:59:48,760 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {7222#true} {7222#true} #960#return; {7222#true} is VALID [2022-02-20 17:59:48,760 INFO L290 TraceCheckUtils]: 17: Hoare triple {7222#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 19, 0;havoc setup_#t~nondet64#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {7232#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:59:48,761 INFO L272 TraceCheckUtils]: 18: Hoare triple {7232#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {7278#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:48,761 INFO L290 TraceCheckUtils]: 19: Hoare triple {7278#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7280#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:48,762 INFO L290 TraceCheckUtils]: 20: Hoare triple {7280#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7281#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:48,762 INFO L290 TraceCheckUtils]: 21: Hoare triple {7281#(= |setClientId_#in~handle| 1)} assume true; {7281#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:48,763 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {7281#(= |setClientId_#in~handle| 1)} {7232#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #962#return; {7223#false} is VALID [2022-02-20 17:59:48,763 INFO L290 TraceCheckUtils]: 23: Hoare triple {7223#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {7223#false} is VALID [2022-02-20 17:59:48,764 INFO L272 TraceCheckUtils]: 24: Hoare triple {7223#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {7279#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:48,764 INFO L290 TraceCheckUtils]: 25: Hoare triple {7279#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7222#true} is VALID [2022-02-20 17:59:48,764 INFO L290 TraceCheckUtils]: 26: Hoare triple {7222#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7222#true} is VALID [2022-02-20 17:59:48,764 INFO L290 TraceCheckUtils]: 27: Hoare triple {7222#true} assume true; {7222#true} is VALID [2022-02-20 17:59:48,764 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {7222#true} {7223#false} #964#return; {7223#false} is VALID [2022-02-20 17:59:48,764 INFO L290 TraceCheckUtils]: 29: Hoare triple {7223#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 20, 0;havoc setup_#t~nondet65#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {7223#false} is VALID [2022-02-20 17:59:48,764 INFO L272 TraceCheckUtils]: 30: Hoare triple {7223#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {7278#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:48,765 INFO L290 TraceCheckUtils]: 31: Hoare triple {7278#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7222#true} is VALID [2022-02-20 17:59:48,765 INFO L290 TraceCheckUtils]: 32: Hoare triple {7222#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7222#true} is VALID [2022-02-20 17:59:48,765 INFO L290 TraceCheckUtils]: 33: Hoare triple {7222#true} assume true; {7222#true} is VALID [2022-02-20 17:59:48,765 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {7222#true} {7223#false} #966#return; {7223#false} is VALID [2022-02-20 17:59:48,765 INFO L290 TraceCheckUtils]: 35: Hoare triple {7223#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {7223#false} is VALID [2022-02-20 17:59:48,765 INFO L272 TraceCheckUtils]: 36: Hoare triple {7223#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {7279#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:48,765 INFO L290 TraceCheckUtils]: 37: Hoare triple {7279#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7222#true} is VALID [2022-02-20 17:59:48,766 INFO L290 TraceCheckUtils]: 38: Hoare triple {7222#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7222#true} is VALID [2022-02-20 17:59:48,766 INFO L290 TraceCheckUtils]: 39: Hoare triple {7222#true} assume true; {7222#true} is VALID [2022-02-20 17:59:48,766 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {7222#true} {7223#false} #968#return; {7223#false} is VALID [2022-02-20 17:59:48,766 INFO L290 TraceCheckUtils]: 41: Hoare triple {7223#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 21, 0;havoc setup_#t~nondet66#1; {7223#false} is VALID [2022-02-20 17:59:48,766 INFO L290 TraceCheckUtils]: 42: Hoare triple {7223#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {7223#false} is VALID [2022-02-20 17:59:48,766 INFO L290 TraceCheckUtils]: 43: Hoare triple {7223#false} assume !false; {7223#false} is VALID [2022-02-20 17:59:48,766 INFO L290 TraceCheckUtils]: 44: Hoare triple {7223#false} assume test_~splverifierCounter~0#1 < 4; {7223#false} is VALID [2022-02-20 17:59:48,767 INFO L290 TraceCheckUtils]: 45: Hoare triple {7223#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {7223#false} is VALID [2022-02-20 17:59:48,767 INFO L290 TraceCheckUtils]: 46: Hoare triple {7223#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet26#1 && test_#t~nondet26#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet26#1;havoc test_#t~nondet26#1; {7223#false} is VALID [2022-02-20 17:59:48,767 INFO L290 TraceCheckUtils]: 47: Hoare triple {7223#false} assume !(0 != test_~tmp___9~0#1); {7223#false} is VALID [2022-02-20 17:59:48,767 INFO L290 TraceCheckUtils]: 48: Hoare triple {7223#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet27#1 && test_#t~nondet27#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet27#1;havoc test_#t~nondet27#1; {7223#false} is VALID [2022-02-20 17:59:48,767 INFO L290 TraceCheckUtils]: 49: Hoare triple {7223#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {7223#false} is VALID [2022-02-20 17:59:48,767 INFO L290 TraceCheckUtils]: 50: Hoare triple {7223#false} assume !false; {7223#false} is VALID [2022-02-20 17:59:48,767 INFO L290 TraceCheckUtils]: 51: Hoare triple {7223#false} assume !(test_~splverifierCounter~0#1 < 4); {7223#false} is VALID [2022-02-20 17:59:48,768 INFO L290 TraceCheckUtils]: 52: Hoare triple {7223#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_#t~ret61#1, bobToRjh_#t~ret62#1, bobToRjh_~tmp~16#1, bobToRjh_~tmp___0~7#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~16#1;havoc bobToRjh_~tmp___0~7#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret59#1 := puts(17, 0);assume -2147483648 <= bobToRjh_#t~ret59#1 && bobToRjh_#t~ret59#1 <= 2147483647;havoc bobToRjh_#t~ret59#1; {7223#false} is VALID [2022-02-20 17:59:48,768 INFO L272 TraceCheckUtils]: 53: Hoare triple {7223#false} call sendEmail(~bob~0, ~rjh~0); {7223#false} is VALID [2022-02-20 17:59:48,768 INFO L290 TraceCheckUtils]: 54: Hoare triple {7223#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~39#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~39#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {7223#false} is VALID [2022-02-20 17:59:48,768 INFO L272 TraceCheckUtils]: 55: Hoare triple {7223#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {7282#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:48,768 INFO L290 TraceCheckUtils]: 56: Hoare triple {7282#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7222#true} is VALID [2022-02-20 17:59:48,768 INFO L290 TraceCheckUtils]: 57: Hoare triple {7222#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7222#true} is VALID [2022-02-20 17:59:48,768 INFO L290 TraceCheckUtils]: 58: Hoare triple {7222#true} assume true; {7222#true} is VALID [2022-02-20 17:59:48,769 INFO L284 TraceCheckUtils]: 59: Hoare quadruple {7222#true} {7223#false} #946#return; {7223#false} is VALID [2022-02-20 17:59:48,769 INFO L290 TraceCheckUtils]: 60: Hoare triple {7223#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {7223#false} is VALID [2022-02-20 17:59:48,769 INFO L290 TraceCheckUtils]: 61: Hoare triple {7223#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {7223#false} is VALID [2022-02-20 17:59:48,769 INFO L290 TraceCheckUtils]: 62: Hoare triple {7223#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~39#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~39#1; {7223#false} is VALID [2022-02-20 17:59:48,770 INFO L290 TraceCheckUtils]: 63: Hoare triple {7223#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {7223#false} is VALID [2022-02-20 17:59:48,770 INFO L272 TraceCheckUtils]: 64: Hoare triple {7223#false} call outgoing(~sender#1, ~email~0#1); {7223#false} is VALID [2022-02-20 17:59:48,770 INFO L290 TraceCheckUtils]: 65: Hoare triple {7223#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret18#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~6#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~6#1; {7223#false} is VALID [2022-02-20 17:59:48,771 INFO L272 TraceCheckUtils]: 66: Hoare triple {7223#false} call sign_#t~ret18#1 := getClientPrivateKey(sign_~client#1); {7222#true} is VALID [2022-02-20 17:59:48,771 INFO L290 TraceCheckUtils]: 67: Hoare triple {7222#true} ~handle := #in~handle;havoc ~retValue_acc~28; {7222#true} is VALID [2022-02-20 17:59:48,771 INFO L290 TraceCheckUtils]: 68: Hoare triple {7222#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {7222#true} is VALID [2022-02-20 17:59:48,771 INFO L290 TraceCheckUtils]: 69: Hoare triple {7222#true} assume true; {7222#true} is VALID [2022-02-20 17:59:48,771 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {7222#true} {7223#false} #904#return; {7223#false} is VALID [2022-02-20 17:59:48,771 INFO L290 TraceCheckUtils]: 71: Hoare triple {7223#false} assume -2147483648 <= sign_#t~ret18#1 && sign_#t~ret18#1 <= 2147483647;sign_~tmp~6#1 := sign_#t~ret18#1;havoc sign_#t~ret18#1;sign_~privkey~1#1 := sign_~tmp~6#1; {7223#false} is VALID [2022-02-20 17:59:48,771 INFO L290 TraceCheckUtils]: 72: Hoare triple {7223#false} assume 0 == sign_~privkey~1#1; {7223#false} is VALID [2022-02-20 17:59:48,772 INFO L290 TraceCheckUtils]: 73: Hoare triple {7223#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret8#1, outgoing__wrappee__Encrypt_#t~ret9#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~2#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~0#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~2#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~0#1; {7223#false} is VALID [2022-02-20 17:59:48,772 INFO L272 TraceCheckUtils]: 74: Hoare triple {7223#false} call outgoing__wrappee__Encrypt_#t~ret8#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {7222#true} is VALID [2022-02-20 17:59:48,772 INFO L290 TraceCheckUtils]: 75: Hoare triple {7222#true} ~handle := #in~handle;havoc ~retValue_acc~11; {7222#true} is VALID [2022-02-20 17:59:48,772 INFO L290 TraceCheckUtils]: 76: Hoare triple {7222#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {7222#true} is VALID [2022-02-20 17:59:48,772 INFO L290 TraceCheckUtils]: 77: Hoare triple {7222#true} assume true; {7222#true} is VALID [2022-02-20 17:59:48,772 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {7222#true} {7223#false} #906#return; {7223#false} is VALID [2022-02-20 17:59:48,772 INFO L290 TraceCheckUtils]: 79: Hoare triple {7223#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret8#1 && outgoing__wrappee__Encrypt_#t~ret8#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~2#1 := outgoing__wrappee__Encrypt_#t~ret8#1;havoc outgoing__wrappee__Encrypt_#t~ret8#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~2#1; {7223#false} is VALID [2022-02-20 17:59:48,773 INFO L272 TraceCheckUtils]: 80: Hoare triple {7223#false} call outgoing__wrappee__Encrypt_#t~ret9#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {7222#true} is VALID [2022-02-20 17:59:48,773 INFO L290 TraceCheckUtils]: 81: Hoare triple {7222#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~33; {7222#true} is VALID [2022-02-20 17:59:48,773 INFO L290 TraceCheckUtils]: 82: Hoare triple {7222#true} assume 1 == ~handle; {7222#true} is VALID [2022-02-20 17:59:48,773 INFO L290 TraceCheckUtils]: 83: Hoare triple {7222#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~33 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~33; {7222#true} is VALID [2022-02-20 17:59:48,773 INFO L290 TraceCheckUtils]: 84: Hoare triple {7222#true} assume true; {7222#true} is VALID [2022-02-20 17:59:48,773 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {7222#true} {7223#false} #908#return; {7223#false} is VALID [2022-02-20 17:59:48,773 INFO L290 TraceCheckUtils]: 86: Hoare triple {7223#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret9#1 && outgoing__wrappee__Encrypt_#t~ret9#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~0#1 := outgoing__wrappee__Encrypt_#t~ret9#1;havoc outgoing__wrappee__Encrypt_#t~ret9#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~0#1; {7223#false} is VALID [2022-02-20 17:59:48,774 INFO L290 TraceCheckUtils]: 87: Hoare triple {7223#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {7223#false} is VALID [2022-02-20 17:59:48,774 INFO L290 TraceCheckUtils]: 88: Hoare triple {7223#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret7#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~1#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~35#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~35#1; {7223#false} is VALID [2022-02-20 17:59:48,774 INFO L290 TraceCheckUtils]: 89: Hoare triple {7223#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~35#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~35#1; {7223#false} is VALID [2022-02-20 17:59:48,774 INFO L290 TraceCheckUtils]: 90: Hoare triple {7223#false} outgoing__wrappee__Keys_#t~ret7#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret7#1 && outgoing__wrappee__Keys_#t~ret7#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~1#1 := outgoing__wrappee__Keys_#t~ret7#1;havoc outgoing__wrappee__Keys_#t~ret7#1; {7223#false} is VALID [2022-02-20 17:59:48,774 INFO L272 TraceCheckUtils]: 91: Hoare triple {7223#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~1#1); {7282#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:48,774 INFO L290 TraceCheckUtils]: 92: Hoare triple {7282#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7222#true} is VALID [2022-02-20 17:59:48,774 INFO L290 TraceCheckUtils]: 93: Hoare triple {7222#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7222#true} is VALID [2022-02-20 17:59:48,775 INFO L290 TraceCheckUtils]: 94: Hoare triple {7222#true} assume true; {7222#true} is VALID [2022-02-20 17:59:48,775 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {7222#true} {7223#false} #914#return; {7223#false} is VALID [2022-02-20 17:59:48,775 INFO L290 TraceCheckUtils]: 96: Hoare triple {7223#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret5#1, mail_#t~ret6#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~0#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret80#1, __utac_acc__SignForward_spec__1_#t~ret81#1, __utac_acc__SignForward_spec__1_#t~ret82#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~19#1, __utac_acc__SignForward_spec__1_~tmp___0~9#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~19#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~9#1;call __utac_acc__SignForward_spec__1_#t~ret80#1 := puts(25, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret80#1 && __utac_acc__SignForward_spec__1_#t~ret80#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret80#1; {7223#false} is VALID [2022-02-20 17:59:48,775 INFO L272 TraceCheckUtils]: 97: Hoare triple {7223#false} call __utac_acc__SignForward_spec__1_#t~ret81#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {7222#true} is VALID [2022-02-20 17:59:48,775 INFO L290 TraceCheckUtils]: 98: Hoare triple {7222#true} ~handle := #in~handle;havoc ~retValue_acc~16; {7222#true} is VALID [2022-02-20 17:59:48,775 INFO L290 TraceCheckUtils]: 99: Hoare triple {7222#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~16; {7222#true} is VALID [2022-02-20 17:59:48,775 INFO L290 TraceCheckUtils]: 100: Hoare triple {7222#true} assume true; {7222#true} is VALID [2022-02-20 17:59:48,776 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {7222#true} {7223#false} #916#return; {7223#false} is VALID [2022-02-20 17:59:48,776 INFO L290 TraceCheckUtils]: 102: Hoare triple {7223#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret81#1 && __utac_acc__SignForward_spec__1_#t~ret81#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~9#1 := __utac_acc__SignForward_spec__1_#t~ret81#1;havoc __utac_acc__SignForward_spec__1_#t~ret81#1; {7223#false} is VALID [2022-02-20 17:59:48,776 INFO L290 TraceCheckUtils]: 103: Hoare triple {7223#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~9#1; {7223#false} is VALID [2022-02-20 17:59:48,776 INFO L272 TraceCheckUtils]: 104: Hoare triple {7223#false} call __utac_acc__SignForward_spec__1_#t~ret82#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {7222#true} is VALID [2022-02-20 17:59:48,776 INFO L290 TraceCheckUtils]: 105: Hoare triple {7222#true} ~handle := #in~handle;havoc ~retValue_acc~28; {7222#true} is VALID [2022-02-20 17:59:48,776 INFO L290 TraceCheckUtils]: 106: Hoare triple {7222#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {7222#true} is VALID [2022-02-20 17:59:48,776 INFO L290 TraceCheckUtils]: 107: Hoare triple {7222#true} assume true; {7222#true} is VALID [2022-02-20 17:59:48,776 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {7222#true} {7223#false} #918#return; {7223#false} is VALID [2022-02-20 17:59:48,777 INFO L290 TraceCheckUtils]: 109: Hoare triple {7223#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret82#1 && __utac_acc__SignForward_spec__1_#t~ret82#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~19#1 := __utac_acc__SignForward_spec__1_#t~ret82#1;havoc __utac_acc__SignForward_spec__1_#t~ret82#1; {7223#false} is VALID [2022-02-20 17:59:48,777 INFO L290 TraceCheckUtils]: 110: Hoare triple {7223#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~19#1;assume { :begin_inline___automaton_fail } true; {7223#false} is VALID [2022-02-20 17:59:48,777 INFO L290 TraceCheckUtils]: 111: Hoare triple {7223#false} assume !false; {7223#false} is VALID [2022-02-20 17:59:48,777 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 17:59:48,778 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:48,780 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [235089276] [2022-02-20 17:59:48,781 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [235089276] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:59:48,781 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2134311271] [2022-02-20 17:59:48,781 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:48,781 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:48,781 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:59:48,782 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:59:48,784 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2022-02-20 17:59:49,028 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:49,033 INFO L263 TraceCheckSpWp]: Trace formula consists of 1038 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 17:59:49,089 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:49,092 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:59:49,452 INFO L290 TraceCheckUtils]: 0: Hoare triple {7222#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(16, 5);call #Ultimate.allocInit(20, 6);call #Ultimate.allocInit(4, 7);call write~init~int(37, 7, 0, 1);call write~init~int(115, 7, 1, 1);call write~init~int(10, 7, 2, 1);call write~init~int(0, 7, 3, 1);call #Ultimate.allocInit(10, 8);call #Ultimate.allocInit(12, 9);call #Ultimate.allocInit(10, 10);call #Ultimate.allocInit(18, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(21, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(16, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(44, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(11, 21);call #Ultimate.allocInit(19, 22);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(100, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(21, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(25, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {7222#true} is VALID [2022-02-20 17:59:49,453 INFO L290 TraceCheckUtils]: 1: Hoare triple {7222#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet67#1, main_#t~ret68#1, main_~retValue_acc~40#1, main_~tmp~17#1;assume -2147483648 <= main_#t~nondet67#1 && main_#t~nondet67#1 <= 2147483647;main_~retValue_acc~40#1 := main_#t~nondet67#1;havoc main_#t~nondet67#1;havoc main_~tmp~17#1;assume { :begin_inline_select_helpers } true; {7222#true} is VALID [2022-02-20 17:59:49,455 INFO L290 TraceCheckUtils]: 2: Hoare triple {7222#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {7222#true} is VALID [2022-02-20 17:59:49,455 INFO L290 TraceCheckUtils]: 3: Hoare triple {7222#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {7222#true} is VALID [2022-02-20 17:59:49,455 INFO L290 TraceCheckUtils]: 4: Hoare triple {7222#true} main_#t~ret68#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret68#1 && main_#t~ret68#1 <= 2147483647;main_~tmp~17#1 := main_#t~ret68#1;havoc main_#t~ret68#1; {7222#true} is VALID [2022-02-20 17:59:49,455 INFO L290 TraceCheckUtils]: 5: Hoare triple {7222#true} assume 0 != main_~tmp~17#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet64#1, setup_#t~nondet65#1, setup_#t~nondet66#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {7222#true} is VALID [2022-02-20 17:59:49,456 INFO L272 TraceCheckUtils]: 6: Hoare triple {7222#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {7222#true} is VALID [2022-02-20 17:59:49,456 INFO L290 TraceCheckUtils]: 7: Hoare triple {7222#true} ~handle := #in~handle;~value := #in~value; {7222#true} is VALID [2022-02-20 17:59:49,456 INFO L290 TraceCheckUtils]: 8: Hoare triple {7222#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7222#true} is VALID [2022-02-20 17:59:49,456 INFO L290 TraceCheckUtils]: 9: Hoare triple {7222#true} assume true; {7222#true} is VALID [2022-02-20 17:59:49,456 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {7222#true} {7222#true} #958#return; {7222#true} is VALID [2022-02-20 17:59:49,456 INFO L290 TraceCheckUtils]: 11: Hoare triple {7222#true} assume { :end_inline_setup_bob__wrappee__Base } true; {7222#true} is VALID [2022-02-20 17:59:49,457 INFO L272 TraceCheckUtils]: 12: Hoare triple {7222#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {7222#true} is VALID [2022-02-20 17:59:49,457 INFO L290 TraceCheckUtils]: 13: Hoare triple {7222#true} ~handle := #in~handle;~value := #in~value; {7222#true} is VALID [2022-02-20 17:59:49,457 INFO L290 TraceCheckUtils]: 14: Hoare triple {7222#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7222#true} is VALID [2022-02-20 17:59:49,457 INFO L290 TraceCheckUtils]: 15: Hoare triple {7222#true} assume true; {7222#true} is VALID [2022-02-20 17:59:49,457 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {7222#true} {7222#true} #960#return; {7222#true} is VALID [2022-02-20 17:59:49,459 INFO L290 TraceCheckUtils]: 17: Hoare triple {7222#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 19, 0;havoc setup_#t~nondet64#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {7337#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 17:59:49,460 INFO L272 TraceCheckUtils]: 18: Hoare triple {7337#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {7222#true} is VALID [2022-02-20 17:59:49,460 INFO L290 TraceCheckUtils]: 19: Hoare triple {7222#true} ~handle := #in~handle;~value := #in~value; {7344#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID [2022-02-20 17:59:49,461 INFO L290 TraceCheckUtils]: 20: Hoare triple {7344#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7348#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:49,461 INFO L290 TraceCheckUtils]: 21: Hoare triple {7348#(<= |setClientId_#in~handle| 1)} assume true; {7348#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:49,462 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {7348#(<= |setClientId_#in~handle| 1)} {7337#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #962#return; {7223#false} is VALID [2022-02-20 17:59:49,462 INFO L290 TraceCheckUtils]: 23: Hoare triple {7223#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {7223#false} is VALID [2022-02-20 17:59:49,462 INFO L272 TraceCheckUtils]: 24: Hoare triple {7223#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {7223#false} is VALID [2022-02-20 17:59:49,462 INFO L290 TraceCheckUtils]: 25: Hoare triple {7223#false} ~handle := #in~handle;~value := #in~value; {7223#false} is VALID [2022-02-20 17:59:49,463 INFO L290 TraceCheckUtils]: 26: Hoare triple {7223#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7223#false} is VALID [2022-02-20 17:59:49,463 INFO L290 TraceCheckUtils]: 27: Hoare triple {7223#false} assume true; {7223#false} is VALID [2022-02-20 17:59:49,463 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {7223#false} {7223#false} #964#return; {7223#false} is VALID [2022-02-20 17:59:49,463 INFO L290 TraceCheckUtils]: 29: Hoare triple {7223#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 20, 0;havoc setup_#t~nondet65#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {7223#false} is VALID [2022-02-20 17:59:49,463 INFO L272 TraceCheckUtils]: 30: Hoare triple {7223#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {7223#false} is VALID [2022-02-20 17:59:49,463 INFO L290 TraceCheckUtils]: 31: Hoare triple {7223#false} ~handle := #in~handle;~value := #in~value; {7223#false} is VALID [2022-02-20 17:59:49,464 INFO L290 TraceCheckUtils]: 32: Hoare triple {7223#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7223#false} is VALID [2022-02-20 17:59:49,464 INFO L290 TraceCheckUtils]: 33: Hoare triple {7223#false} assume true; {7223#false} is VALID [2022-02-20 17:59:49,464 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {7223#false} {7223#false} #966#return; {7223#false} is VALID [2022-02-20 17:59:49,464 INFO L290 TraceCheckUtils]: 35: Hoare triple {7223#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {7223#false} is VALID [2022-02-20 17:59:49,464 INFO L272 TraceCheckUtils]: 36: Hoare triple {7223#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {7223#false} is VALID [2022-02-20 17:59:49,464 INFO L290 TraceCheckUtils]: 37: Hoare triple {7223#false} ~handle := #in~handle;~value := #in~value; {7223#false} is VALID [2022-02-20 17:59:49,464 INFO L290 TraceCheckUtils]: 38: Hoare triple {7223#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7223#false} is VALID [2022-02-20 17:59:49,465 INFO L290 TraceCheckUtils]: 39: Hoare triple {7223#false} assume true; {7223#false} is VALID [2022-02-20 17:59:49,465 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {7223#false} {7223#false} #968#return; {7223#false} is VALID [2022-02-20 17:59:49,465 INFO L290 TraceCheckUtils]: 41: Hoare triple {7223#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 21, 0;havoc setup_#t~nondet66#1; {7223#false} is VALID [2022-02-20 17:59:49,465 INFO L290 TraceCheckUtils]: 42: Hoare triple {7223#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {7223#false} is VALID [2022-02-20 17:59:49,465 INFO L290 TraceCheckUtils]: 43: Hoare triple {7223#false} assume !false; {7223#false} is VALID [2022-02-20 17:59:49,465 INFO L290 TraceCheckUtils]: 44: Hoare triple {7223#false} assume test_~splverifierCounter~0#1 < 4; {7223#false} is VALID [2022-02-20 17:59:49,466 INFO L290 TraceCheckUtils]: 45: Hoare triple {7223#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {7223#false} is VALID [2022-02-20 17:59:49,466 INFO L290 TraceCheckUtils]: 46: Hoare triple {7223#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet26#1 && test_#t~nondet26#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet26#1;havoc test_#t~nondet26#1; {7223#false} is VALID [2022-02-20 17:59:49,466 INFO L290 TraceCheckUtils]: 47: Hoare triple {7223#false} assume !(0 != test_~tmp___9~0#1); {7223#false} is VALID [2022-02-20 17:59:49,466 INFO L290 TraceCheckUtils]: 48: Hoare triple {7223#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet27#1 && test_#t~nondet27#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet27#1;havoc test_#t~nondet27#1; {7223#false} is VALID [2022-02-20 17:59:49,466 INFO L290 TraceCheckUtils]: 49: Hoare triple {7223#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {7223#false} is VALID [2022-02-20 17:59:49,466 INFO L290 TraceCheckUtils]: 50: Hoare triple {7223#false} assume !false; {7223#false} is VALID [2022-02-20 17:59:49,466 INFO L290 TraceCheckUtils]: 51: Hoare triple {7223#false} assume !(test_~splverifierCounter~0#1 < 4); {7223#false} is VALID [2022-02-20 17:59:49,467 INFO L290 TraceCheckUtils]: 52: Hoare triple {7223#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_#t~ret61#1, bobToRjh_#t~ret62#1, bobToRjh_~tmp~16#1, bobToRjh_~tmp___0~7#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~16#1;havoc bobToRjh_~tmp___0~7#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret59#1 := puts(17, 0);assume -2147483648 <= bobToRjh_#t~ret59#1 && bobToRjh_#t~ret59#1 <= 2147483647;havoc bobToRjh_#t~ret59#1; {7223#false} is VALID [2022-02-20 17:59:49,467 INFO L272 TraceCheckUtils]: 53: Hoare triple {7223#false} call sendEmail(~bob~0, ~rjh~0); {7223#false} is VALID [2022-02-20 17:59:49,467 INFO L290 TraceCheckUtils]: 54: Hoare triple {7223#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~39#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~39#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {7223#false} is VALID [2022-02-20 17:59:49,467 INFO L272 TraceCheckUtils]: 55: Hoare triple {7223#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {7223#false} is VALID [2022-02-20 17:59:49,467 INFO L290 TraceCheckUtils]: 56: Hoare triple {7223#false} ~handle := #in~handle;~value := #in~value; {7223#false} is VALID [2022-02-20 17:59:49,467 INFO L290 TraceCheckUtils]: 57: Hoare triple {7223#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7223#false} is VALID [2022-02-20 17:59:49,467 INFO L290 TraceCheckUtils]: 58: Hoare triple {7223#false} assume true; {7223#false} is VALID [2022-02-20 17:59:49,468 INFO L284 TraceCheckUtils]: 59: Hoare quadruple {7223#false} {7223#false} #946#return; {7223#false} is VALID [2022-02-20 17:59:49,468 INFO L290 TraceCheckUtils]: 60: Hoare triple {7223#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {7223#false} is VALID [2022-02-20 17:59:49,468 INFO L290 TraceCheckUtils]: 61: Hoare triple {7223#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {7223#false} is VALID [2022-02-20 17:59:49,468 INFO L290 TraceCheckUtils]: 62: Hoare triple {7223#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~39#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~39#1; {7223#false} is VALID [2022-02-20 17:59:49,468 INFO L290 TraceCheckUtils]: 63: Hoare triple {7223#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {7223#false} is VALID [2022-02-20 17:59:49,468 INFO L272 TraceCheckUtils]: 64: Hoare triple {7223#false} call outgoing(~sender#1, ~email~0#1); {7223#false} is VALID [2022-02-20 17:59:49,468 INFO L290 TraceCheckUtils]: 65: Hoare triple {7223#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret18#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~6#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~6#1; {7223#false} is VALID [2022-02-20 17:59:49,469 INFO L272 TraceCheckUtils]: 66: Hoare triple {7223#false} call sign_#t~ret18#1 := getClientPrivateKey(sign_~client#1); {7223#false} is VALID [2022-02-20 17:59:49,469 INFO L290 TraceCheckUtils]: 67: Hoare triple {7223#false} ~handle := #in~handle;havoc ~retValue_acc~28; {7223#false} is VALID [2022-02-20 17:59:49,469 INFO L290 TraceCheckUtils]: 68: Hoare triple {7223#false} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {7223#false} is VALID [2022-02-20 17:59:49,469 INFO L290 TraceCheckUtils]: 69: Hoare triple {7223#false} assume true; {7223#false} is VALID [2022-02-20 17:59:49,469 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {7223#false} {7223#false} #904#return; {7223#false} is VALID [2022-02-20 17:59:49,469 INFO L290 TraceCheckUtils]: 71: Hoare triple {7223#false} assume -2147483648 <= sign_#t~ret18#1 && sign_#t~ret18#1 <= 2147483647;sign_~tmp~6#1 := sign_#t~ret18#1;havoc sign_#t~ret18#1;sign_~privkey~1#1 := sign_~tmp~6#1; {7223#false} is VALID [2022-02-20 17:59:49,470 INFO L290 TraceCheckUtils]: 72: Hoare triple {7223#false} assume 0 == sign_~privkey~1#1; {7223#false} is VALID [2022-02-20 17:59:49,470 INFO L290 TraceCheckUtils]: 73: Hoare triple {7223#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret8#1, outgoing__wrappee__Encrypt_#t~ret9#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~2#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~0#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~2#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~0#1; {7223#false} is VALID [2022-02-20 17:59:49,470 INFO L272 TraceCheckUtils]: 74: Hoare triple {7223#false} call outgoing__wrappee__Encrypt_#t~ret8#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {7223#false} is VALID [2022-02-20 17:59:49,470 INFO L290 TraceCheckUtils]: 75: Hoare triple {7223#false} ~handle := #in~handle;havoc ~retValue_acc~11; {7223#false} is VALID [2022-02-20 17:59:49,470 INFO L290 TraceCheckUtils]: 76: Hoare triple {7223#false} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {7223#false} is VALID [2022-02-20 17:59:49,470 INFO L290 TraceCheckUtils]: 77: Hoare triple {7223#false} assume true; {7223#false} is VALID [2022-02-20 17:59:49,470 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {7223#false} {7223#false} #906#return; {7223#false} is VALID [2022-02-20 17:59:49,471 INFO L290 TraceCheckUtils]: 79: Hoare triple {7223#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret8#1 && outgoing__wrappee__Encrypt_#t~ret8#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~2#1 := outgoing__wrappee__Encrypt_#t~ret8#1;havoc outgoing__wrappee__Encrypt_#t~ret8#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~2#1; {7223#false} is VALID [2022-02-20 17:59:49,471 INFO L272 TraceCheckUtils]: 80: Hoare triple {7223#false} call outgoing__wrappee__Encrypt_#t~ret9#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {7223#false} is VALID [2022-02-20 17:59:49,471 INFO L290 TraceCheckUtils]: 81: Hoare triple {7223#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~33; {7223#false} is VALID [2022-02-20 17:59:49,471 INFO L290 TraceCheckUtils]: 82: Hoare triple {7223#false} assume 1 == ~handle; {7223#false} is VALID [2022-02-20 17:59:49,471 INFO L290 TraceCheckUtils]: 83: Hoare triple {7223#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~33 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~33; {7223#false} is VALID [2022-02-20 17:59:49,471 INFO L290 TraceCheckUtils]: 84: Hoare triple {7223#false} assume true; {7223#false} is VALID [2022-02-20 17:59:49,471 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {7223#false} {7223#false} #908#return; {7223#false} is VALID [2022-02-20 17:59:49,472 INFO L290 TraceCheckUtils]: 86: Hoare triple {7223#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret9#1 && outgoing__wrappee__Encrypt_#t~ret9#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~0#1 := outgoing__wrappee__Encrypt_#t~ret9#1;havoc outgoing__wrappee__Encrypt_#t~ret9#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~0#1; {7223#false} is VALID [2022-02-20 17:59:49,472 INFO L290 TraceCheckUtils]: 87: Hoare triple {7223#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {7223#false} is VALID [2022-02-20 17:59:49,472 INFO L290 TraceCheckUtils]: 88: Hoare triple {7223#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret7#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~1#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~35#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~35#1; {7223#false} is VALID [2022-02-20 17:59:49,472 INFO L290 TraceCheckUtils]: 89: Hoare triple {7223#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~35#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~35#1; {7223#false} is VALID [2022-02-20 17:59:49,472 INFO L290 TraceCheckUtils]: 90: Hoare triple {7223#false} outgoing__wrappee__Keys_#t~ret7#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret7#1 && outgoing__wrappee__Keys_#t~ret7#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~1#1 := outgoing__wrappee__Keys_#t~ret7#1;havoc outgoing__wrappee__Keys_#t~ret7#1; {7223#false} is VALID [2022-02-20 17:59:49,472 INFO L272 TraceCheckUtils]: 91: Hoare triple {7223#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~1#1); {7223#false} is VALID [2022-02-20 17:59:49,472 INFO L290 TraceCheckUtils]: 92: Hoare triple {7223#false} ~handle := #in~handle;~value := #in~value; {7223#false} is VALID [2022-02-20 17:59:49,473 INFO L290 TraceCheckUtils]: 93: Hoare triple {7223#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7223#false} is VALID [2022-02-20 17:59:49,473 INFO L290 TraceCheckUtils]: 94: Hoare triple {7223#false} assume true; {7223#false} is VALID [2022-02-20 17:59:49,473 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {7223#false} {7223#false} #914#return; {7223#false} is VALID [2022-02-20 17:59:49,473 INFO L290 TraceCheckUtils]: 96: Hoare triple {7223#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret5#1, mail_#t~ret6#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~0#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret80#1, __utac_acc__SignForward_spec__1_#t~ret81#1, __utac_acc__SignForward_spec__1_#t~ret82#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~19#1, __utac_acc__SignForward_spec__1_~tmp___0~9#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~19#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~9#1;call __utac_acc__SignForward_spec__1_#t~ret80#1 := puts(25, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret80#1 && __utac_acc__SignForward_spec__1_#t~ret80#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret80#1; {7223#false} is VALID [2022-02-20 17:59:49,473 INFO L272 TraceCheckUtils]: 97: Hoare triple {7223#false} call __utac_acc__SignForward_spec__1_#t~ret81#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {7223#false} is VALID [2022-02-20 17:59:49,473 INFO L290 TraceCheckUtils]: 98: Hoare triple {7223#false} ~handle := #in~handle;havoc ~retValue_acc~16; {7223#false} is VALID [2022-02-20 17:59:49,474 INFO L290 TraceCheckUtils]: 99: Hoare triple {7223#false} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~16; {7223#false} is VALID [2022-02-20 17:59:49,474 INFO L290 TraceCheckUtils]: 100: Hoare triple {7223#false} assume true; {7223#false} is VALID [2022-02-20 17:59:49,474 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {7223#false} {7223#false} #916#return; {7223#false} is VALID [2022-02-20 17:59:49,474 INFO L290 TraceCheckUtils]: 102: Hoare triple {7223#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret81#1 && __utac_acc__SignForward_spec__1_#t~ret81#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~9#1 := __utac_acc__SignForward_spec__1_#t~ret81#1;havoc __utac_acc__SignForward_spec__1_#t~ret81#1; {7223#false} is VALID [2022-02-20 17:59:49,474 INFO L290 TraceCheckUtils]: 103: Hoare triple {7223#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~9#1; {7223#false} is VALID [2022-02-20 17:59:49,474 INFO L272 TraceCheckUtils]: 104: Hoare triple {7223#false} call __utac_acc__SignForward_spec__1_#t~ret82#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {7223#false} is VALID [2022-02-20 17:59:49,474 INFO L290 TraceCheckUtils]: 105: Hoare triple {7223#false} ~handle := #in~handle;havoc ~retValue_acc~28; {7223#false} is VALID [2022-02-20 17:59:49,475 INFO L290 TraceCheckUtils]: 106: Hoare triple {7223#false} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {7223#false} is VALID [2022-02-20 17:59:49,475 INFO L290 TraceCheckUtils]: 107: Hoare triple {7223#false} assume true; {7223#false} is VALID [2022-02-20 17:59:49,475 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {7223#false} {7223#false} #918#return; {7223#false} is VALID [2022-02-20 17:59:49,475 INFO L290 TraceCheckUtils]: 109: Hoare triple {7223#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret82#1 && __utac_acc__SignForward_spec__1_#t~ret82#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~19#1 := __utac_acc__SignForward_spec__1_#t~ret82#1;havoc __utac_acc__SignForward_spec__1_#t~ret82#1; {7223#false} is VALID [2022-02-20 17:59:49,475 INFO L290 TraceCheckUtils]: 110: Hoare triple {7223#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~19#1;assume { :begin_inline___automaton_fail } true; {7223#false} is VALID [2022-02-20 17:59:49,475 INFO L290 TraceCheckUtils]: 111: Hoare triple {7223#false} assume !false; {7223#false} is VALID [2022-02-20 17:59:49,476 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 15 trivial. 0 not checked. [2022-02-20 17:59:49,476 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:59:49,476 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [2134311271] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:49,476 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:59:49,476 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [8] total 11 [2022-02-20 17:59:49,477 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [796234363] [2022-02-20 17:59:49,477 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:49,477 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 18.5) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) Word has length 112 [2022-02-20 17:59:49,478 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:49,478 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 4 states have (on average 18.5) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:59:49,561 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 102 edges. 102 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:49,561 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 17:59:49,561 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:49,562 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 17:59:49,562 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=22, Invalid=88, Unknown=0, NotChecked=0, Total=110 [2022-02-20 17:59:49,562 INFO L87 Difference]: Start difference. First operand 366 states and 551 transitions. Second operand has 5 states, 4 states have (on average 18.5) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:59:50,509 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:50,509 INFO L93 Difference]: Finished difference Result 723 states and 1092 transitions. [2022-02-20 17:59:50,509 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 17:59:50,510 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 18.5) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) Word has length 112 [2022-02-20 17:59:50,510 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:50,510 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 18.5) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:59:50,521 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 936 transitions. [2022-02-20 17:59:50,521 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 18.5) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:59:50,535 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 936 transitions. [2022-02-20 17:59:50,535 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 936 transitions. [2022-02-20 17:59:51,138 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 936 edges. 936 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:51,150 INFO L225 Difference]: With dead ends: 723 [2022-02-20 17:59:51,150 INFO L226 Difference]: Without dead ends: 368 [2022-02-20 17:59:51,151 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 142 GetRequests, 132 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=26, Invalid=106, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:59:51,152 INFO L933 BasicCegarLoop]: 464 mSDtfsCounter, 117 mSDsluCounter, 1256 mSDsCounter, 0 mSdLazyCounter, 34 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 137 SdHoareTripleChecker+Valid, 1720 SdHoareTripleChecker+Invalid, 34 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 34 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:51,153 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [137 Valid, 1720 Invalid, 34 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 34 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:59:51,153 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 368 states. [2022-02-20 17:59:51,213 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 368 to 368. [2022-02-20 17:59:51,213 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:51,215 INFO L82 GeneralOperation]: Start isEquivalent. First operand 368 states. Second operand has 368 states, 283 states have (on average 1.5229681978798586) internal successors, (431), 287 states have internal predecessors, (431), 61 states have call successors, (61), 22 states have call predecessors, (61), 23 states have return successors, (62), 60 states have call predecessors, (62), 60 states have call successors, (62) [2022-02-20 17:59:51,216 INFO L74 IsIncluded]: Start isIncluded. First operand 368 states. Second operand has 368 states, 283 states have (on average 1.5229681978798586) internal successors, (431), 287 states have internal predecessors, (431), 61 states have call successors, (61), 22 states have call predecessors, (61), 23 states have return successors, (62), 60 states have call predecessors, (62), 60 states have call successors, (62) [2022-02-20 17:59:51,217 INFO L87 Difference]: Start difference. First operand 368 states. Second operand has 368 states, 283 states have (on average 1.5229681978798586) internal successors, (431), 287 states have internal predecessors, (431), 61 states have call successors, (61), 22 states have call predecessors, (61), 23 states have return successors, (62), 60 states have call predecessors, (62), 60 states have call successors, (62) [2022-02-20 17:59:51,230 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:51,230 INFO L93 Difference]: Finished difference Result 368 states and 554 transitions. [2022-02-20 17:59:51,231 INFO L276 IsEmpty]: Start isEmpty. Operand 368 states and 554 transitions. [2022-02-20 17:59:51,232 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:51,232 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:51,233 INFO L74 IsIncluded]: Start isIncluded. First operand has 368 states, 283 states have (on average 1.5229681978798586) internal successors, (431), 287 states have internal predecessors, (431), 61 states have call successors, (61), 22 states have call predecessors, (61), 23 states have return successors, (62), 60 states have call predecessors, (62), 60 states have call successors, (62) Second operand 368 states. [2022-02-20 17:59:51,234 INFO L87 Difference]: Start difference. First operand has 368 states, 283 states have (on average 1.5229681978798586) internal successors, (431), 287 states have internal predecessors, (431), 61 states have call successors, (61), 22 states have call predecessors, (61), 23 states have return successors, (62), 60 states have call predecessors, (62), 60 states have call successors, (62) Second operand 368 states. [2022-02-20 17:59:51,247 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:51,247 INFO L93 Difference]: Finished difference Result 368 states and 554 transitions. [2022-02-20 17:59:51,247 INFO L276 IsEmpty]: Start isEmpty. Operand 368 states and 554 transitions. [2022-02-20 17:59:51,258 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:51,258 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:51,259 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:51,259 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:51,260 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 368 states, 283 states have (on average 1.5229681978798586) internal successors, (431), 287 states have internal predecessors, (431), 61 states have call successors, (61), 22 states have call predecessors, (61), 23 states have return successors, (62), 60 states have call predecessors, (62), 60 states have call successors, (62) [2022-02-20 17:59:51,274 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 368 states to 368 states and 554 transitions. [2022-02-20 17:59:51,275 INFO L78 Accepts]: Start accepts. Automaton has 368 states and 554 transitions. Word has length 112 [2022-02-20 17:59:51,275 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:51,275 INFO L470 AbstractCegarLoop]: Abstraction has 368 states and 554 transitions. [2022-02-20 17:59:51,275 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 18.5) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:59:51,275 INFO L276 IsEmpty]: Start isEmpty. Operand 368 states and 554 transitions. [2022-02-20 17:59:51,277 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 114 [2022-02-20 17:59:51,277 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:51,277 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:51,303 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Forceful destruction successful, exit code 0 [2022-02-20 17:59:51,491 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:51,491 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:51,492 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:51,492 INFO L85 PathProgramCache]: Analyzing trace with hash -221648282, now seen corresponding path program 1 times [2022-02-20 17:59:51,492 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:51,492 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [464377332] [2022-02-20 17:59:51,492 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:51,492 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:51,533 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:51,587 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:59:51,591 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:51,593 INFO L290 TraceCheckUtils]: 0: Hoare triple {9953#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9895#true} is VALID [2022-02-20 17:59:51,593 INFO L290 TraceCheckUtils]: 1: Hoare triple {9895#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9895#true} is VALID [2022-02-20 17:59:51,594 INFO L290 TraceCheckUtils]: 2: Hoare triple {9895#true} assume true; {9895#true} is VALID [2022-02-20 17:59:51,594 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9895#true} {9895#true} #958#return; {9895#true} is VALID [2022-02-20 17:59:51,601 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:59:51,602 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:51,605 INFO L290 TraceCheckUtils]: 0: Hoare triple {9954#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9895#true} is VALID [2022-02-20 17:59:51,605 INFO L290 TraceCheckUtils]: 1: Hoare triple {9895#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9895#true} is VALID [2022-02-20 17:59:51,605 INFO L290 TraceCheckUtils]: 2: Hoare triple {9895#true} assume true; {9895#true} is VALID [2022-02-20 17:59:51,605 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9895#true} {9895#true} #960#return; {9895#true} is VALID [2022-02-20 17:59:51,605 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:51,608 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:51,628 INFO L290 TraceCheckUtils]: 0: Hoare triple {9953#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9955#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:51,628 INFO L290 TraceCheckUtils]: 1: Hoare triple {9955#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {9955#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:51,629 INFO L290 TraceCheckUtils]: 2: Hoare triple {9955#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {9956#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:51,629 INFO L290 TraceCheckUtils]: 3: Hoare triple {9956#(= 2 |setClientId_#in~handle|)} assume true; {9956#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:51,630 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {9956#(= 2 |setClientId_#in~handle|)} {9905#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #962#return; {9911#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 17:59:51,630 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:59:51,633 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:51,653 INFO L290 TraceCheckUtils]: 0: Hoare triple {9954#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9957#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:51,654 INFO L290 TraceCheckUtils]: 1: Hoare triple {9957#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9958#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:59:51,654 INFO L290 TraceCheckUtils]: 2: Hoare triple {9958#(= |setClientPrivateKey_#in~handle| 1)} assume true; {9958#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:59:51,655 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9958#(= |setClientPrivateKey_#in~handle| 1)} {9911#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #964#return; {9896#false} is VALID [2022-02-20 17:59:51,655 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2022-02-20 17:59:51,657 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:51,660 INFO L290 TraceCheckUtils]: 0: Hoare triple {9953#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9895#true} is VALID [2022-02-20 17:59:51,660 INFO L290 TraceCheckUtils]: 1: Hoare triple {9895#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9895#true} is VALID [2022-02-20 17:59:51,660 INFO L290 TraceCheckUtils]: 2: Hoare triple {9895#true} assume true; {9895#true} is VALID [2022-02-20 17:59:51,660 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9895#true} {9896#false} #966#return; {9896#false} is VALID [2022-02-20 17:59:51,661 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 37 [2022-02-20 17:59:51,663 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:51,665 INFO L290 TraceCheckUtils]: 0: Hoare triple {9954#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9895#true} is VALID [2022-02-20 17:59:51,665 INFO L290 TraceCheckUtils]: 1: Hoare triple {9895#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9895#true} is VALID [2022-02-20 17:59:51,665 INFO L290 TraceCheckUtils]: 2: Hoare triple {9895#true} assume true; {9895#true} is VALID [2022-02-20 17:59:51,665 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9895#true} {9896#false} #968#return; {9896#false} is VALID [2022-02-20 17:59:51,674 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 56 [2022-02-20 17:59:51,676 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:51,678 INFO L290 TraceCheckUtils]: 0: Hoare triple {9959#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {9895#true} is VALID [2022-02-20 17:59:51,678 INFO L290 TraceCheckUtils]: 1: Hoare triple {9895#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9895#true} is VALID [2022-02-20 17:59:51,678 INFO L290 TraceCheckUtils]: 2: Hoare triple {9895#true} assume true; {9895#true} is VALID [2022-02-20 17:59:51,678 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9895#true} {9896#false} #946#return; {9896#false} is VALID [2022-02-20 17:59:51,679 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 17:59:51,679 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:51,681 INFO L290 TraceCheckUtils]: 0: Hoare triple {9895#true} ~handle := #in~handle;havoc ~retValue_acc~28; {9895#true} is VALID [2022-02-20 17:59:51,682 INFO L290 TraceCheckUtils]: 1: Hoare triple {9895#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {9895#true} is VALID [2022-02-20 17:59:51,682 INFO L290 TraceCheckUtils]: 2: Hoare triple {9895#true} assume true; {9895#true} is VALID [2022-02-20 17:59:51,682 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9895#true} {9896#false} #904#return; {9896#false} is VALID [2022-02-20 17:59:51,682 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 17:59:51,683 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:51,685 INFO L290 TraceCheckUtils]: 0: Hoare triple {9895#true} ~handle := #in~handle;havoc ~retValue_acc~11; {9895#true} is VALID [2022-02-20 17:59:51,685 INFO L290 TraceCheckUtils]: 1: Hoare triple {9895#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {9895#true} is VALID [2022-02-20 17:59:51,685 INFO L290 TraceCheckUtils]: 2: Hoare triple {9895#true} assume true; {9895#true} is VALID [2022-02-20 17:59:51,685 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9895#true} {9896#false} #906#return; {9896#false} is VALID [2022-02-20 17:59:51,685 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81 [2022-02-20 17:59:51,686 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:51,688 INFO L290 TraceCheckUtils]: 0: Hoare triple {9895#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~33; {9895#true} is VALID [2022-02-20 17:59:51,688 INFO L290 TraceCheckUtils]: 1: Hoare triple {9895#true} assume 1 == ~handle; {9895#true} is VALID [2022-02-20 17:59:51,689 INFO L290 TraceCheckUtils]: 2: Hoare triple {9895#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~33 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~33; {9895#true} is VALID [2022-02-20 17:59:51,689 INFO L290 TraceCheckUtils]: 3: Hoare triple {9895#true} assume true; {9895#true} is VALID [2022-02-20 17:59:51,689 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {9895#true} {9896#false} #908#return; {9896#false} is VALID [2022-02-20 17:59:51,689 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 17:59:51,690 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:51,692 INFO L290 TraceCheckUtils]: 0: Hoare triple {9959#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {9895#true} is VALID [2022-02-20 17:59:51,692 INFO L290 TraceCheckUtils]: 1: Hoare triple {9895#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9895#true} is VALID [2022-02-20 17:59:51,692 INFO L290 TraceCheckUtils]: 2: Hoare triple {9895#true} assume true; {9895#true} is VALID [2022-02-20 17:59:51,692 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9895#true} {9896#false} #914#return; {9896#false} is VALID [2022-02-20 17:59:51,693 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 17:59:51,695 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:51,697 INFO L290 TraceCheckUtils]: 0: Hoare triple {9895#true} ~handle := #in~handle;havoc ~retValue_acc~16; {9895#true} is VALID [2022-02-20 17:59:51,697 INFO L290 TraceCheckUtils]: 1: Hoare triple {9895#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~16; {9895#true} is VALID [2022-02-20 17:59:51,697 INFO L290 TraceCheckUtils]: 2: Hoare triple {9895#true} assume true; {9895#true} is VALID [2022-02-20 17:59:51,698 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9895#true} {9896#false} #916#return; {9896#false} is VALID [2022-02-20 17:59:51,698 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 105 [2022-02-20 17:59:51,699 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:51,703 INFO L290 TraceCheckUtils]: 0: Hoare triple {9895#true} ~handle := #in~handle;havoc ~retValue_acc~28; {9895#true} is VALID [2022-02-20 17:59:51,703 INFO L290 TraceCheckUtils]: 1: Hoare triple {9895#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {9895#true} is VALID [2022-02-20 17:59:51,704 INFO L290 TraceCheckUtils]: 2: Hoare triple {9895#true} assume true; {9895#true} is VALID [2022-02-20 17:59:51,704 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9895#true} {9896#false} #918#return; {9896#false} is VALID [2022-02-20 17:59:51,704 INFO L290 TraceCheckUtils]: 0: Hoare triple {9895#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(16, 5);call #Ultimate.allocInit(20, 6);call #Ultimate.allocInit(4, 7);call write~init~int(37, 7, 0, 1);call write~init~int(115, 7, 1, 1);call write~init~int(10, 7, 2, 1);call write~init~int(0, 7, 3, 1);call #Ultimate.allocInit(10, 8);call #Ultimate.allocInit(12, 9);call #Ultimate.allocInit(10, 10);call #Ultimate.allocInit(18, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(21, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(16, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(44, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(11, 21);call #Ultimate.allocInit(19, 22);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(100, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(21, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(25, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {9895#true} is VALID [2022-02-20 17:59:51,704 INFO L290 TraceCheckUtils]: 1: Hoare triple {9895#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet67#1, main_#t~ret68#1, main_~retValue_acc~40#1, main_~tmp~17#1;assume -2147483648 <= main_#t~nondet67#1 && main_#t~nondet67#1 <= 2147483647;main_~retValue_acc~40#1 := main_#t~nondet67#1;havoc main_#t~nondet67#1;havoc main_~tmp~17#1;assume { :begin_inline_select_helpers } true; {9895#true} is VALID [2022-02-20 17:59:51,704 INFO L290 TraceCheckUtils]: 2: Hoare triple {9895#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {9895#true} is VALID [2022-02-20 17:59:51,704 INFO L290 TraceCheckUtils]: 3: Hoare triple {9895#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {9895#true} is VALID [2022-02-20 17:59:51,705 INFO L290 TraceCheckUtils]: 4: Hoare triple {9895#true} main_#t~ret68#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret68#1 && main_#t~ret68#1 <= 2147483647;main_~tmp~17#1 := main_#t~ret68#1;havoc main_#t~ret68#1; {9895#true} is VALID [2022-02-20 17:59:51,705 INFO L290 TraceCheckUtils]: 5: Hoare triple {9895#true} assume 0 != main_~tmp~17#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet64#1, setup_#t~nondet65#1, setup_#t~nondet66#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {9895#true} is VALID [2022-02-20 17:59:51,706 INFO L272 TraceCheckUtils]: 6: Hoare triple {9895#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {9953#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:51,706 INFO L290 TraceCheckUtils]: 7: Hoare triple {9953#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9895#true} is VALID [2022-02-20 17:59:51,706 INFO L290 TraceCheckUtils]: 8: Hoare triple {9895#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9895#true} is VALID [2022-02-20 17:59:51,706 INFO L290 TraceCheckUtils]: 9: Hoare triple {9895#true} assume true; {9895#true} is VALID [2022-02-20 17:59:51,706 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {9895#true} {9895#true} #958#return; {9895#true} is VALID [2022-02-20 17:59:51,706 INFO L290 TraceCheckUtils]: 11: Hoare triple {9895#true} assume { :end_inline_setup_bob__wrappee__Base } true; {9895#true} is VALID [2022-02-20 17:59:51,707 INFO L272 TraceCheckUtils]: 12: Hoare triple {9895#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {9954#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:51,707 INFO L290 TraceCheckUtils]: 13: Hoare triple {9954#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9895#true} is VALID [2022-02-20 17:59:51,707 INFO L290 TraceCheckUtils]: 14: Hoare triple {9895#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9895#true} is VALID [2022-02-20 17:59:51,707 INFO L290 TraceCheckUtils]: 15: Hoare triple {9895#true} assume true; {9895#true} is VALID [2022-02-20 17:59:51,708 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {9895#true} {9895#true} #960#return; {9895#true} is VALID [2022-02-20 17:59:51,708 INFO L290 TraceCheckUtils]: 17: Hoare triple {9895#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 19, 0;havoc setup_#t~nondet64#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {9905#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 17:59:51,709 INFO L272 TraceCheckUtils]: 18: Hoare triple {9905#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {9953#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:51,709 INFO L290 TraceCheckUtils]: 19: Hoare triple {9953#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9955#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:51,710 INFO L290 TraceCheckUtils]: 20: Hoare triple {9955#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {9955#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:51,710 INFO L290 TraceCheckUtils]: 21: Hoare triple {9955#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {9956#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:51,710 INFO L290 TraceCheckUtils]: 22: Hoare triple {9956#(= 2 |setClientId_#in~handle|)} assume true; {9956#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:51,711 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {9956#(= 2 |setClientId_#in~handle|)} {9905#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #962#return; {9911#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 17:59:51,711 INFO L290 TraceCheckUtils]: 24: Hoare triple {9911#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {9911#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 17:59:51,712 INFO L272 TraceCheckUtils]: 25: Hoare triple {9911#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {9954#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:51,712 INFO L290 TraceCheckUtils]: 26: Hoare triple {9954#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9957#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:51,713 INFO L290 TraceCheckUtils]: 27: Hoare triple {9957#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9958#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:59:51,713 INFO L290 TraceCheckUtils]: 28: Hoare triple {9958#(= |setClientPrivateKey_#in~handle| 1)} assume true; {9958#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:59:51,714 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {9958#(= |setClientPrivateKey_#in~handle| 1)} {9911#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #964#return; {9896#false} is VALID [2022-02-20 17:59:51,714 INFO L290 TraceCheckUtils]: 30: Hoare triple {9896#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 20, 0;havoc setup_#t~nondet65#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {9896#false} is VALID [2022-02-20 17:59:51,714 INFO L272 TraceCheckUtils]: 31: Hoare triple {9896#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {9953#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:51,714 INFO L290 TraceCheckUtils]: 32: Hoare triple {9953#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9895#true} is VALID [2022-02-20 17:59:51,714 INFO L290 TraceCheckUtils]: 33: Hoare triple {9895#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9895#true} is VALID [2022-02-20 17:59:51,715 INFO L290 TraceCheckUtils]: 34: Hoare triple {9895#true} assume true; {9895#true} is VALID [2022-02-20 17:59:51,715 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {9895#true} {9896#false} #966#return; {9896#false} is VALID [2022-02-20 17:59:51,715 INFO L290 TraceCheckUtils]: 36: Hoare triple {9896#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {9896#false} is VALID [2022-02-20 17:59:51,715 INFO L272 TraceCheckUtils]: 37: Hoare triple {9896#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {9954#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:51,715 INFO L290 TraceCheckUtils]: 38: Hoare triple {9954#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9895#true} is VALID [2022-02-20 17:59:51,715 INFO L290 TraceCheckUtils]: 39: Hoare triple {9895#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9895#true} is VALID [2022-02-20 17:59:51,715 INFO L290 TraceCheckUtils]: 40: Hoare triple {9895#true} assume true; {9895#true} is VALID [2022-02-20 17:59:51,715 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {9895#true} {9896#false} #968#return; {9896#false} is VALID [2022-02-20 17:59:51,716 INFO L290 TraceCheckUtils]: 42: Hoare triple {9896#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 21, 0;havoc setup_#t~nondet66#1; {9896#false} is VALID [2022-02-20 17:59:51,716 INFO L290 TraceCheckUtils]: 43: Hoare triple {9896#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {9896#false} is VALID [2022-02-20 17:59:51,716 INFO L290 TraceCheckUtils]: 44: Hoare triple {9896#false} assume !false; {9896#false} is VALID [2022-02-20 17:59:51,716 INFO L290 TraceCheckUtils]: 45: Hoare triple {9896#false} assume test_~splverifierCounter~0#1 < 4; {9896#false} is VALID [2022-02-20 17:59:51,716 INFO L290 TraceCheckUtils]: 46: Hoare triple {9896#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {9896#false} is VALID [2022-02-20 17:59:51,716 INFO L290 TraceCheckUtils]: 47: Hoare triple {9896#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet26#1 && test_#t~nondet26#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet26#1;havoc test_#t~nondet26#1; {9896#false} is VALID [2022-02-20 17:59:51,716 INFO L290 TraceCheckUtils]: 48: Hoare triple {9896#false} assume !(0 != test_~tmp___9~0#1); {9896#false} is VALID [2022-02-20 17:59:51,717 INFO L290 TraceCheckUtils]: 49: Hoare triple {9896#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet27#1 && test_#t~nondet27#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet27#1;havoc test_#t~nondet27#1; {9896#false} is VALID [2022-02-20 17:59:51,717 INFO L290 TraceCheckUtils]: 50: Hoare triple {9896#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {9896#false} is VALID [2022-02-20 17:59:51,717 INFO L290 TraceCheckUtils]: 51: Hoare triple {9896#false} assume !false; {9896#false} is VALID [2022-02-20 17:59:51,717 INFO L290 TraceCheckUtils]: 52: Hoare triple {9896#false} assume !(test_~splverifierCounter~0#1 < 4); {9896#false} is VALID [2022-02-20 17:59:51,717 INFO L290 TraceCheckUtils]: 53: Hoare triple {9896#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_#t~ret61#1, bobToRjh_#t~ret62#1, bobToRjh_~tmp~16#1, bobToRjh_~tmp___0~7#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~16#1;havoc bobToRjh_~tmp___0~7#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret59#1 := puts(17, 0);assume -2147483648 <= bobToRjh_#t~ret59#1 && bobToRjh_#t~ret59#1 <= 2147483647;havoc bobToRjh_#t~ret59#1; {9896#false} is VALID [2022-02-20 17:59:51,717 INFO L272 TraceCheckUtils]: 54: Hoare triple {9896#false} call sendEmail(~bob~0, ~rjh~0); {9896#false} is VALID [2022-02-20 17:59:51,717 INFO L290 TraceCheckUtils]: 55: Hoare triple {9896#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~39#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~39#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {9896#false} is VALID [2022-02-20 17:59:51,718 INFO L272 TraceCheckUtils]: 56: Hoare triple {9896#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {9959#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:51,718 INFO L290 TraceCheckUtils]: 57: Hoare triple {9959#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {9895#true} is VALID [2022-02-20 17:59:51,718 INFO L290 TraceCheckUtils]: 58: Hoare triple {9895#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9895#true} is VALID [2022-02-20 17:59:51,718 INFO L290 TraceCheckUtils]: 59: Hoare triple {9895#true} assume true; {9895#true} is VALID [2022-02-20 17:59:51,718 INFO L284 TraceCheckUtils]: 60: Hoare quadruple {9895#true} {9896#false} #946#return; {9896#false} is VALID [2022-02-20 17:59:51,718 INFO L290 TraceCheckUtils]: 61: Hoare triple {9896#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {9896#false} is VALID [2022-02-20 17:59:51,718 INFO L290 TraceCheckUtils]: 62: Hoare triple {9896#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {9896#false} is VALID [2022-02-20 17:59:51,722 INFO L290 TraceCheckUtils]: 63: Hoare triple {9896#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~39#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~39#1; {9896#false} is VALID [2022-02-20 17:59:51,723 INFO L290 TraceCheckUtils]: 64: Hoare triple {9896#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {9896#false} is VALID [2022-02-20 17:59:51,723 INFO L272 TraceCheckUtils]: 65: Hoare triple {9896#false} call outgoing(~sender#1, ~email~0#1); {9896#false} is VALID [2022-02-20 17:59:51,723 INFO L290 TraceCheckUtils]: 66: Hoare triple {9896#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret18#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~6#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~6#1; {9896#false} is VALID [2022-02-20 17:59:51,723 INFO L272 TraceCheckUtils]: 67: Hoare triple {9896#false} call sign_#t~ret18#1 := getClientPrivateKey(sign_~client#1); {9895#true} is VALID [2022-02-20 17:59:51,723 INFO L290 TraceCheckUtils]: 68: Hoare triple {9895#true} ~handle := #in~handle;havoc ~retValue_acc~28; {9895#true} is VALID [2022-02-20 17:59:51,723 INFO L290 TraceCheckUtils]: 69: Hoare triple {9895#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {9895#true} is VALID [2022-02-20 17:59:51,723 INFO L290 TraceCheckUtils]: 70: Hoare triple {9895#true} assume true; {9895#true} is VALID [2022-02-20 17:59:51,724 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {9895#true} {9896#false} #904#return; {9896#false} is VALID [2022-02-20 17:59:51,724 INFO L290 TraceCheckUtils]: 72: Hoare triple {9896#false} assume -2147483648 <= sign_#t~ret18#1 && sign_#t~ret18#1 <= 2147483647;sign_~tmp~6#1 := sign_#t~ret18#1;havoc sign_#t~ret18#1;sign_~privkey~1#1 := sign_~tmp~6#1; {9896#false} is VALID [2022-02-20 17:59:51,724 INFO L290 TraceCheckUtils]: 73: Hoare triple {9896#false} assume 0 == sign_~privkey~1#1; {9896#false} is VALID [2022-02-20 17:59:51,724 INFO L290 TraceCheckUtils]: 74: Hoare triple {9896#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret8#1, outgoing__wrappee__Encrypt_#t~ret9#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~2#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~0#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~2#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~0#1; {9896#false} is VALID [2022-02-20 17:59:51,724 INFO L272 TraceCheckUtils]: 75: Hoare triple {9896#false} call outgoing__wrappee__Encrypt_#t~ret8#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {9895#true} is VALID [2022-02-20 17:59:51,724 INFO L290 TraceCheckUtils]: 76: Hoare triple {9895#true} ~handle := #in~handle;havoc ~retValue_acc~11; {9895#true} is VALID [2022-02-20 17:59:51,724 INFO L290 TraceCheckUtils]: 77: Hoare triple {9895#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {9895#true} is VALID [2022-02-20 17:59:51,725 INFO L290 TraceCheckUtils]: 78: Hoare triple {9895#true} assume true; {9895#true} is VALID [2022-02-20 17:59:51,725 INFO L284 TraceCheckUtils]: 79: Hoare quadruple {9895#true} {9896#false} #906#return; {9896#false} is VALID [2022-02-20 17:59:51,725 INFO L290 TraceCheckUtils]: 80: Hoare triple {9896#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret8#1 && outgoing__wrappee__Encrypt_#t~ret8#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~2#1 := outgoing__wrappee__Encrypt_#t~ret8#1;havoc outgoing__wrappee__Encrypt_#t~ret8#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~2#1; {9896#false} is VALID [2022-02-20 17:59:51,725 INFO L272 TraceCheckUtils]: 81: Hoare triple {9896#false} call outgoing__wrappee__Encrypt_#t~ret9#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {9895#true} is VALID [2022-02-20 17:59:51,725 INFO L290 TraceCheckUtils]: 82: Hoare triple {9895#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~33; {9895#true} is VALID [2022-02-20 17:59:51,725 INFO L290 TraceCheckUtils]: 83: Hoare triple {9895#true} assume 1 == ~handle; {9895#true} is VALID [2022-02-20 17:59:51,725 INFO L290 TraceCheckUtils]: 84: Hoare triple {9895#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~33 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~33; {9895#true} is VALID [2022-02-20 17:59:51,726 INFO L290 TraceCheckUtils]: 85: Hoare triple {9895#true} assume true; {9895#true} is VALID [2022-02-20 17:59:51,726 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {9895#true} {9896#false} #908#return; {9896#false} is VALID [2022-02-20 17:59:51,726 INFO L290 TraceCheckUtils]: 87: Hoare triple {9896#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret9#1 && outgoing__wrappee__Encrypt_#t~ret9#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~0#1 := outgoing__wrappee__Encrypt_#t~ret9#1;havoc outgoing__wrappee__Encrypt_#t~ret9#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~0#1; {9896#false} is VALID [2022-02-20 17:59:51,726 INFO L290 TraceCheckUtils]: 88: Hoare triple {9896#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {9896#false} is VALID [2022-02-20 17:59:51,726 INFO L290 TraceCheckUtils]: 89: Hoare triple {9896#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret7#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~1#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~35#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~35#1; {9896#false} is VALID [2022-02-20 17:59:51,726 INFO L290 TraceCheckUtils]: 90: Hoare triple {9896#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~35#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~35#1; {9896#false} is VALID [2022-02-20 17:59:51,726 INFO L290 TraceCheckUtils]: 91: Hoare triple {9896#false} outgoing__wrappee__Keys_#t~ret7#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret7#1 && outgoing__wrappee__Keys_#t~ret7#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~1#1 := outgoing__wrappee__Keys_#t~ret7#1;havoc outgoing__wrappee__Keys_#t~ret7#1; {9896#false} is VALID [2022-02-20 17:59:51,727 INFO L272 TraceCheckUtils]: 92: Hoare triple {9896#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~1#1); {9959#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:51,727 INFO L290 TraceCheckUtils]: 93: Hoare triple {9959#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {9895#true} is VALID [2022-02-20 17:59:51,727 INFO L290 TraceCheckUtils]: 94: Hoare triple {9895#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9895#true} is VALID [2022-02-20 17:59:51,727 INFO L290 TraceCheckUtils]: 95: Hoare triple {9895#true} assume true; {9895#true} is VALID [2022-02-20 17:59:51,727 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {9895#true} {9896#false} #914#return; {9896#false} is VALID [2022-02-20 17:59:51,727 INFO L290 TraceCheckUtils]: 97: Hoare triple {9896#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret5#1, mail_#t~ret6#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~0#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret80#1, __utac_acc__SignForward_spec__1_#t~ret81#1, __utac_acc__SignForward_spec__1_#t~ret82#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~19#1, __utac_acc__SignForward_spec__1_~tmp___0~9#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~19#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~9#1;call __utac_acc__SignForward_spec__1_#t~ret80#1 := puts(25, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret80#1 && __utac_acc__SignForward_spec__1_#t~ret80#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret80#1; {9896#false} is VALID [2022-02-20 17:59:51,727 INFO L272 TraceCheckUtils]: 98: Hoare triple {9896#false} call __utac_acc__SignForward_spec__1_#t~ret81#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {9895#true} is VALID [2022-02-20 17:59:51,728 INFO L290 TraceCheckUtils]: 99: Hoare triple {9895#true} ~handle := #in~handle;havoc ~retValue_acc~16; {9895#true} is VALID [2022-02-20 17:59:51,728 INFO L290 TraceCheckUtils]: 100: Hoare triple {9895#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~16; {9895#true} is VALID [2022-02-20 17:59:51,728 INFO L290 TraceCheckUtils]: 101: Hoare triple {9895#true} assume true; {9895#true} is VALID [2022-02-20 17:59:51,728 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {9895#true} {9896#false} #916#return; {9896#false} is VALID [2022-02-20 17:59:51,728 INFO L290 TraceCheckUtils]: 103: Hoare triple {9896#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret81#1 && __utac_acc__SignForward_spec__1_#t~ret81#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~9#1 := __utac_acc__SignForward_spec__1_#t~ret81#1;havoc __utac_acc__SignForward_spec__1_#t~ret81#1; {9896#false} is VALID [2022-02-20 17:59:51,728 INFO L290 TraceCheckUtils]: 104: Hoare triple {9896#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~9#1; {9896#false} is VALID [2022-02-20 17:59:51,728 INFO L272 TraceCheckUtils]: 105: Hoare triple {9896#false} call __utac_acc__SignForward_spec__1_#t~ret82#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {9895#true} is VALID [2022-02-20 17:59:51,729 INFO L290 TraceCheckUtils]: 106: Hoare triple {9895#true} ~handle := #in~handle;havoc ~retValue_acc~28; {9895#true} is VALID [2022-02-20 17:59:51,729 INFO L290 TraceCheckUtils]: 107: Hoare triple {9895#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {9895#true} is VALID [2022-02-20 17:59:51,729 INFO L290 TraceCheckUtils]: 108: Hoare triple {9895#true} assume true; {9895#true} is VALID [2022-02-20 17:59:51,729 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {9895#true} {9896#false} #918#return; {9896#false} is VALID [2022-02-20 17:59:51,729 INFO L290 TraceCheckUtils]: 110: Hoare triple {9896#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret82#1 && __utac_acc__SignForward_spec__1_#t~ret82#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~19#1 := __utac_acc__SignForward_spec__1_#t~ret82#1;havoc __utac_acc__SignForward_spec__1_#t~ret82#1; {9896#false} is VALID [2022-02-20 17:59:51,729 INFO L290 TraceCheckUtils]: 111: Hoare triple {9896#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~19#1;assume { :begin_inline___automaton_fail } true; {9896#false} is VALID [2022-02-20 17:59:51,729 INFO L290 TraceCheckUtils]: 112: Hoare triple {9896#false} assume !false; {9896#false} is VALID [2022-02-20 17:59:51,730 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 17:59:51,730 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:51,730 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [464377332] [2022-02-20 17:59:51,730 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [464377332] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:59:51,730 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [876125493] [2022-02-20 17:59:51,731 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:51,731 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:51,731 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:59:51,732 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:59:51,733 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Waiting until timeout for monitored process [2022-02-20 17:59:51,951 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:51,955 INFO L263 TraceCheckSpWp]: Trace formula consists of 1039 conjuncts, 6 conjunts are in the unsatisfiable core [2022-02-20 17:59:52,009 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:52,014 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:59:52,334 INFO L290 TraceCheckUtils]: 0: Hoare triple {9895#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(16, 5);call #Ultimate.allocInit(20, 6);call #Ultimate.allocInit(4, 7);call write~init~int(37, 7, 0, 1);call write~init~int(115, 7, 1, 1);call write~init~int(10, 7, 2, 1);call write~init~int(0, 7, 3, 1);call #Ultimate.allocInit(10, 8);call #Ultimate.allocInit(12, 9);call #Ultimate.allocInit(10, 10);call #Ultimate.allocInit(18, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(21, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(16, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(44, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(11, 21);call #Ultimate.allocInit(19, 22);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(100, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(21, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(25, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {9895#true} is VALID [2022-02-20 17:59:52,335 INFO L290 TraceCheckUtils]: 1: Hoare triple {9895#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet67#1, main_#t~ret68#1, main_~retValue_acc~40#1, main_~tmp~17#1;assume -2147483648 <= main_#t~nondet67#1 && main_#t~nondet67#1 <= 2147483647;main_~retValue_acc~40#1 := main_#t~nondet67#1;havoc main_#t~nondet67#1;havoc main_~tmp~17#1;assume { :begin_inline_select_helpers } true; {9895#true} is VALID [2022-02-20 17:59:52,335 INFO L290 TraceCheckUtils]: 2: Hoare triple {9895#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {9895#true} is VALID [2022-02-20 17:59:52,335 INFO L290 TraceCheckUtils]: 3: Hoare triple {9895#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {9895#true} is VALID [2022-02-20 17:59:52,335 INFO L290 TraceCheckUtils]: 4: Hoare triple {9895#true} main_#t~ret68#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret68#1 && main_#t~ret68#1 <= 2147483647;main_~tmp~17#1 := main_#t~ret68#1;havoc main_#t~ret68#1; {9895#true} is VALID [2022-02-20 17:59:52,335 INFO L290 TraceCheckUtils]: 5: Hoare triple {9895#true} assume 0 != main_~tmp~17#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet64#1, setup_#t~nondet65#1, setup_#t~nondet66#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {9895#true} is VALID [2022-02-20 17:59:52,335 INFO L272 TraceCheckUtils]: 6: Hoare triple {9895#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {9895#true} is VALID [2022-02-20 17:59:52,335 INFO L290 TraceCheckUtils]: 7: Hoare triple {9895#true} ~handle := #in~handle;~value := #in~value; {9895#true} is VALID [2022-02-20 17:59:52,335 INFO L290 TraceCheckUtils]: 8: Hoare triple {9895#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9895#true} is VALID [2022-02-20 17:59:52,335 INFO L290 TraceCheckUtils]: 9: Hoare triple {9895#true} assume true; {9895#true} is VALID [2022-02-20 17:59:52,335 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {9895#true} {9895#true} #958#return; {9895#true} is VALID [2022-02-20 17:59:52,335 INFO L290 TraceCheckUtils]: 11: Hoare triple {9895#true} assume { :end_inline_setup_bob__wrappee__Base } true; {9895#true} is VALID [2022-02-20 17:59:52,335 INFO L272 TraceCheckUtils]: 12: Hoare triple {9895#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {9895#true} is VALID [2022-02-20 17:59:52,335 INFO L290 TraceCheckUtils]: 13: Hoare triple {9895#true} ~handle := #in~handle;~value := #in~value; {9895#true} is VALID [2022-02-20 17:59:52,335 INFO L290 TraceCheckUtils]: 14: Hoare triple {9895#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9895#true} is VALID [2022-02-20 17:59:52,336 INFO L290 TraceCheckUtils]: 15: Hoare triple {9895#true} assume true; {9895#true} is VALID [2022-02-20 17:59:52,336 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {9895#true} {9895#true} #960#return; {9895#true} is VALID [2022-02-20 17:59:52,336 INFO L290 TraceCheckUtils]: 17: Hoare triple {9895#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 19, 0;havoc setup_#t~nondet64#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {10014#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:59:52,336 INFO L272 TraceCheckUtils]: 18: Hoare triple {10014#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {9895#true} is VALID [2022-02-20 17:59:52,336 INFO L290 TraceCheckUtils]: 19: Hoare triple {9895#true} ~handle := #in~handle;~value := #in~value; {9895#true} is VALID [2022-02-20 17:59:52,336 INFO L290 TraceCheckUtils]: 20: Hoare triple {9895#true} assume !(1 == ~handle); {9895#true} is VALID [2022-02-20 17:59:52,336 INFO L290 TraceCheckUtils]: 21: Hoare triple {9895#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {9895#true} is VALID [2022-02-20 17:59:52,337 INFO L290 TraceCheckUtils]: 22: Hoare triple {9895#true} assume true; {9895#true} is VALID [2022-02-20 17:59:52,337 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {9895#true} {10014#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #962#return; {10014#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:59:52,337 INFO L290 TraceCheckUtils]: 24: Hoare triple {10014#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume { :end_inline_setup_rjh__wrappee__Base } true; {10014#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:59:52,337 INFO L272 TraceCheckUtils]: 25: Hoare triple {10014#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {9895#true} is VALID [2022-02-20 17:59:52,338 INFO L290 TraceCheckUtils]: 26: Hoare triple {9895#true} ~handle := #in~handle;~value := #in~value; {10042#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} is VALID [2022-02-20 17:59:52,338 INFO L290 TraceCheckUtils]: 27: Hoare triple {10042#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10046#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:59:52,338 INFO L290 TraceCheckUtils]: 28: Hoare triple {10046#(<= |setClientPrivateKey_#in~handle| 1)} assume true; {10046#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:59:52,339 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {10046#(<= |setClientPrivateKey_#in~handle| 1)} {10014#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #964#return; {9896#false} is VALID [2022-02-20 17:59:52,339 INFO L290 TraceCheckUtils]: 30: Hoare triple {9896#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 20, 0;havoc setup_#t~nondet65#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {9896#false} is VALID [2022-02-20 17:59:52,339 INFO L272 TraceCheckUtils]: 31: Hoare triple {9896#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {9896#false} is VALID [2022-02-20 17:59:52,339 INFO L290 TraceCheckUtils]: 32: Hoare triple {9896#false} ~handle := #in~handle;~value := #in~value; {9896#false} is VALID [2022-02-20 17:59:52,339 INFO L290 TraceCheckUtils]: 33: Hoare triple {9896#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9896#false} is VALID [2022-02-20 17:59:52,339 INFO L290 TraceCheckUtils]: 34: Hoare triple {9896#false} assume true; {9896#false} is VALID [2022-02-20 17:59:52,339 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {9896#false} {9896#false} #966#return; {9896#false} is VALID [2022-02-20 17:59:52,339 INFO L290 TraceCheckUtils]: 36: Hoare triple {9896#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {9896#false} is VALID [2022-02-20 17:59:52,340 INFO L272 TraceCheckUtils]: 37: Hoare triple {9896#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {9896#false} is VALID [2022-02-20 17:59:52,340 INFO L290 TraceCheckUtils]: 38: Hoare triple {9896#false} ~handle := #in~handle;~value := #in~value; {9896#false} is VALID [2022-02-20 17:59:52,340 INFO L290 TraceCheckUtils]: 39: Hoare triple {9896#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9896#false} is VALID [2022-02-20 17:59:52,340 INFO L290 TraceCheckUtils]: 40: Hoare triple {9896#false} assume true; {9896#false} is VALID [2022-02-20 17:59:52,340 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {9896#false} {9896#false} #968#return; {9896#false} is VALID [2022-02-20 17:59:52,340 INFO L290 TraceCheckUtils]: 42: Hoare triple {9896#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 21, 0;havoc setup_#t~nondet66#1; {9896#false} is VALID [2022-02-20 17:59:52,340 INFO L290 TraceCheckUtils]: 43: Hoare triple {9896#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {9896#false} is VALID [2022-02-20 17:59:52,340 INFO L290 TraceCheckUtils]: 44: Hoare triple {9896#false} assume !false; {9896#false} is VALID [2022-02-20 17:59:52,340 INFO L290 TraceCheckUtils]: 45: Hoare triple {9896#false} assume test_~splverifierCounter~0#1 < 4; {9896#false} is VALID [2022-02-20 17:59:52,340 INFO L290 TraceCheckUtils]: 46: Hoare triple {9896#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {9896#false} is VALID [2022-02-20 17:59:52,340 INFO L290 TraceCheckUtils]: 47: Hoare triple {9896#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet26#1 && test_#t~nondet26#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet26#1;havoc test_#t~nondet26#1; {9896#false} is VALID [2022-02-20 17:59:52,340 INFO L290 TraceCheckUtils]: 48: Hoare triple {9896#false} assume !(0 != test_~tmp___9~0#1); {9896#false} is VALID [2022-02-20 17:59:52,340 INFO L290 TraceCheckUtils]: 49: Hoare triple {9896#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet27#1 && test_#t~nondet27#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet27#1;havoc test_#t~nondet27#1; {9896#false} is VALID [2022-02-20 17:59:52,340 INFO L290 TraceCheckUtils]: 50: Hoare triple {9896#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {9896#false} is VALID [2022-02-20 17:59:52,340 INFO L290 TraceCheckUtils]: 51: Hoare triple {9896#false} assume !false; {9896#false} is VALID [2022-02-20 17:59:52,340 INFO L290 TraceCheckUtils]: 52: Hoare triple {9896#false} assume !(test_~splverifierCounter~0#1 < 4); {9896#false} is VALID [2022-02-20 17:59:52,341 INFO L290 TraceCheckUtils]: 53: Hoare triple {9896#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_#t~ret61#1, bobToRjh_#t~ret62#1, bobToRjh_~tmp~16#1, bobToRjh_~tmp___0~7#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~16#1;havoc bobToRjh_~tmp___0~7#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret59#1 := puts(17, 0);assume -2147483648 <= bobToRjh_#t~ret59#1 && bobToRjh_#t~ret59#1 <= 2147483647;havoc bobToRjh_#t~ret59#1; {9896#false} is VALID [2022-02-20 17:59:52,341 INFO L272 TraceCheckUtils]: 54: Hoare triple {9896#false} call sendEmail(~bob~0, ~rjh~0); {9896#false} is VALID [2022-02-20 17:59:52,341 INFO L290 TraceCheckUtils]: 55: Hoare triple {9896#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~39#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~39#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {9896#false} is VALID [2022-02-20 17:59:52,341 INFO L272 TraceCheckUtils]: 56: Hoare triple {9896#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {9896#false} is VALID [2022-02-20 17:59:52,341 INFO L290 TraceCheckUtils]: 57: Hoare triple {9896#false} ~handle := #in~handle;~value := #in~value; {9896#false} is VALID [2022-02-20 17:59:52,342 INFO L290 TraceCheckUtils]: 58: Hoare triple {9896#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9896#false} is VALID [2022-02-20 17:59:52,342 INFO L290 TraceCheckUtils]: 59: Hoare triple {9896#false} assume true; {9896#false} is VALID [2022-02-20 17:59:52,342 INFO L284 TraceCheckUtils]: 60: Hoare quadruple {9896#false} {9896#false} #946#return; {9896#false} is VALID [2022-02-20 17:59:52,342 INFO L290 TraceCheckUtils]: 61: Hoare triple {9896#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {9896#false} is VALID [2022-02-20 17:59:52,342 INFO L290 TraceCheckUtils]: 62: Hoare triple {9896#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {9896#false} is VALID [2022-02-20 17:59:52,342 INFO L290 TraceCheckUtils]: 63: Hoare triple {9896#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~39#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~39#1; {9896#false} is VALID [2022-02-20 17:59:52,342 INFO L290 TraceCheckUtils]: 64: Hoare triple {9896#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {9896#false} is VALID [2022-02-20 17:59:52,342 INFO L272 TraceCheckUtils]: 65: Hoare triple {9896#false} call outgoing(~sender#1, ~email~0#1); {9896#false} is VALID [2022-02-20 17:59:52,342 INFO L290 TraceCheckUtils]: 66: Hoare triple {9896#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret18#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~6#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~6#1; {9896#false} is VALID [2022-02-20 17:59:52,342 INFO L272 TraceCheckUtils]: 67: Hoare triple {9896#false} call sign_#t~ret18#1 := getClientPrivateKey(sign_~client#1); {9896#false} is VALID [2022-02-20 17:59:52,342 INFO L290 TraceCheckUtils]: 68: Hoare triple {9896#false} ~handle := #in~handle;havoc ~retValue_acc~28; {9896#false} is VALID [2022-02-20 17:59:52,342 INFO L290 TraceCheckUtils]: 69: Hoare triple {9896#false} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {9896#false} is VALID [2022-02-20 17:59:52,343 INFO L290 TraceCheckUtils]: 70: Hoare triple {9896#false} assume true; {9896#false} is VALID [2022-02-20 17:59:52,343 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {9896#false} {9896#false} #904#return; {9896#false} is VALID [2022-02-20 17:59:52,343 INFO L290 TraceCheckUtils]: 72: Hoare triple {9896#false} assume -2147483648 <= sign_#t~ret18#1 && sign_#t~ret18#1 <= 2147483647;sign_~tmp~6#1 := sign_#t~ret18#1;havoc sign_#t~ret18#1;sign_~privkey~1#1 := sign_~tmp~6#1; {9896#false} is VALID [2022-02-20 17:59:52,343 INFO L290 TraceCheckUtils]: 73: Hoare triple {9896#false} assume 0 == sign_~privkey~1#1; {9896#false} is VALID [2022-02-20 17:59:52,343 INFO L290 TraceCheckUtils]: 74: Hoare triple {9896#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret8#1, outgoing__wrappee__Encrypt_#t~ret9#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~2#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~0#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~2#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~0#1; {9896#false} is VALID [2022-02-20 17:59:52,343 INFO L272 TraceCheckUtils]: 75: Hoare triple {9896#false} call outgoing__wrappee__Encrypt_#t~ret8#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {9896#false} is VALID [2022-02-20 17:59:52,343 INFO L290 TraceCheckUtils]: 76: Hoare triple {9896#false} ~handle := #in~handle;havoc ~retValue_acc~11; {9896#false} is VALID [2022-02-20 17:59:52,343 INFO L290 TraceCheckUtils]: 77: Hoare triple {9896#false} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {9896#false} is VALID [2022-02-20 17:59:52,343 INFO L290 TraceCheckUtils]: 78: Hoare triple {9896#false} assume true; {9896#false} is VALID [2022-02-20 17:59:52,343 INFO L284 TraceCheckUtils]: 79: Hoare quadruple {9896#false} {9896#false} #906#return; {9896#false} is VALID [2022-02-20 17:59:52,343 INFO L290 TraceCheckUtils]: 80: Hoare triple {9896#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret8#1 && outgoing__wrappee__Encrypt_#t~ret8#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~2#1 := outgoing__wrappee__Encrypt_#t~ret8#1;havoc outgoing__wrappee__Encrypt_#t~ret8#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~2#1; {9896#false} is VALID [2022-02-20 17:59:52,347 INFO L272 TraceCheckUtils]: 81: Hoare triple {9896#false} call outgoing__wrappee__Encrypt_#t~ret9#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {9896#false} is VALID [2022-02-20 17:59:52,347 INFO L290 TraceCheckUtils]: 82: Hoare triple {9896#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~33; {9896#false} is VALID [2022-02-20 17:59:52,347 INFO L290 TraceCheckUtils]: 83: Hoare triple {9896#false} assume 1 == ~handle; {9896#false} is VALID [2022-02-20 17:59:52,348 INFO L290 TraceCheckUtils]: 84: Hoare triple {9896#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~33 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~33; {9896#false} is VALID [2022-02-20 17:59:52,348 INFO L290 TraceCheckUtils]: 85: Hoare triple {9896#false} assume true; {9896#false} is VALID [2022-02-20 17:59:52,348 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {9896#false} {9896#false} #908#return; {9896#false} is VALID [2022-02-20 17:59:52,348 INFO L290 TraceCheckUtils]: 87: Hoare triple {9896#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret9#1 && outgoing__wrappee__Encrypt_#t~ret9#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~0#1 := outgoing__wrappee__Encrypt_#t~ret9#1;havoc outgoing__wrappee__Encrypt_#t~ret9#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~0#1; {9896#false} is VALID [2022-02-20 17:59:52,348 INFO L290 TraceCheckUtils]: 88: Hoare triple {9896#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {9896#false} is VALID [2022-02-20 17:59:52,348 INFO L290 TraceCheckUtils]: 89: Hoare triple {9896#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret7#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~1#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~35#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~35#1; {9896#false} is VALID [2022-02-20 17:59:52,349 INFO L290 TraceCheckUtils]: 90: Hoare triple {9896#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~35#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~35#1; {9896#false} is VALID [2022-02-20 17:59:52,349 INFO L290 TraceCheckUtils]: 91: Hoare triple {9896#false} outgoing__wrappee__Keys_#t~ret7#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret7#1 && outgoing__wrappee__Keys_#t~ret7#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~1#1 := outgoing__wrappee__Keys_#t~ret7#1;havoc outgoing__wrappee__Keys_#t~ret7#1; {9896#false} is VALID [2022-02-20 17:59:52,349 INFO L272 TraceCheckUtils]: 92: Hoare triple {9896#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~1#1); {9896#false} is VALID [2022-02-20 17:59:52,349 INFO L290 TraceCheckUtils]: 93: Hoare triple {9896#false} ~handle := #in~handle;~value := #in~value; {9896#false} is VALID [2022-02-20 17:59:52,349 INFO L290 TraceCheckUtils]: 94: Hoare triple {9896#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9896#false} is VALID [2022-02-20 17:59:52,349 INFO L290 TraceCheckUtils]: 95: Hoare triple {9896#false} assume true; {9896#false} is VALID [2022-02-20 17:59:52,349 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {9896#false} {9896#false} #914#return; {9896#false} is VALID [2022-02-20 17:59:52,350 INFO L290 TraceCheckUtils]: 97: Hoare triple {9896#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret5#1, mail_#t~ret6#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~0#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret80#1, __utac_acc__SignForward_spec__1_#t~ret81#1, __utac_acc__SignForward_spec__1_#t~ret82#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~19#1, __utac_acc__SignForward_spec__1_~tmp___0~9#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~19#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~9#1;call __utac_acc__SignForward_spec__1_#t~ret80#1 := puts(25, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret80#1 && __utac_acc__SignForward_spec__1_#t~ret80#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret80#1; {9896#false} is VALID [2022-02-20 17:59:52,350 INFO L272 TraceCheckUtils]: 98: Hoare triple {9896#false} call __utac_acc__SignForward_spec__1_#t~ret81#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {9896#false} is VALID [2022-02-20 17:59:52,350 INFO L290 TraceCheckUtils]: 99: Hoare triple {9896#false} ~handle := #in~handle;havoc ~retValue_acc~16; {9896#false} is VALID [2022-02-20 17:59:52,350 INFO L290 TraceCheckUtils]: 100: Hoare triple {9896#false} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~16; {9896#false} is VALID [2022-02-20 17:59:52,350 INFO L290 TraceCheckUtils]: 101: Hoare triple {9896#false} assume true; {9896#false} is VALID [2022-02-20 17:59:52,350 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {9896#false} {9896#false} #916#return; {9896#false} is VALID [2022-02-20 17:59:52,350 INFO L290 TraceCheckUtils]: 103: Hoare triple {9896#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret81#1 && __utac_acc__SignForward_spec__1_#t~ret81#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~9#1 := __utac_acc__SignForward_spec__1_#t~ret81#1;havoc __utac_acc__SignForward_spec__1_#t~ret81#1; {9896#false} is VALID [2022-02-20 17:59:52,351 INFO L290 TraceCheckUtils]: 104: Hoare triple {9896#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~9#1; {9896#false} is VALID [2022-02-20 17:59:52,351 INFO L272 TraceCheckUtils]: 105: Hoare triple {9896#false} call __utac_acc__SignForward_spec__1_#t~ret82#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {9896#false} is VALID [2022-02-20 17:59:52,351 INFO L290 TraceCheckUtils]: 106: Hoare triple {9896#false} ~handle := #in~handle;havoc ~retValue_acc~28; {9896#false} is VALID [2022-02-20 17:59:52,351 INFO L290 TraceCheckUtils]: 107: Hoare triple {9896#false} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {9896#false} is VALID [2022-02-20 17:59:52,351 INFO L290 TraceCheckUtils]: 108: Hoare triple {9896#false} assume true; {9896#false} is VALID [2022-02-20 17:59:52,351 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {9896#false} {9896#false} #918#return; {9896#false} is VALID [2022-02-20 17:59:52,351 INFO L290 TraceCheckUtils]: 110: Hoare triple {9896#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret82#1 && __utac_acc__SignForward_spec__1_#t~ret82#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~19#1 := __utac_acc__SignForward_spec__1_#t~ret82#1;havoc __utac_acc__SignForward_spec__1_#t~ret82#1; {9896#false} is VALID [2022-02-20 17:59:52,352 INFO L290 TraceCheckUtils]: 111: Hoare triple {9896#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~19#1;assume { :begin_inline___automaton_fail } true; {9896#false} is VALID [2022-02-20 17:59:52,352 INFO L290 TraceCheckUtils]: 112: Hoare triple {9896#false} assume !false; {9896#false} is VALID [2022-02-20 17:59:52,352 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 15 trivial. 0 not checked. [2022-02-20 17:59:52,352 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:59:52,352 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [876125493] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:52,353 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:59:52,353 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [11] total 14 [2022-02-20 17:59:52,353 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1498851567] [2022-02-20 17:59:52,353 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:52,354 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 15.2) internal successors, (76), 5 states have internal predecessors, (76), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) Word has length 113 [2022-02-20 17:59:52,354 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:52,354 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 15.2) internal successors, (76), 5 states have internal predecessors, (76), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:59:52,466 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 104 edges. 104 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:52,466 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 17:59:52,467 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:52,467 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 17:59:52,476 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=28, Invalid=154, Unknown=0, NotChecked=0, Total=182 [2022-02-20 17:59:52,476 INFO L87 Difference]: Start difference. First operand 368 states and 554 transitions. Second operand has 5 states, 5 states have (on average 15.2) internal successors, (76), 5 states have internal predecessors, (76), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:59:53,392 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:53,392 INFO L93 Difference]: Finished difference Result 725 states and 1097 transitions. [2022-02-20 17:59:53,392 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 17:59:53,393 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 15.2) internal successors, (76), 5 states have internal predecessors, (76), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) Word has length 113 [2022-02-20 17:59:53,393 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:53,393 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 15.2) internal successors, (76), 5 states have internal predecessors, (76), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:59:53,402 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 935 transitions. [2022-02-20 17:59:53,402 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 15.2) internal successors, (76), 5 states have internal predecessors, (76), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:59:53,411 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 935 transitions. [2022-02-20 17:59:53,411 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 935 transitions. [2022-02-20 17:59:54,084 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 935 edges. 935 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:54,096 INFO L225 Difference]: With dead ends: 725 [2022-02-20 17:59:54,096 INFO L226 Difference]: Without dead ends: 370 [2022-02-20 17:59:54,097 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 145 GetRequests, 132 SyntacticMatches, 0 SemanticMatches, 13 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=32, Invalid=178, Unknown=0, NotChecked=0, Total=210 [2022-02-20 17:59:54,098 INFO L933 BasicCegarLoop]: 462 mSDtfsCounter, 116 mSDsluCounter, 1247 mSDsCounter, 0 mSdLazyCounter, 45 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 136 SdHoareTripleChecker+Valid, 1709 SdHoareTripleChecker+Invalid, 45 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 45 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:54,099 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [136 Valid, 1709 Invalid, 45 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 45 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:59:54,099 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 370 states. [2022-02-20 17:59:54,186 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 370 to 370. [2022-02-20 17:59:54,186 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:54,187 INFO L82 GeneralOperation]: Start isEquivalent. First operand 370 states. Second operand has 370 states, 284 states have (on average 1.5211267605633803) internal successors, (432), 289 states have internal predecessors, (432), 61 states have call successors, (61), 22 states have call predecessors, (61), 24 states have return successors, (67), 60 states have call predecessors, (67), 60 states have call successors, (67) [2022-02-20 17:59:54,188 INFO L74 IsIncluded]: Start isIncluded. First operand 370 states. Second operand has 370 states, 284 states have (on average 1.5211267605633803) internal successors, (432), 289 states have internal predecessors, (432), 61 states have call successors, (61), 22 states have call predecessors, (61), 24 states have return successors, (67), 60 states have call predecessors, (67), 60 states have call successors, (67) [2022-02-20 17:59:54,189 INFO L87 Difference]: Start difference. First operand 370 states. Second operand has 370 states, 284 states have (on average 1.5211267605633803) internal successors, (432), 289 states have internal predecessors, (432), 61 states have call successors, (61), 22 states have call predecessors, (61), 24 states have return successors, (67), 60 states have call predecessors, (67), 60 states have call successors, (67) [2022-02-20 17:59:54,201 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:54,202 INFO L93 Difference]: Finished difference Result 370 states and 560 transitions. [2022-02-20 17:59:54,202 INFO L276 IsEmpty]: Start isEmpty. Operand 370 states and 560 transitions. [2022-02-20 17:59:54,203 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:54,204 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:54,205 INFO L74 IsIncluded]: Start isIncluded. First operand has 370 states, 284 states have (on average 1.5211267605633803) internal successors, (432), 289 states have internal predecessors, (432), 61 states have call successors, (61), 22 states have call predecessors, (61), 24 states have return successors, (67), 60 states have call predecessors, (67), 60 states have call successors, (67) Second operand 370 states. [2022-02-20 17:59:54,206 INFO L87 Difference]: Start difference. First operand has 370 states, 284 states have (on average 1.5211267605633803) internal successors, (432), 289 states have internal predecessors, (432), 61 states have call successors, (61), 22 states have call predecessors, (61), 24 states have return successors, (67), 60 states have call predecessors, (67), 60 states have call successors, (67) Second operand 370 states. [2022-02-20 17:59:54,219 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:54,219 INFO L93 Difference]: Finished difference Result 370 states and 560 transitions. [2022-02-20 17:59:54,219 INFO L276 IsEmpty]: Start isEmpty. Operand 370 states and 560 transitions. [2022-02-20 17:59:54,221 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:54,221 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:54,221 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:54,221 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:54,223 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 370 states, 284 states have (on average 1.5211267605633803) internal successors, (432), 289 states have internal predecessors, (432), 61 states have call successors, (61), 22 states have call predecessors, (61), 24 states have return successors, (67), 60 states have call predecessors, (67), 60 states have call successors, (67) [2022-02-20 17:59:54,239 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 370 states to 370 states and 560 transitions. [2022-02-20 17:59:54,240 INFO L78 Accepts]: Start accepts. Automaton has 370 states and 560 transitions. Word has length 113 [2022-02-20 17:59:54,240 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:54,240 INFO L470 AbstractCegarLoop]: Abstraction has 370 states and 560 transitions. [2022-02-20 17:59:54,240 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 15.2) internal successors, (76), 5 states have internal predecessors, (76), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:59:54,240 INFO L276 IsEmpty]: Start isEmpty. Operand 370 states and 560 transitions. [2022-02-20 17:59:54,242 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 115 [2022-02-20 17:59:54,242 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:54,243 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:54,269 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Forceful destruction successful, exit code 0 [2022-02-20 17:59:54,467 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4,6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:54,468 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:54,468 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:54,468 INFO L85 PathProgramCache]: Analyzing trace with hash -1645047527, now seen corresponding path program 1 times [2022-02-20 17:59:54,468 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:54,468 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1918307095] [2022-02-20 17:59:54,468 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:54,468 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:54,503 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:54,536 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:59:54,538 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:54,540 INFO L290 TraceCheckUtils]: 0: Hoare triple {12639#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12581#true} is VALID [2022-02-20 17:59:54,540 INFO L290 TraceCheckUtils]: 1: Hoare triple {12581#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12581#true} is VALID [2022-02-20 17:59:54,540 INFO L290 TraceCheckUtils]: 2: Hoare triple {12581#true} assume true; {12581#true} is VALID [2022-02-20 17:59:54,540 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12581#true} {12581#true} #958#return; {12581#true} is VALID [2022-02-20 17:59:54,547 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:59:54,549 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:54,552 INFO L290 TraceCheckUtils]: 0: Hoare triple {12640#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12581#true} is VALID [2022-02-20 17:59:54,552 INFO L290 TraceCheckUtils]: 1: Hoare triple {12581#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12581#true} is VALID [2022-02-20 17:59:54,552 INFO L290 TraceCheckUtils]: 2: Hoare triple {12581#true} assume true; {12581#true} is VALID [2022-02-20 17:59:54,552 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12581#true} {12581#true} #960#return; {12581#true} is VALID [2022-02-20 17:59:54,552 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:54,555 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:54,557 INFO L290 TraceCheckUtils]: 0: Hoare triple {12639#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12581#true} is VALID [2022-02-20 17:59:54,557 INFO L290 TraceCheckUtils]: 1: Hoare triple {12581#true} assume !(1 == ~handle); {12581#true} is VALID [2022-02-20 17:59:54,557 INFO L290 TraceCheckUtils]: 2: Hoare triple {12581#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {12581#true} is VALID [2022-02-20 17:59:54,557 INFO L290 TraceCheckUtils]: 3: Hoare triple {12581#true} assume true; {12581#true} is VALID [2022-02-20 17:59:54,557 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {12581#true} {12581#true} #962#return; {12581#true} is VALID [2022-02-20 17:59:54,558 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:59:54,559 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:54,562 INFO L290 TraceCheckUtils]: 0: Hoare triple {12640#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12581#true} is VALID [2022-02-20 17:59:54,562 INFO L290 TraceCheckUtils]: 1: Hoare triple {12581#true} assume !(1 == ~handle); {12581#true} is VALID [2022-02-20 17:59:54,562 INFO L290 TraceCheckUtils]: 2: Hoare triple {12581#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {12581#true} is VALID [2022-02-20 17:59:54,562 INFO L290 TraceCheckUtils]: 3: Hoare triple {12581#true} assume true; {12581#true} is VALID [2022-02-20 17:59:54,562 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {12581#true} {12581#true} #964#return; {12581#true} is VALID [2022-02-20 17:59:54,562 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:59:54,565 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:54,579 INFO L290 TraceCheckUtils]: 0: Hoare triple {12639#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12641#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:54,579 INFO L290 TraceCheckUtils]: 1: Hoare triple {12641#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12642#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:54,580 INFO L290 TraceCheckUtils]: 2: Hoare triple {12642#(= |setClientId_#in~handle| 1)} assume true; {12642#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:54,580 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12642#(= |setClientId_#in~handle| 1)} {12601#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #966#return; {12582#false} is VALID [2022-02-20 17:59:54,580 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:59:54,582 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:54,584 INFO L290 TraceCheckUtils]: 0: Hoare triple {12640#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12581#true} is VALID [2022-02-20 17:59:54,585 INFO L290 TraceCheckUtils]: 1: Hoare triple {12581#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12581#true} is VALID [2022-02-20 17:59:54,585 INFO L290 TraceCheckUtils]: 2: Hoare triple {12581#true} assume true; {12581#true} is VALID [2022-02-20 17:59:54,585 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12581#true} {12582#false} #968#return; {12582#false} is VALID [2022-02-20 17:59:54,592 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 17:59:54,595 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:54,597 INFO L290 TraceCheckUtils]: 0: Hoare triple {12643#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12581#true} is VALID [2022-02-20 17:59:54,598 INFO L290 TraceCheckUtils]: 1: Hoare triple {12581#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12581#true} is VALID [2022-02-20 17:59:54,598 INFO L290 TraceCheckUtils]: 2: Hoare triple {12581#true} assume true; {12581#true} is VALID [2022-02-20 17:59:54,598 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12581#true} {12582#false} #946#return; {12582#false} is VALID [2022-02-20 17:59:54,598 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 17:59:54,599 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:54,601 INFO L290 TraceCheckUtils]: 0: Hoare triple {12581#true} ~handle := #in~handle;havoc ~retValue_acc~28; {12581#true} is VALID [2022-02-20 17:59:54,601 INFO L290 TraceCheckUtils]: 1: Hoare triple {12581#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {12581#true} is VALID [2022-02-20 17:59:54,601 INFO L290 TraceCheckUtils]: 2: Hoare triple {12581#true} assume true; {12581#true} is VALID [2022-02-20 17:59:54,601 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12581#true} {12582#false} #904#return; {12582#false} is VALID [2022-02-20 17:59:54,601 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 76 [2022-02-20 17:59:54,602 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:54,604 INFO L290 TraceCheckUtils]: 0: Hoare triple {12581#true} ~handle := #in~handle;havoc ~retValue_acc~11; {12581#true} is VALID [2022-02-20 17:59:54,604 INFO L290 TraceCheckUtils]: 1: Hoare triple {12581#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {12581#true} is VALID [2022-02-20 17:59:54,604 INFO L290 TraceCheckUtils]: 2: Hoare triple {12581#true} assume true; {12581#true} is VALID [2022-02-20 17:59:54,604 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12581#true} {12582#false} #906#return; {12582#false} is VALID [2022-02-20 17:59:54,605 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82 [2022-02-20 17:59:54,607 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:54,609 INFO L290 TraceCheckUtils]: 0: Hoare triple {12581#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~33; {12581#true} is VALID [2022-02-20 17:59:54,609 INFO L290 TraceCheckUtils]: 1: Hoare triple {12581#true} assume 1 == ~handle; {12581#true} is VALID [2022-02-20 17:59:54,609 INFO L290 TraceCheckUtils]: 2: Hoare triple {12581#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~33 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~33; {12581#true} is VALID [2022-02-20 17:59:54,609 INFO L290 TraceCheckUtils]: 3: Hoare triple {12581#true} assume true; {12581#true} is VALID [2022-02-20 17:59:54,609 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {12581#true} {12582#false} #908#return; {12582#false} is VALID [2022-02-20 17:59:54,610 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 17:59:54,611 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:54,613 INFO L290 TraceCheckUtils]: 0: Hoare triple {12643#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12581#true} is VALID [2022-02-20 17:59:54,613 INFO L290 TraceCheckUtils]: 1: Hoare triple {12581#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12581#true} is VALID [2022-02-20 17:59:54,613 INFO L290 TraceCheckUtils]: 2: Hoare triple {12581#true} assume true; {12581#true} is VALID [2022-02-20 17:59:54,613 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12581#true} {12582#false} #914#return; {12582#false} is VALID [2022-02-20 17:59:54,613 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99 [2022-02-20 17:59:54,614 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:54,616 INFO L290 TraceCheckUtils]: 0: Hoare triple {12581#true} ~handle := #in~handle;havoc ~retValue_acc~16; {12581#true} is VALID [2022-02-20 17:59:54,617 INFO L290 TraceCheckUtils]: 1: Hoare triple {12581#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~16; {12581#true} is VALID [2022-02-20 17:59:54,617 INFO L290 TraceCheckUtils]: 2: Hoare triple {12581#true} assume true; {12581#true} is VALID [2022-02-20 17:59:54,617 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12581#true} {12582#false} #916#return; {12582#false} is VALID [2022-02-20 17:59:54,617 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 106 [2022-02-20 17:59:54,618 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:54,619 INFO L290 TraceCheckUtils]: 0: Hoare triple {12581#true} ~handle := #in~handle;havoc ~retValue_acc~28; {12581#true} is VALID [2022-02-20 17:59:54,620 INFO L290 TraceCheckUtils]: 1: Hoare triple {12581#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {12581#true} is VALID [2022-02-20 17:59:54,620 INFO L290 TraceCheckUtils]: 2: Hoare triple {12581#true} assume true; {12581#true} is VALID [2022-02-20 17:59:54,620 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12581#true} {12582#false} #918#return; {12582#false} is VALID [2022-02-20 17:59:54,620 INFO L290 TraceCheckUtils]: 0: Hoare triple {12581#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(16, 5);call #Ultimate.allocInit(20, 6);call #Ultimate.allocInit(4, 7);call write~init~int(37, 7, 0, 1);call write~init~int(115, 7, 1, 1);call write~init~int(10, 7, 2, 1);call write~init~int(0, 7, 3, 1);call #Ultimate.allocInit(10, 8);call #Ultimate.allocInit(12, 9);call #Ultimate.allocInit(10, 10);call #Ultimate.allocInit(18, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(21, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(16, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(44, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(11, 21);call #Ultimate.allocInit(19, 22);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(100, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(21, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(25, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {12581#true} is VALID [2022-02-20 17:59:54,620 INFO L290 TraceCheckUtils]: 1: Hoare triple {12581#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet67#1, main_#t~ret68#1, main_~retValue_acc~40#1, main_~tmp~17#1;assume -2147483648 <= main_#t~nondet67#1 && main_#t~nondet67#1 <= 2147483647;main_~retValue_acc~40#1 := main_#t~nondet67#1;havoc main_#t~nondet67#1;havoc main_~tmp~17#1;assume { :begin_inline_select_helpers } true; {12581#true} is VALID [2022-02-20 17:59:54,621 INFO L290 TraceCheckUtils]: 2: Hoare triple {12581#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {12581#true} is VALID [2022-02-20 17:59:54,621 INFO L290 TraceCheckUtils]: 3: Hoare triple {12581#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {12581#true} is VALID [2022-02-20 17:59:54,621 INFO L290 TraceCheckUtils]: 4: Hoare triple {12581#true} main_#t~ret68#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret68#1 && main_#t~ret68#1 <= 2147483647;main_~tmp~17#1 := main_#t~ret68#1;havoc main_#t~ret68#1; {12581#true} is VALID [2022-02-20 17:59:54,621 INFO L290 TraceCheckUtils]: 5: Hoare triple {12581#true} assume 0 != main_~tmp~17#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet64#1, setup_#t~nondet65#1, setup_#t~nondet66#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {12581#true} is VALID [2022-02-20 17:59:54,622 INFO L272 TraceCheckUtils]: 6: Hoare triple {12581#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {12639#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:54,622 INFO L290 TraceCheckUtils]: 7: Hoare triple {12639#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12581#true} is VALID [2022-02-20 17:59:54,622 INFO L290 TraceCheckUtils]: 8: Hoare triple {12581#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12581#true} is VALID [2022-02-20 17:59:54,622 INFO L290 TraceCheckUtils]: 9: Hoare triple {12581#true} assume true; {12581#true} is VALID [2022-02-20 17:59:54,622 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {12581#true} {12581#true} #958#return; {12581#true} is VALID [2022-02-20 17:59:54,622 INFO L290 TraceCheckUtils]: 11: Hoare triple {12581#true} assume { :end_inline_setup_bob__wrappee__Base } true; {12581#true} is VALID [2022-02-20 17:59:54,623 INFO L272 TraceCheckUtils]: 12: Hoare triple {12581#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {12640#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:54,623 INFO L290 TraceCheckUtils]: 13: Hoare triple {12640#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12581#true} is VALID [2022-02-20 17:59:54,623 INFO L290 TraceCheckUtils]: 14: Hoare triple {12581#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12581#true} is VALID [2022-02-20 17:59:54,624 INFO L290 TraceCheckUtils]: 15: Hoare triple {12581#true} assume true; {12581#true} is VALID [2022-02-20 17:59:54,624 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {12581#true} {12581#true} #960#return; {12581#true} is VALID [2022-02-20 17:59:54,624 INFO L290 TraceCheckUtils]: 17: Hoare triple {12581#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 19, 0;havoc setup_#t~nondet64#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {12581#true} is VALID [2022-02-20 17:59:54,624 INFO L272 TraceCheckUtils]: 18: Hoare triple {12581#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {12639#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:54,625 INFO L290 TraceCheckUtils]: 19: Hoare triple {12639#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12581#true} is VALID [2022-02-20 17:59:54,625 INFO L290 TraceCheckUtils]: 20: Hoare triple {12581#true} assume !(1 == ~handle); {12581#true} is VALID [2022-02-20 17:59:54,625 INFO L290 TraceCheckUtils]: 21: Hoare triple {12581#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {12581#true} is VALID [2022-02-20 17:59:54,625 INFO L290 TraceCheckUtils]: 22: Hoare triple {12581#true} assume true; {12581#true} is VALID [2022-02-20 17:59:54,625 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {12581#true} {12581#true} #962#return; {12581#true} is VALID [2022-02-20 17:59:54,625 INFO L290 TraceCheckUtils]: 24: Hoare triple {12581#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {12581#true} is VALID [2022-02-20 17:59:54,626 INFO L272 TraceCheckUtils]: 25: Hoare triple {12581#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {12640#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:54,626 INFO L290 TraceCheckUtils]: 26: Hoare triple {12640#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12581#true} is VALID [2022-02-20 17:59:54,626 INFO L290 TraceCheckUtils]: 27: Hoare triple {12581#true} assume !(1 == ~handle); {12581#true} is VALID [2022-02-20 17:59:54,626 INFO L290 TraceCheckUtils]: 28: Hoare triple {12581#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {12581#true} is VALID [2022-02-20 17:59:54,626 INFO L290 TraceCheckUtils]: 29: Hoare triple {12581#true} assume true; {12581#true} is VALID [2022-02-20 17:59:54,627 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {12581#true} {12581#true} #964#return; {12581#true} is VALID [2022-02-20 17:59:54,627 INFO L290 TraceCheckUtils]: 31: Hoare triple {12581#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 20, 0;havoc setup_#t~nondet65#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {12601#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:59:54,639 INFO L272 TraceCheckUtils]: 32: Hoare triple {12601#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {12639#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:54,640 INFO L290 TraceCheckUtils]: 33: Hoare triple {12639#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12641#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:54,641 INFO L290 TraceCheckUtils]: 34: Hoare triple {12641#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12642#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:54,641 INFO L290 TraceCheckUtils]: 35: Hoare triple {12642#(= |setClientId_#in~handle| 1)} assume true; {12642#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:54,641 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {12642#(= |setClientId_#in~handle| 1)} {12601#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #966#return; {12582#false} is VALID [2022-02-20 17:59:54,642 INFO L290 TraceCheckUtils]: 37: Hoare triple {12582#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {12582#false} is VALID [2022-02-20 17:59:54,642 INFO L272 TraceCheckUtils]: 38: Hoare triple {12582#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {12640#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:54,642 INFO L290 TraceCheckUtils]: 39: Hoare triple {12640#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12581#true} is VALID [2022-02-20 17:59:54,642 INFO L290 TraceCheckUtils]: 40: Hoare triple {12581#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12581#true} is VALID [2022-02-20 17:59:54,642 INFO L290 TraceCheckUtils]: 41: Hoare triple {12581#true} assume true; {12581#true} is VALID [2022-02-20 17:59:54,642 INFO L284 TraceCheckUtils]: 42: Hoare quadruple {12581#true} {12582#false} #968#return; {12582#false} is VALID [2022-02-20 17:59:54,642 INFO L290 TraceCheckUtils]: 43: Hoare triple {12582#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 21, 0;havoc setup_#t~nondet66#1; {12582#false} is VALID [2022-02-20 17:59:54,643 INFO L290 TraceCheckUtils]: 44: Hoare triple {12582#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {12582#false} is VALID [2022-02-20 17:59:54,643 INFO L290 TraceCheckUtils]: 45: Hoare triple {12582#false} assume !false; {12582#false} is VALID [2022-02-20 17:59:54,643 INFO L290 TraceCheckUtils]: 46: Hoare triple {12582#false} assume test_~splverifierCounter~0#1 < 4; {12582#false} is VALID [2022-02-20 17:59:54,643 INFO L290 TraceCheckUtils]: 47: Hoare triple {12582#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {12582#false} is VALID [2022-02-20 17:59:54,643 INFO L290 TraceCheckUtils]: 48: Hoare triple {12582#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet26#1 && test_#t~nondet26#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet26#1;havoc test_#t~nondet26#1; {12582#false} is VALID [2022-02-20 17:59:54,643 INFO L290 TraceCheckUtils]: 49: Hoare triple {12582#false} assume !(0 != test_~tmp___9~0#1); {12582#false} is VALID [2022-02-20 17:59:54,644 INFO L290 TraceCheckUtils]: 50: Hoare triple {12582#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet27#1 && test_#t~nondet27#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet27#1;havoc test_#t~nondet27#1; {12582#false} is VALID [2022-02-20 17:59:54,644 INFO L290 TraceCheckUtils]: 51: Hoare triple {12582#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {12582#false} is VALID [2022-02-20 17:59:54,644 INFO L290 TraceCheckUtils]: 52: Hoare triple {12582#false} assume !false; {12582#false} is VALID [2022-02-20 17:59:54,644 INFO L290 TraceCheckUtils]: 53: Hoare triple {12582#false} assume !(test_~splverifierCounter~0#1 < 4); {12582#false} is VALID [2022-02-20 17:59:54,644 INFO L290 TraceCheckUtils]: 54: Hoare triple {12582#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_#t~ret61#1, bobToRjh_#t~ret62#1, bobToRjh_~tmp~16#1, bobToRjh_~tmp___0~7#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~16#1;havoc bobToRjh_~tmp___0~7#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret59#1 := puts(17, 0);assume -2147483648 <= bobToRjh_#t~ret59#1 && bobToRjh_#t~ret59#1 <= 2147483647;havoc bobToRjh_#t~ret59#1; {12582#false} is VALID [2022-02-20 17:59:54,644 INFO L272 TraceCheckUtils]: 55: Hoare triple {12582#false} call sendEmail(~bob~0, ~rjh~0); {12582#false} is VALID [2022-02-20 17:59:54,644 INFO L290 TraceCheckUtils]: 56: Hoare triple {12582#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~39#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~39#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {12582#false} is VALID [2022-02-20 17:59:54,645 INFO L272 TraceCheckUtils]: 57: Hoare triple {12582#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {12643#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:54,645 INFO L290 TraceCheckUtils]: 58: Hoare triple {12643#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12581#true} is VALID [2022-02-20 17:59:54,645 INFO L290 TraceCheckUtils]: 59: Hoare triple {12581#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12581#true} is VALID [2022-02-20 17:59:54,645 INFO L290 TraceCheckUtils]: 60: Hoare triple {12581#true} assume true; {12581#true} is VALID [2022-02-20 17:59:54,645 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {12581#true} {12582#false} #946#return; {12582#false} is VALID [2022-02-20 17:59:54,645 INFO L290 TraceCheckUtils]: 62: Hoare triple {12582#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {12582#false} is VALID [2022-02-20 17:59:54,645 INFO L290 TraceCheckUtils]: 63: Hoare triple {12582#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {12582#false} is VALID [2022-02-20 17:59:54,646 INFO L290 TraceCheckUtils]: 64: Hoare triple {12582#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~39#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~39#1; {12582#false} is VALID [2022-02-20 17:59:54,646 INFO L290 TraceCheckUtils]: 65: Hoare triple {12582#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {12582#false} is VALID [2022-02-20 17:59:54,646 INFO L272 TraceCheckUtils]: 66: Hoare triple {12582#false} call outgoing(~sender#1, ~email~0#1); {12582#false} is VALID [2022-02-20 17:59:54,646 INFO L290 TraceCheckUtils]: 67: Hoare triple {12582#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret18#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~6#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~6#1; {12582#false} is VALID [2022-02-20 17:59:54,646 INFO L272 TraceCheckUtils]: 68: Hoare triple {12582#false} call sign_#t~ret18#1 := getClientPrivateKey(sign_~client#1); {12581#true} is VALID [2022-02-20 17:59:54,646 INFO L290 TraceCheckUtils]: 69: Hoare triple {12581#true} ~handle := #in~handle;havoc ~retValue_acc~28; {12581#true} is VALID [2022-02-20 17:59:54,646 INFO L290 TraceCheckUtils]: 70: Hoare triple {12581#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {12581#true} is VALID [2022-02-20 17:59:54,646 INFO L290 TraceCheckUtils]: 71: Hoare triple {12581#true} assume true; {12581#true} is VALID [2022-02-20 17:59:54,647 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {12581#true} {12582#false} #904#return; {12582#false} is VALID [2022-02-20 17:59:54,647 INFO L290 TraceCheckUtils]: 73: Hoare triple {12582#false} assume -2147483648 <= sign_#t~ret18#1 && sign_#t~ret18#1 <= 2147483647;sign_~tmp~6#1 := sign_#t~ret18#1;havoc sign_#t~ret18#1;sign_~privkey~1#1 := sign_~tmp~6#1; {12582#false} is VALID [2022-02-20 17:59:54,647 INFO L290 TraceCheckUtils]: 74: Hoare triple {12582#false} assume 0 == sign_~privkey~1#1; {12582#false} is VALID [2022-02-20 17:59:54,647 INFO L290 TraceCheckUtils]: 75: Hoare triple {12582#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret8#1, outgoing__wrappee__Encrypt_#t~ret9#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~2#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~0#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~2#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~0#1; {12582#false} is VALID [2022-02-20 17:59:54,647 INFO L272 TraceCheckUtils]: 76: Hoare triple {12582#false} call outgoing__wrappee__Encrypt_#t~ret8#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {12581#true} is VALID [2022-02-20 17:59:54,647 INFO L290 TraceCheckUtils]: 77: Hoare triple {12581#true} ~handle := #in~handle;havoc ~retValue_acc~11; {12581#true} is VALID [2022-02-20 17:59:54,647 INFO L290 TraceCheckUtils]: 78: Hoare triple {12581#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {12581#true} is VALID [2022-02-20 17:59:54,648 INFO L290 TraceCheckUtils]: 79: Hoare triple {12581#true} assume true; {12581#true} is VALID [2022-02-20 17:59:54,648 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {12581#true} {12582#false} #906#return; {12582#false} is VALID [2022-02-20 17:59:54,648 INFO L290 TraceCheckUtils]: 81: Hoare triple {12582#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret8#1 && outgoing__wrappee__Encrypt_#t~ret8#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~2#1 := outgoing__wrappee__Encrypt_#t~ret8#1;havoc outgoing__wrappee__Encrypt_#t~ret8#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~2#1; {12582#false} is VALID [2022-02-20 17:59:54,648 INFO L272 TraceCheckUtils]: 82: Hoare triple {12582#false} call outgoing__wrappee__Encrypt_#t~ret9#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {12581#true} is VALID [2022-02-20 17:59:54,648 INFO L290 TraceCheckUtils]: 83: Hoare triple {12581#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~33; {12581#true} is VALID [2022-02-20 17:59:54,648 INFO L290 TraceCheckUtils]: 84: Hoare triple {12581#true} assume 1 == ~handle; {12581#true} is VALID [2022-02-20 17:59:54,648 INFO L290 TraceCheckUtils]: 85: Hoare triple {12581#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~33 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~33; {12581#true} is VALID [2022-02-20 17:59:54,648 INFO L290 TraceCheckUtils]: 86: Hoare triple {12581#true} assume true; {12581#true} is VALID [2022-02-20 17:59:54,649 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {12581#true} {12582#false} #908#return; {12582#false} is VALID [2022-02-20 17:59:54,649 INFO L290 TraceCheckUtils]: 88: Hoare triple {12582#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret9#1 && outgoing__wrappee__Encrypt_#t~ret9#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~0#1 := outgoing__wrappee__Encrypt_#t~ret9#1;havoc outgoing__wrappee__Encrypt_#t~ret9#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~0#1; {12582#false} is VALID [2022-02-20 17:59:54,649 INFO L290 TraceCheckUtils]: 89: Hoare triple {12582#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {12582#false} is VALID [2022-02-20 17:59:54,649 INFO L290 TraceCheckUtils]: 90: Hoare triple {12582#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret7#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~1#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~35#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~35#1; {12582#false} is VALID [2022-02-20 17:59:54,649 INFO L290 TraceCheckUtils]: 91: Hoare triple {12582#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~35#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~35#1; {12582#false} is VALID [2022-02-20 17:59:54,649 INFO L290 TraceCheckUtils]: 92: Hoare triple {12582#false} outgoing__wrappee__Keys_#t~ret7#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret7#1 && outgoing__wrappee__Keys_#t~ret7#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~1#1 := outgoing__wrappee__Keys_#t~ret7#1;havoc outgoing__wrappee__Keys_#t~ret7#1; {12582#false} is VALID [2022-02-20 17:59:54,649 INFO L272 TraceCheckUtils]: 93: Hoare triple {12582#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~1#1); {12643#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:54,650 INFO L290 TraceCheckUtils]: 94: Hoare triple {12643#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12581#true} is VALID [2022-02-20 17:59:54,650 INFO L290 TraceCheckUtils]: 95: Hoare triple {12581#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12581#true} is VALID [2022-02-20 17:59:54,650 INFO L290 TraceCheckUtils]: 96: Hoare triple {12581#true} assume true; {12581#true} is VALID [2022-02-20 17:59:54,650 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {12581#true} {12582#false} #914#return; {12582#false} is VALID [2022-02-20 17:59:54,650 INFO L290 TraceCheckUtils]: 98: Hoare triple {12582#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret5#1, mail_#t~ret6#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~0#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret80#1, __utac_acc__SignForward_spec__1_#t~ret81#1, __utac_acc__SignForward_spec__1_#t~ret82#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~19#1, __utac_acc__SignForward_spec__1_~tmp___0~9#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~19#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~9#1;call __utac_acc__SignForward_spec__1_#t~ret80#1 := puts(25, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret80#1 && __utac_acc__SignForward_spec__1_#t~ret80#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret80#1; {12582#false} is VALID [2022-02-20 17:59:54,650 INFO L272 TraceCheckUtils]: 99: Hoare triple {12582#false} call __utac_acc__SignForward_spec__1_#t~ret81#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {12581#true} is VALID [2022-02-20 17:59:54,650 INFO L290 TraceCheckUtils]: 100: Hoare triple {12581#true} ~handle := #in~handle;havoc ~retValue_acc~16; {12581#true} is VALID [2022-02-20 17:59:54,650 INFO L290 TraceCheckUtils]: 101: Hoare triple {12581#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~16; {12581#true} is VALID [2022-02-20 17:59:54,651 INFO L290 TraceCheckUtils]: 102: Hoare triple {12581#true} assume true; {12581#true} is VALID [2022-02-20 17:59:54,651 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {12581#true} {12582#false} #916#return; {12582#false} is VALID [2022-02-20 17:59:54,651 INFO L290 TraceCheckUtils]: 104: Hoare triple {12582#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret81#1 && __utac_acc__SignForward_spec__1_#t~ret81#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~9#1 := __utac_acc__SignForward_spec__1_#t~ret81#1;havoc __utac_acc__SignForward_spec__1_#t~ret81#1; {12582#false} is VALID [2022-02-20 17:59:54,651 INFO L290 TraceCheckUtils]: 105: Hoare triple {12582#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~9#1; {12582#false} is VALID [2022-02-20 17:59:54,651 INFO L272 TraceCheckUtils]: 106: Hoare triple {12582#false} call __utac_acc__SignForward_spec__1_#t~ret82#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {12581#true} is VALID [2022-02-20 17:59:54,651 INFO L290 TraceCheckUtils]: 107: Hoare triple {12581#true} ~handle := #in~handle;havoc ~retValue_acc~28; {12581#true} is VALID [2022-02-20 17:59:54,651 INFO L290 TraceCheckUtils]: 108: Hoare triple {12581#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {12581#true} is VALID [2022-02-20 17:59:54,652 INFO L290 TraceCheckUtils]: 109: Hoare triple {12581#true} assume true; {12581#true} is VALID [2022-02-20 17:59:54,652 INFO L284 TraceCheckUtils]: 110: Hoare quadruple {12581#true} {12582#false} #918#return; {12582#false} is VALID [2022-02-20 17:59:54,652 INFO L290 TraceCheckUtils]: 111: Hoare triple {12582#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret82#1 && __utac_acc__SignForward_spec__1_#t~ret82#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~19#1 := __utac_acc__SignForward_spec__1_#t~ret82#1;havoc __utac_acc__SignForward_spec__1_#t~ret82#1; {12582#false} is VALID [2022-02-20 17:59:54,652 INFO L290 TraceCheckUtils]: 112: Hoare triple {12582#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~19#1;assume { :begin_inline___automaton_fail } true; {12582#false} is VALID [2022-02-20 17:59:54,652 INFO L290 TraceCheckUtils]: 113: Hoare triple {12582#false} assume !false; {12582#false} is VALID [2022-02-20 17:59:54,652 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 17:59:54,653 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:54,653 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1918307095] [2022-02-20 17:59:54,653 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1918307095] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:54,653 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:59:54,653 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-02-20 17:59:54,653 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [669053457] [2022-02-20 17:59:54,653 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:54,654 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 7 states have (on average 10.285714285714286) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (15), 5 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) Word has length 114 [2022-02-20 17:59:54,654 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:54,655 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 7 states have (on average 10.285714285714286) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (15), 5 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:59:54,736 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 100 edges. 100 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:54,736 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 17:59:54,736 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:54,737 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 17:59:54,737 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2022-02-20 17:59:54,737 INFO L87 Difference]: Start difference. First operand 370 states and 560 transitions. Second operand has 8 states, 7 states have (on average 10.285714285714286) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (15), 5 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:59:59,707 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:59,708 INFO L93 Difference]: Finished difference Result 788 states and 1199 transitions. [2022-02-20 17:59:59,708 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 17:59:59,708 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 7 states have (on average 10.285714285714286) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (15), 5 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) Word has length 114 [2022-02-20 17:59:59,708 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:59,709 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 7 states have (on average 10.285714285714286) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (15), 5 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:59:59,719 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1029 transitions. [2022-02-20 17:59:59,719 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 7 states have (on average 10.285714285714286) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (15), 5 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:59:59,729 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1029 transitions. [2022-02-20 17:59:59,729 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 1029 transitions. [2022-02-20 18:00:00,693 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1029 edges. 1029 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:00,710 INFO L225 Difference]: With dead ends: 788 [2022-02-20 18:00:00,710 INFO L226 Difference]: Without dead ends: 441 [2022-02-20 18:00:00,711 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 41 GetRequests, 29 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 16 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=50, Invalid=132, Unknown=0, NotChecked=0, Total=182 [2022-02-20 18:00:00,712 INFO L933 BasicCegarLoop]: 512 mSDtfsCounter, 871 mSDsluCounter, 651 mSDsCounter, 0 mSdLazyCounter, 1554 mSolverCounterSat, 270 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 888 SdHoareTripleChecker+Valid, 1163 SdHoareTripleChecker+Invalid, 1824 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 270 IncrementalHoareTripleChecker+Valid, 1554 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:00:00,712 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [888 Valid, 1163 Invalid, 1824 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [270 Valid, 1554 Invalid, 0 Unknown, 0 Unchecked, 2.1s Time] [2022-02-20 18:00:00,713 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 441 states. [2022-02-20 18:00:00,818 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 441 to 370. [2022-02-20 18:00:00,818 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:00:00,819 INFO L82 GeneralOperation]: Start isEquivalent. First operand 441 states. Second operand has 370 states, 284 states have (on average 1.5211267605633803) internal successors, (432), 289 states have internal predecessors, (432), 61 states have call successors, (61), 22 states have call predecessors, (61), 24 states have return successors, (66), 60 states have call predecessors, (66), 60 states have call successors, (66) [2022-02-20 18:00:00,820 INFO L74 IsIncluded]: Start isIncluded. First operand 441 states. Second operand has 370 states, 284 states have (on average 1.5211267605633803) internal successors, (432), 289 states have internal predecessors, (432), 61 states have call successors, (61), 22 states have call predecessors, (61), 24 states have return successors, (66), 60 states have call predecessors, (66), 60 states have call successors, (66) [2022-02-20 18:00:00,821 INFO L87 Difference]: Start difference. First operand 441 states. Second operand has 370 states, 284 states have (on average 1.5211267605633803) internal successors, (432), 289 states have internal predecessors, (432), 61 states have call successors, (61), 22 states have call predecessors, (61), 24 states have return successors, (66), 60 states have call predecessors, (66), 60 states have call successors, (66) [2022-02-20 18:00:00,838 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:00,839 INFO L93 Difference]: Finished difference Result 441 states and 670 transitions. [2022-02-20 18:00:00,839 INFO L276 IsEmpty]: Start isEmpty. Operand 441 states and 670 transitions. [2022-02-20 18:00:00,841 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:00,841 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:00,842 INFO L74 IsIncluded]: Start isIncluded. First operand has 370 states, 284 states have (on average 1.5211267605633803) internal successors, (432), 289 states have internal predecessors, (432), 61 states have call successors, (61), 22 states have call predecessors, (61), 24 states have return successors, (66), 60 states have call predecessors, (66), 60 states have call successors, (66) Second operand 441 states. [2022-02-20 18:00:00,843 INFO L87 Difference]: Start difference. First operand has 370 states, 284 states have (on average 1.5211267605633803) internal successors, (432), 289 states have internal predecessors, (432), 61 states have call successors, (61), 22 states have call predecessors, (61), 24 states have return successors, (66), 60 states have call predecessors, (66), 60 states have call successors, (66) Second operand 441 states. [2022-02-20 18:00:00,859 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:00,859 INFO L93 Difference]: Finished difference Result 441 states and 670 transitions. [2022-02-20 18:00:00,859 INFO L276 IsEmpty]: Start isEmpty. Operand 441 states and 670 transitions. [2022-02-20 18:00:00,861 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:00,861 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:00,861 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:00:00,862 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:00:00,863 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 370 states, 284 states have (on average 1.5211267605633803) internal successors, (432), 289 states have internal predecessors, (432), 61 states have call successors, (61), 22 states have call predecessors, (61), 24 states have return successors, (66), 60 states have call predecessors, (66), 60 states have call successors, (66) [2022-02-20 18:00:00,878 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 370 states to 370 states and 559 transitions. [2022-02-20 18:00:00,880 INFO L78 Accepts]: Start accepts. Automaton has 370 states and 559 transitions. Word has length 114 [2022-02-20 18:00:00,880 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:00:00,880 INFO L470 AbstractCegarLoop]: Abstraction has 370 states and 559 transitions. [2022-02-20 18:00:00,880 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 7 states have (on average 10.285714285714286) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (15), 5 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:00:00,880 INFO L276 IsEmpty]: Start isEmpty. Operand 370 states and 559 transitions. [2022-02-20 18:00:00,883 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 116 [2022-02-20 18:00:00,883 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:00:00,884 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:00:00,884 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 18:00:00,884 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:00:00,884 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:00:00,885 INFO L85 PathProgramCache]: Analyzing trace with hash 1269941286, now seen corresponding path program 2 times [2022-02-20 18:00:00,885 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:00:00,885 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1384696353] [2022-02-20 18:00:00,885 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:00,885 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:00:00,918 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:00,944 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:00:00,945 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:00,947 INFO L290 TraceCheckUtils]: 0: Hoare triple {15230#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15171#true} is VALID [2022-02-20 18:00:00,948 INFO L290 TraceCheckUtils]: 1: Hoare triple {15171#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {15171#true} is VALID [2022-02-20 18:00:00,948 INFO L290 TraceCheckUtils]: 2: Hoare triple {15171#true} assume true; {15171#true} is VALID [2022-02-20 18:00:00,948 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15171#true} {15171#true} #958#return; {15171#true} is VALID [2022-02-20 18:00:00,953 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:00:00,955 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:00,957 INFO L290 TraceCheckUtils]: 0: Hoare triple {15231#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15171#true} is VALID [2022-02-20 18:00:00,957 INFO L290 TraceCheckUtils]: 1: Hoare triple {15171#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15171#true} is VALID [2022-02-20 18:00:00,957 INFO L290 TraceCheckUtils]: 2: Hoare triple {15171#true} assume true; {15171#true} is VALID [2022-02-20 18:00:00,958 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15171#true} {15171#true} #960#return; {15171#true} is VALID [2022-02-20 18:00:00,958 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:00:00,959 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:00,962 INFO L290 TraceCheckUtils]: 0: Hoare triple {15230#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15171#true} is VALID [2022-02-20 18:00:00,962 INFO L290 TraceCheckUtils]: 1: Hoare triple {15171#true} assume !(1 == ~handle); {15171#true} is VALID [2022-02-20 18:00:00,962 INFO L290 TraceCheckUtils]: 2: Hoare triple {15171#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {15171#true} is VALID [2022-02-20 18:00:00,962 INFO L290 TraceCheckUtils]: 3: Hoare triple {15171#true} assume true; {15171#true} is VALID [2022-02-20 18:00:00,962 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {15171#true} {15171#true} #962#return; {15171#true} is VALID [2022-02-20 18:00:00,963 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:00:00,964 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:00,967 INFO L290 TraceCheckUtils]: 0: Hoare triple {15231#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15171#true} is VALID [2022-02-20 18:00:00,967 INFO L290 TraceCheckUtils]: 1: Hoare triple {15171#true} assume !(1 == ~handle); {15171#true} is VALID [2022-02-20 18:00:00,967 INFO L290 TraceCheckUtils]: 2: Hoare triple {15171#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {15171#true} is VALID [2022-02-20 18:00:00,967 INFO L290 TraceCheckUtils]: 3: Hoare triple {15171#true} assume true; {15171#true} is VALID [2022-02-20 18:00:00,967 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {15171#true} {15171#true} #964#return; {15171#true} is VALID [2022-02-20 18:00:00,968 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:00:00,971 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:00,985 INFO L290 TraceCheckUtils]: 0: Hoare triple {15230#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15232#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:00,986 INFO L290 TraceCheckUtils]: 1: Hoare triple {15232#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {15232#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:00,986 INFO L290 TraceCheckUtils]: 2: Hoare triple {15232#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {15233#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:00,987 INFO L290 TraceCheckUtils]: 3: Hoare triple {15233#(= 2 |setClientId_#in~handle|)} assume true; {15233#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:00,987 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {15233#(= 2 |setClientId_#in~handle|)} {15191#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #966#return; {15172#false} is VALID [2022-02-20 18:00:00,987 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2022-02-20 18:00:00,989 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:00,991 INFO L290 TraceCheckUtils]: 0: Hoare triple {15231#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15171#true} is VALID [2022-02-20 18:00:00,991 INFO L290 TraceCheckUtils]: 1: Hoare triple {15171#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15171#true} is VALID [2022-02-20 18:00:00,991 INFO L290 TraceCheckUtils]: 2: Hoare triple {15171#true} assume true; {15171#true} is VALID [2022-02-20 18:00:00,991 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15171#true} {15172#false} #968#return; {15172#false} is VALID [2022-02-20 18:00:00,998 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:00:00,999 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:01,001 INFO L290 TraceCheckUtils]: 0: Hoare triple {15234#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15171#true} is VALID [2022-02-20 18:00:01,001 INFO L290 TraceCheckUtils]: 1: Hoare triple {15171#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15171#true} is VALID [2022-02-20 18:00:01,001 INFO L290 TraceCheckUtils]: 2: Hoare triple {15171#true} assume true; {15171#true} is VALID [2022-02-20 18:00:01,001 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15171#true} {15172#false} #946#return; {15172#false} is VALID [2022-02-20 18:00:01,001 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 18:00:01,002 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:01,004 INFO L290 TraceCheckUtils]: 0: Hoare triple {15171#true} ~handle := #in~handle;havoc ~retValue_acc~28; {15171#true} is VALID [2022-02-20 18:00:01,005 INFO L290 TraceCheckUtils]: 1: Hoare triple {15171#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {15171#true} is VALID [2022-02-20 18:00:01,005 INFO L290 TraceCheckUtils]: 2: Hoare triple {15171#true} assume true; {15171#true} is VALID [2022-02-20 18:00:01,005 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15171#true} {15172#false} #904#return; {15172#false} is VALID [2022-02-20 18:00:01,005 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 18:00:01,006 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:01,009 INFO L290 TraceCheckUtils]: 0: Hoare triple {15171#true} ~handle := #in~handle;havoc ~retValue_acc~11; {15171#true} is VALID [2022-02-20 18:00:01,009 INFO L290 TraceCheckUtils]: 1: Hoare triple {15171#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {15171#true} is VALID [2022-02-20 18:00:01,009 INFO L290 TraceCheckUtils]: 2: Hoare triple {15171#true} assume true; {15171#true} is VALID [2022-02-20 18:00:01,009 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15171#true} {15172#false} #906#return; {15172#false} is VALID [2022-02-20 18:00:01,010 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83 [2022-02-20 18:00:01,011 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:01,013 INFO L290 TraceCheckUtils]: 0: Hoare triple {15171#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~33; {15171#true} is VALID [2022-02-20 18:00:01,014 INFO L290 TraceCheckUtils]: 1: Hoare triple {15171#true} assume 1 == ~handle; {15171#true} is VALID [2022-02-20 18:00:01,014 INFO L290 TraceCheckUtils]: 2: Hoare triple {15171#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~33 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~33; {15171#true} is VALID [2022-02-20 18:00:01,014 INFO L290 TraceCheckUtils]: 3: Hoare triple {15171#true} assume true; {15171#true} is VALID [2022-02-20 18:00:01,014 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {15171#true} {15172#false} #908#return; {15172#false} is VALID [2022-02-20 18:00:01,014 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 18:00:01,015 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:01,023 INFO L290 TraceCheckUtils]: 0: Hoare triple {15234#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15171#true} is VALID [2022-02-20 18:00:01,024 INFO L290 TraceCheckUtils]: 1: Hoare triple {15171#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15171#true} is VALID [2022-02-20 18:00:01,024 INFO L290 TraceCheckUtils]: 2: Hoare triple {15171#true} assume true; {15171#true} is VALID [2022-02-20 18:00:01,024 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15171#true} {15172#false} #914#return; {15172#false} is VALID [2022-02-20 18:00:01,024 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2022-02-20 18:00:01,025 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:01,027 INFO L290 TraceCheckUtils]: 0: Hoare triple {15171#true} ~handle := #in~handle;havoc ~retValue_acc~16; {15171#true} is VALID [2022-02-20 18:00:01,027 INFO L290 TraceCheckUtils]: 1: Hoare triple {15171#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~16; {15171#true} is VALID [2022-02-20 18:00:01,027 INFO L290 TraceCheckUtils]: 2: Hoare triple {15171#true} assume true; {15171#true} is VALID [2022-02-20 18:00:01,027 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15171#true} {15172#false} #916#return; {15172#false} is VALID [2022-02-20 18:00:01,027 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 107 [2022-02-20 18:00:01,028 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:01,031 INFO L290 TraceCheckUtils]: 0: Hoare triple {15171#true} ~handle := #in~handle;havoc ~retValue_acc~28; {15171#true} is VALID [2022-02-20 18:00:01,031 INFO L290 TraceCheckUtils]: 1: Hoare triple {15171#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {15171#true} is VALID [2022-02-20 18:00:01,032 INFO L290 TraceCheckUtils]: 2: Hoare triple {15171#true} assume true; {15171#true} is VALID [2022-02-20 18:00:01,032 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15171#true} {15172#false} #918#return; {15172#false} is VALID [2022-02-20 18:00:01,032 INFO L290 TraceCheckUtils]: 0: Hoare triple {15171#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(16, 5);call #Ultimate.allocInit(20, 6);call #Ultimate.allocInit(4, 7);call write~init~int(37, 7, 0, 1);call write~init~int(115, 7, 1, 1);call write~init~int(10, 7, 2, 1);call write~init~int(0, 7, 3, 1);call #Ultimate.allocInit(10, 8);call #Ultimate.allocInit(12, 9);call #Ultimate.allocInit(10, 10);call #Ultimate.allocInit(18, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(21, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(16, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(44, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(11, 21);call #Ultimate.allocInit(19, 22);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(100, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(21, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(25, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {15171#true} is VALID [2022-02-20 18:00:01,032 INFO L290 TraceCheckUtils]: 1: Hoare triple {15171#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet67#1, main_#t~ret68#1, main_~retValue_acc~40#1, main_~tmp~17#1;assume -2147483648 <= main_#t~nondet67#1 && main_#t~nondet67#1 <= 2147483647;main_~retValue_acc~40#1 := main_#t~nondet67#1;havoc main_#t~nondet67#1;havoc main_~tmp~17#1;assume { :begin_inline_select_helpers } true; {15171#true} is VALID [2022-02-20 18:00:01,032 INFO L290 TraceCheckUtils]: 2: Hoare triple {15171#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {15171#true} is VALID [2022-02-20 18:00:01,032 INFO L290 TraceCheckUtils]: 3: Hoare triple {15171#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {15171#true} is VALID [2022-02-20 18:00:01,032 INFO L290 TraceCheckUtils]: 4: Hoare triple {15171#true} main_#t~ret68#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret68#1 && main_#t~ret68#1 <= 2147483647;main_~tmp~17#1 := main_#t~ret68#1;havoc main_#t~ret68#1; {15171#true} is VALID [2022-02-20 18:00:01,033 INFO L290 TraceCheckUtils]: 5: Hoare triple {15171#true} assume 0 != main_~tmp~17#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet64#1, setup_#t~nondet65#1, setup_#t~nondet66#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {15171#true} is VALID [2022-02-20 18:00:01,033 INFO L272 TraceCheckUtils]: 6: Hoare triple {15171#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {15230#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:01,033 INFO L290 TraceCheckUtils]: 7: Hoare triple {15230#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15171#true} is VALID [2022-02-20 18:00:01,034 INFO L290 TraceCheckUtils]: 8: Hoare triple {15171#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {15171#true} is VALID [2022-02-20 18:00:01,034 INFO L290 TraceCheckUtils]: 9: Hoare triple {15171#true} assume true; {15171#true} is VALID [2022-02-20 18:00:01,034 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {15171#true} {15171#true} #958#return; {15171#true} is VALID [2022-02-20 18:00:01,034 INFO L290 TraceCheckUtils]: 11: Hoare triple {15171#true} assume { :end_inline_setup_bob__wrappee__Base } true; {15171#true} is VALID [2022-02-20 18:00:01,035 INFO L272 TraceCheckUtils]: 12: Hoare triple {15171#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {15231#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:01,035 INFO L290 TraceCheckUtils]: 13: Hoare triple {15231#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15171#true} is VALID [2022-02-20 18:00:01,035 INFO L290 TraceCheckUtils]: 14: Hoare triple {15171#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15171#true} is VALID [2022-02-20 18:00:01,035 INFO L290 TraceCheckUtils]: 15: Hoare triple {15171#true} assume true; {15171#true} is VALID [2022-02-20 18:00:01,035 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {15171#true} {15171#true} #960#return; {15171#true} is VALID [2022-02-20 18:00:01,035 INFO L290 TraceCheckUtils]: 17: Hoare triple {15171#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 19, 0;havoc setup_#t~nondet64#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {15171#true} is VALID [2022-02-20 18:00:01,036 INFO L272 TraceCheckUtils]: 18: Hoare triple {15171#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {15230#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:01,036 INFO L290 TraceCheckUtils]: 19: Hoare triple {15230#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15171#true} is VALID [2022-02-20 18:00:01,036 INFO L290 TraceCheckUtils]: 20: Hoare triple {15171#true} assume !(1 == ~handle); {15171#true} is VALID [2022-02-20 18:00:01,036 INFO L290 TraceCheckUtils]: 21: Hoare triple {15171#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {15171#true} is VALID [2022-02-20 18:00:01,036 INFO L290 TraceCheckUtils]: 22: Hoare triple {15171#true} assume true; {15171#true} is VALID [2022-02-20 18:00:01,036 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {15171#true} {15171#true} #962#return; {15171#true} is VALID [2022-02-20 18:00:01,037 INFO L290 TraceCheckUtils]: 24: Hoare triple {15171#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {15171#true} is VALID [2022-02-20 18:00:01,037 INFO L272 TraceCheckUtils]: 25: Hoare triple {15171#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {15231#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:01,037 INFO L290 TraceCheckUtils]: 26: Hoare triple {15231#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15171#true} is VALID [2022-02-20 18:00:01,037 INFO L290 TraceCheckUtils]: 27: Hoare triple {15171#true} assume !(1 == ~handle); {15171#true} is VALID [2022-02-20 18:00:01,038 INFO L290 TraceCheckUtils]: 28: Hoare triple {15171#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {15171#true} is VALID [2022-02-20 18:00:01,038 INFO L290 TraceCheckUtils]: 29: Hoare triple {15171#true} assume true; {15171#true} is VALID [2022-02-20 18:00:01,038 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {15171#true} {15171#true} #964#return; {15171#true} is VALID [2022-02-20 18:00:01,038 INFO L290 TraceCheckUtils]: 31: Hoare triple {15171#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 20, 0;havoc setup_#t~nondet65#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {15191#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:00:01,039 INFO L272 TraceCheckUtils]: 32: Hoare triple {15191#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {15230#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:01,039 INFO L290 TraceCheckUtils]: 33: Hoare triple {15230#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15232#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:01,040 INFO L290 TraceCheckUtils]: 34: Hoare triple {15232#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {15232#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:01,040 INFO L290 TraceCheckUtils]: 35: Hoare triple {15232#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {15233#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:01,040 INFO L290 TraceCheckUtils]: 36: Hoare triple {15233#(= 2 |setClientId_#in~handle|)} assume true; {15233#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:01,041 INFO L284 TraceCheckUtils]: 37: Hoare quadruple {15233#(= 2 |setClientId_#in~handle|)} {15191#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #966#return; {15172#false} is VALID [2022-02-20 18:00:01,041 INFO L290 TraceCheckUtils]: 38: Hoare triple {15172#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {15172#false} is VALID [2022-02-20 18:00:01,041 INFO L272 TraceCheckUtils]: 39: Hoare triple {15172#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {15231#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:01,041 INFO L290 TraceCheckUtils]: 40: Hoare triple {15231#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15171#true} is VALID [2022-02-20 18:00:01,041 INFO L290 TraceCheckUtils]: 41: Hoare triple {15171#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15171#true} is VALID [2022-02-20 18:00:01,041 INFO L290 TraceCheckUtils]: 42: Hoare triple {15171#true} assume true; {15171#true} is VALID [2022-02-20 18:00:01,042 INFO L284 TraceCheckUtils]: 43: Hoare quadruple {15171#true} {15172#false} #968#return; {15172#false} is VALID [2022-02-20 18:00:01,042 INFO L290 TraceCheckUtils]: 44: Hoare triple {15172#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 21, 0;havoc setup_#t~nondet66#1; {15172#false} is VALID [2022-02-20 18:00:01,042 INFO L290 TraceCheckUtils]: 45: Hoare triple {15172#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {15172#false} is VALID [2022-02-20 18:00:01,042 INFO L290 TraceCheckUtils]: 46: Hoare triple {15172#false} assume !false; {15172#false} is VALID [2022-02-20 18:00:01,042 INFO L290 TraceCheckUtils]: 47: Hoare triple {15172#false} assume test_~splverifierCounter~0#1 < 4; {15172#false} is VALID [2022-02-20 18:00:01,042 INFO L290 TraceCheckUtils]: 48: Hoare triple {15172#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {15172#false} is VALID [2022-02-20 18:00:01,042 INFO L290 TraceCheckUtils]: 49: Hoare triple {15172#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet26#1 && test_#t~nondet26#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet26#1;havoc test_#t~nondet26#1; {15172#false} is VALID [2022-02-20 18:00:01,043 INFO L290 TraceCheckUtils]: 50: Hoare triple {15172#false} assume !(0 != test_~tmp___9~0#1); {15172#false} is VALID [2022-02-20 18:00:01,043 INFO L290 TraceCheckUtils]: 51: Hoare triple {15172#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet27#1 && test_#t~nondet27#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet27#1;havoc test_#t~nondet27#1; {15172#false} is VALID [2022-02-20 18:00:01,043 INFO L290 TraceCheckUtils]: 52: Hoare triple {15172#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {15172#false} is VALID [2022-02-20 18:00:01,043 INFO L290 TraceCheckUtils]: 53: Hoare triple {15172#false} assume !false; {15172#false} is VALID [2022-02-20 18:00:01,043 INFO L290 TraceCheckUtils]: 54: Hoare triple {15172#false} assume !(test_~splverifierCounter~0#1 < 4); {15172#false} is VALID [2022-02-20 18:00:01,043 INFO L290 TraceCheckUtils]: 55: Hoare triple {15172#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_#t~ret61#1, bobToRjh_#t~ret62#1, bobToRjh_~tmp~16#1, bobToRjh_~tmp___0~7#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~16#1;havoc bobToRjh_~tmp___0~7#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret59#1 := puts(17, 0);assume -2147483648 <= bobToRjh_#t~ret59#1 && bobToRjh_#t~ret59#1 <= 2147483647;havoc bobToRjh_#t~ret59#1; {15172#false} is VALID [2022-02-20 18:00:01,043 INFO L272 TraceCheckUtils]: 56: Hoare triple {15172#false} call sendEmail(~bob~0, ~rjh~0); {15172#false} is VALID [2022-02-20 18:00:01,043 INFO L290 TraceCheckUtils]: 57: Hoare triple {15172#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~39#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~39#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {15172#false} is VALID [2022-02-20 18:00:01,044 INFO L272 TraceCheckUtils]: 58: Hoare triple {15172#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {15234#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:01,044 INFO L290 TraceCheckUtils]: 59: Hoare triple {15234#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15171#true} is VALID [2022-02-20 18:00:01,044 INFO L290 TraceCheckUtils]: 60: Hoare triple {15171#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15171#true} is VALID [2022-02-20 18:00:01,044 INFO L290 TraceCheckUtils]: 61: Hoare triple {15171#true} assume true; {15171#true} is VALID [2022-02-20 18:00:01,044 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {15171#true} {15172#false} #946#return; {15172#false} is VALID [2022-02-20 18:00:01,044 INFO L290 TraceCheckUtils]: 63: Hoare triple {15172#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {15172#false} is VALID [2022-02-20 18:00:01,044 INFO L290 TraceCheckUtils]: 64: Hoare triple {15172#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {15172#false} is VALID [2022-02-20 18:00:01,045 INFO L290 TraceCheckUtils]: 65: Hoare triple {15172#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~39#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~39#1; {15172#false} is VALID [2022-02-20 18:00:01,045 INFO L290 TraceCheckUtils]: 66: Hoare triple {15172#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {15172#false} is VALID [2022-02-20 18:00:01,045 INFO L272 TraceCheckUtils]: 67: Hoare triple {15172#false} call outgoing(~sender#1, ~email~0#1); {15172#false} is VALID [2022-02-20 18:00:01,045 INFO L290 TraceCheckUtils]: 68: Hoare triple {15172#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret18#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~6#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~6#1; {15172#false} is VALID [2022-02-20 18:00:01,045 INFO L272 TraceCheckUtils]: 69: Hoare triple {15172#false} call sign_#t~ret18#1 := getClientPrivateKey(sign_~client#1); {15171#true} is VALID [2022-02-20 18:00:01,045 INFO L290 TraceCheckUtils]: 70: Hoare triple {15171#true} ~handle := #in~handle;havoc ~retValue_acc~28; {15171#true} is VALID [2022-02-20 18:00:01,045 INFO L290 TraceCheckUtils]: 71: Hoare triple {15171#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {15171#true} is VALID [2022-02-20 18:00:01,045 INFO L290 TraceCheckUtils]: 72: Hoare triple {15171#true} assume true; {15171#true} is VALID [2022-02-20 18:00:01,046 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {15171#true} {15172#false} #904#return; {15172#false} is VALID [2022-02-20 18:00:01,046 INFO L290 TraceCheckUtils]: 74: Hoare triple {15172#false} assume -2147483648 <= sign_#t~ret18#1 && sign_#t~ret18#1 <= 2147483647;sign_~tmp~6#1 := sign_#t~ret18#1;havoc sign_#t~ret18#1;sign_~privkey~1#1 := sign_~tmp~6#1; {15172#false} is VALID [2022-02-20 18:00:01,046 INFO L290 TraceCheckUtils]: 75: Hoare triple {15172#false} assume 0 == sign_~privkey~1#1; {15172#false} is VALID [2022-02-20 18:00:01,046 INFO L290 TraceCheckUtils]: 76: Hoare triple {15172#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret8#1, outgoing__wrappee__Encrypt_#t~ret9#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~2#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~0#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~2#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~0#1; {15172#false} is VALID [2022-02-20 18:00:01,046 INFO L272 TraceCheckUtils]: 77: Hoare triple {15172#false} call outgoing__wrappee__Encrypt_#t~ret8#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {15171#true} is VALID [2022-02-20 18:00:01,046 INFO L290 TraceCheckUtils]: 78: Hoare triple {15171#true} ~handle := #in~handle;havoc ~retValue_acc~11; {15171#true} is VALID [2022-02-20 18:00:01,046 INFO L290 TraceCheckUtils]: 79: Hoare triple {15171#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {15171#true} is VALID [2022-02-20 18:00:01,046 INFO L290 TraceCheckUtils]: 80: Hoare triple {15171#true} assume true; {15171#true} is VALID [2022-02-20 18:00:01,047 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {15171#true} {15172#false} #906#return; {15172#false} is VALID [2022-02-20 18:00:01,047 INFO L290 TraceCheckUtils]: 82: Hoare triple {15172#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret8#1 && outgoing__wrappee__Encrypt_#t~ret8#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~2#1 := outgoing__wrappee__Encrypt_#t~ret8#1;havoc outgoing__wrappee__Encrypt_#t~ret8#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~2#1; {15172#false} is VALID [2022-02-20 18:00:01,047 INFO L272 TraceCheckUtils]: 83: Hoare triple {15172#false} call outgoing__wrappee__Encrypt_#t~ret9#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {15171#true} is VALID [2022-02-20 18:00:01,047 INFO L290 TraceCheckUtils]: 84: Hoare triple {15171#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~33; {15171#true} is VALID [2022-02-20 18:00:01,047 INFO L290 TraceCheckUtils]: 85: Hoare triple {15171#true} assume 1 == ~handle; {15171#true} is VALID [2022-02-20 18:00:01,047 INFO L290 TraceCheckUtils]: 86: Hoare triple {15171#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~33 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~33; {15171#true} is VALID [2022-02-20 18:00:01,047 INFO L290 TraceCheckUtils]: 87: Hoare triple {15171#true} assume true; {15171#true} is VALID [2022-02-20 18:00:01,048 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {15171#true} {15172#false} #908#return; {15172#false} is VALID [2022-02-20 18:00:01,048 INFO L290 TraceCheckUtils]: 89: Hoare triple {15172#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret9#1 && outgoing__wrappee__Encrypt_#t~ret9#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~0#1 := outgoing__wrappee__Encrypt_#t~ret9#1;havoc outgoing__wrappee__Encrypt_#t~ret9#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~0#1; {15172#false} is VALID [2022-02-20 18:00:01,048 INFO L290 TraceCheckUtils]: 90: Hoare triple {15172#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {15172#false} is VALID [2022-02-20 18:00:01,048 INFO L290 TraceCheckUtils]: 91: Hoare triple {15172#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret7#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~1#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~35#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~35#1; {15172#false} is VALID [2022-02-20 18:00:01,048 INFO L290 TraceCheckUtils]: 92: Hoare triple {15172#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~35#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~35#1; {15172#false} is VALID [2022-02-20 18:00:01,048 INFO L290 TraceCheckUtils]: 93: Hoare triple {15172#false} outgoing__wrappee__Keys_#t~ret7#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret7#1 && outgoing__wrappee__Keys_#t~ret7#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~1#1 := outgoing__wrappee__Keys_#t~ret7#1;havoc outgoing__wrappee__Keys_#t~ret7#1; {15172#false} is VALID [2022-02-20 18:00:01,048 INFO L272 TraceCheckUtils]: 94: Hoare triple {15172#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~1#1); {15234#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:01,048 INFO L290 TraceCheckUtils]: 95: Hoare triple {15234#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15171#true} is VALID [2022-02-20 18:00:01,049 INFO L290 TraceCheckUtils]: 96: Hoare triple {15171#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15171#true} is VALID [2022-02-20 18:00:01,049 INFO L290 TraceCheckUtils]: 97: Hoare triple {15171#true} assume true; {15171#true} is VALID [2022-02-20 18:00:01,049 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {15171#true} {15172#false} #914#return; {15172#false} is VALID [2022-02-20 18:00:01,049 INFO L290 TraceCheckUtils]: 99: Hoare triple {15172#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret5#1, mail_#t~ret6#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~0#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret80#1, __utac_acc__SignForward_spec__1_#t~ret81#1, __utac_acc__SignForward_spec__1_#t~ret82#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~19#1, __utac_acc__SignForward_spec__1_~tmp___0~9#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~19#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~9#1;call __utac_acc__SignForward_spec__1_#t~ret80#1 := puts(25, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret80#1 && __utac_acc__SignForward_spec__1_#t~ret80#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret80#1; {15172#false} is VALID [2022-02-20 18:00:01,049 INFO L272 TraceCheckUtils]: 100: Hoare triple {15172#false} call __utac_acc__SignForward_spec__1_#t~ret81#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {15171#true} is VALID [2022-02-20 18:00:01,049 INFO L290 TraceCheckUtils]: 101: Hoare triple {15171#true} ~handle := #in~handle;havoc ~retValue_acc~16; {15171#true} is VALID [2022-02-20 18:00:01,049 INFO L290 TraceCheckUtils]: 102: Hoare triple {15171#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~16; {15171#true} is VALID [2022-02-20 18:00:01,050 INFO L290 TraceCheckUtils]: 103: Hoare triple {15171#true} assume true; {15171#true} is VALID [2022-02-20 18:00:01,050 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {15171#true} {15172#false} #916#return; {15172#false} is VALID [2022-02-20 18:00:01,050 INFO L290 TraceCheckUtils]: 105: Hoare triple {15172#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret81#1 && __utac_acc__SignForward_spec__1_#t~ret81#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~9#1 := __utac_acc__SignForward_spec__1_#t~ret81#1;havoc __utac_acc__SignForward_spec__1_#t~ret81#1; {15172#false} is VALID [2022-02-20 18:00:01,050 INFO L290 TraceCheckUtils]: 106: Hoare triple {15172#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~9#1; {15172#false} is VALID [2022-02-20 18:00:01,050 INFO L272 TraceCheckUtils]: 107: Hoare triple {15172#false} call __utac_acc__SignForward_spec__1_#t~ret82#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {15171#true} is VALID [2022-02-20 18:00:01,050 INFO L290 TraceCheckUtils]: 108: Hoare triple {15171#true} ~handle := #in~handle;havoc ~retValue_acc~28; {15171#true} is VALID [2022-02-20 18:00:01,050 INFO L290 TraceCheckUtils]: 109: Hoare triple {15171#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {15171#true} is VALID [2022-02-20 18:00:01,051 INFO L290 TraceCheckUtils]: 110: Hoare triple {15171#true} assume true; {15171#true} is VALID [2022-02-20 18:00:01,051 INFO L284 TraceCheckUtils]: 111: Hoare quadruple {15171#true} {15172#false} #918#return; {15172#false} is VALID [2022-02-20 18:00:01,051 INFO L290 TraceCheckUtils]: 112: Hoare triple {15172#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret82#1 && __utac_acc__SignForward_spec__1_#t~ret82#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~19#1 := __utac_acc__SignForward_spec__1_#t~ret82#1;havoc __utac_acc__SignForward_spec__1_#t~ret82#1; {15172#false} is VALID [2022-02-20 18:00:01,051 INFO L290 TraceCheckUtils]: 113: Hoare triple {15172#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~19#1;assume { :begin_inline___automaton_fail } true; {15172#false} is VALID [2022-02-20 18:00:01,051 INFO L290 TraceCheckUtils]: 114: Hoare triple {15172#false} assume !false; {15172#false} is VALID [2022-02-20 18:00:01,051 INFO L134 CoverageAnalysis]: Checked inductivity of 35 backedges. 7 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 18:00:01,052 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:00:01,052 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1384696353] [2022-02-20 18:00:01,052 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1384696353] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:00:01,052 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:00:01,052 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-02-20 18:00:01,052 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [374546657] [2022-02-20 18:00:01,052 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:00:01,054 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 7 states have (on average 10.428571428571429) internal successors, (73), 5 states have internal predecessors, (73), 3 states have call successors, (15), 5 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) Word has length 115 [2022-02-20 18:00:01,054 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:00:01,054 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 7 states have (on average 10.428571428571429) internal successors, (73), 5 states have internal predecessors, (73), 3 states have call successors, (15), 5 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:00:01,126 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 101 edges. 101 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:01,126 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 18:00:01,126 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:00:01,127 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 18:00:01,127 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:00:01,127 INFO L87 Difference]: Start difference. First operand 370 states and 559 transitions. Second operand has 8 states, 7 states have (on average 10.428571428571429) internal successors, (73), 5 states have internal predecessors, (73), 3 states have call successors, (15), 5 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:00:05,849 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:05,849 INFO L93 Difference]: Finished difference Result 790 states and 1202 transitions. [2022-02-20 18:00:05,849 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 18:00:05,849 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 7 states have (on average 10.428571428571429) internal successors, (73), 5 states have internal predecessors, (73), 3 states have call successors, (15), 5 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) Word has length 115 [2022-02-20 18:00:05,850 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:00:05,850 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 7 states have (on average 10.428571428571429) internal successors, (73), 5 states have internal predecessors, (73), 3 states have call successors, (15), 5 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:00:05,860 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1030 transitions. [2022-02-20 18:00:05,861 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 7 states have (on average 10.428571428571429) internal successors, (73), 5 states have internal predecessors, (73), 3 states have call successors, (15), 5 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:00:05,870 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1030 transitions. [2022-02-20 18:00:05,870 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 1030 transitions. [2022-02-20 18:00:06,837 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1030 edges. 1030 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:06,854 INFO L225 Difference]: With dead ends: 790 [2022-02-20 18:00:06,854 INFO L226 Difference]: Without dead ends: 443 [2022-02-20 18:00:06,856 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 41 GetRequests, 29 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 15 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=50, Invalid=132, Unknown=0, NotChecked=0, Total=182 [2022-02-20 18:00:06,857 INFO L933 BasicCegarLoop]: 513 mSDtfsCounter, 867 mSDsluCounter, 651 mSDsCounter, 0 mSdLazyCounter, 1559 mSolverCounterSat, 272 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 884 SdHoareTripleChecker+Valid, 1164 SdHoareTripleChecker+Invalid, 1831 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 272 IncrementalHoareTripleChecker+Valid, 1559 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:00:06,857 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [884 Valid, 1164 Invalid, 1831 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [272 Valid, 1559 Invalid, 0 Unknown, 0 Unchecked, 2.1s Time] [2022-02-20 18:00:06,858 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 443 states. [2022-02-20 18:00:06,947 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 443 to 372. [2022-02-20 18:00:06,947 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:00:06,948 INFO L82 GeneralOperation]: Start isEquivalent. First operand 443 states. Second operand has 372 states, 285 states have (on average 1.5192982456140351) internal successors, (433), 291 states have internal predecessors, (433), 61 states have call successors, (61), 22 states have call predecessors, (61), 25 states have return successors, (68), 60 states have call predecessors, (68), 60 states have call successors, (68) [2022-02-20 18:00:06,950 INFO L74 IsIncluded]: Start isIncluded. First operand 443 states. Second operand has 372 states, 285 states have (on average 1.5192982456140351) internal successors, (433), 291 states have internal predecessors, (433), 61 states have call successors, (61), 22 states have call predecessors, (61), 25 states have return successors, (68), 60 states have call predecessors, (68), 60 states have call successors, (68) [2022-02-20 18:00:06,951 INFO L87 Difference]: Start difference. First operand 443 states. Second operand has 372 states, 285 states have (on average 1.5192982456140351) internal successors, (433), 291 states have internal predecessors, (433), 61 states have call successors, (61), 22 states have call predecessors, (61), 25 states have return successors, (68), 60 states have call predecessors, (68), 60 states have call successors, (68) [2022-02-20 18:00:06,968 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:06,968 INFO L93 Difference]: Finished difference Result 443 states and 673 transitions. [2022-02-20 18:00:06,968 INFO L276 IsEmpty]: Start isEmpty. Operand 443 states and 673 transitions. [2022-02-20 18:00:06,971 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:06,971 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:06,973 INFO L74 IsIncluded]: Start isIncluded. First operand has 372 states, 285 states have (on average 1.5192982456140351) internal successors, (433), 291 states have internal predecessors, (433), 61 states have call successors, (61), 22 states have call predecessors, (61), 25 states have return successors, (68), 60 states have call predecessors, (68), 60 states have call successors, (68) Second operand 443 states. [2022-02-20 18:00:06,974 INFO L87 Difference]: Start difference. First operand has 372 states, 285 states have (on average 1.5192982456140351) internal successors, (433), 291 states have internal predecessors, (433), 61 states have call successors, (61), 22 states have call predecessors, (61), 25 states have return successors, (68), 60 states have call predecessors, (68), 60 states have call successors, (68) Second operand 443 states. [2022-02-20 18:00:06,991 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:06,991 INFO L93 Difference]: Finished difference Result 443 states and 673 transitions. [2022-02-20 18:00:06,991 INFO L276 IsEmpty]: Start isEmpty. Operand 443 states and 673 transitions. [2022-02-20 18:00:06,993 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:06,993 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:06,994 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:00:06,994 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:00:06,995 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 372 states, 285 states have (on average 1.5192982456140351) internal successors, (433), 291 states have internal predecessors, (433), 61 states have call successors, (61), 22 states have call predecessors, (61), 25 states have return successors, (68), 60 states have call predecessors, (68), 60 states have call successors, (68) [2022-02-20 18:00:07,008 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 372 states to 372 states and 562 transitions. [2022-02-20 18:00:07,008 INFO L78 Accepts]: Start accepts. Automaton has 372 states and 562 transitions. Word has length 115 [2022-02-20 18:00:07,009 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:00:07,009 INFO L470 AbstractCegarLoop]: Abstraction has 372 states and 562 transitions. [2022-02-20 18:00:07,009 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 7 states have (on average 10.428571428571429) internal successors, (73), 5 states have internal predecessors, (73), 3 states have call successors, (15), 5 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:00:07,009 INFO L276 IsEmpty]: Start isEmpty. Operand 372 states and 562 transitions. [2022-02-20 18:00:07,011 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 117 [2022-02-20 18:00:07,011 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:00:07,011 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:00:07,012 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-20 18:00:07,012 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:00:07,013 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:00:07,013 INFO L85 PathProgramCache]: Analyzing trace with hash -1415974892, now seen corresponding path program 1 times [2022-02-20 18:00:07,013 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:00:07,013 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1505623421] [2022-02-20 18:00:07,013 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:07,013 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:00:07,057 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:07,091 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:00:07,093 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:07,095 INFO L290 TraceCheckUtils]: 0: Hoare triple {17831#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17770#true} is VALID [2022-02-20 18:00:07,095 INFO L290 TraceCheckUtils]: 1: Hoare triple {17770#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17770#true} is VALID [2022-02-20 18:00:07,095 INFO L290 TraceCheckUtils]: 2: Hoare triple {17770#true} assume true; {17770#true} is VALID [2022-02-20 18:00:07,096 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17770#true} {17770#true} #958#return; {17770#true} is VALID [2022-02-20 18:00:07,101 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:00:07,103 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:07,105 INFO L290 TraceCheckUtils]: 0: Hoare triple {17832#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17770#true} is VALID [2022-02-20 18:00:07,105 INFO L290 TraceCheckUtils]: 1: Hoare triple {17770#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {17770#true} is VALID [2022-02-20 18:00:07,105 INFO L290 TraceCheckUtils]: 2: Hoare triple {17770#true} assume true; {17770#true} is VALID [2022-02-20 18:00:07,106 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17770#true} {17770#true} #960#return; {17770#true} is VALID [2022-02-20 18:00:07,106 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:00:07,107 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:07,109 INFO L290 TraceCheckUtils]: 0: Hoare triple {17831#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17770#true} is VALID [2022-02-20 18:00:07,109 INFO L290 TraceCheckUtils]: 1: Hoare triple {17770#true} assume !(1 == ~handle); {17770#true} is VALID [2022-02-20 18:00:07,110 INFO L290 TraceCheckUtils]: 2: Hoare triple {17770#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {17770#true} is VALID [2022-02-20 18:00:07,110 INFO L290 TraceCheckUtils]: 3: Hoare triple {17770#true} assume true; {17770#true} is VALID [2022-02-20 18:00:07,110 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {17770#true} {17770#true} #962#return; {17770#true} is VALID [2022-02-20 18:00:07,110 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:00:07,111 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:07,113 INFO L290 TraceCheckUtils]: 0: Hoare triple {17832#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17770#true} is VALID [2022-02-20 18:00:07,114 INFO L290 TraceCheckUtils]: 1: Hoare triple {17770#true} assume !(1 == ~handle); {17770#true} is VALID [2022-02-20 18:00:07,114 INFO L290 TraceCheckUtils]: 2: Hoare triple {17770#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {17770#true} is VALID [2022-02-20 18:00:07,114 INFO L290 TraceCheckUtils]: 3: Hoare triple {17770#true} assume true; {17770#true} is VALID [2022-02-20 18:00:07,114 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {17770#true} {17770#true} #964#return; {17770#true} is VALID [2022-02-20 18:00:07,114 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:00:07,116 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:07,140 INFO L290 TraceCheckUtils]: 0: Hoare triple {17831#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17833#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:07,140 INFO L290 TraceCheckUtils]: 1: Hoare triple {17833#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {17833#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:07,141 INFO L290 TraceCheckUtils]: 2: Hoare triple {17833#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {17833#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:07,141 INFO L290 TraceCheckUtils]: 3: Hoare triple {17833#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {17834#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:07,141 INFO L290 TraceCheckUtils]: 4: Hoare triple {17834#(= 3 |setClientId_#in~handle|)} assume true; {17834#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:07,142 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {17834#(= 3 |setClientId_#in~handle|)} {17790#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #966#return; {17797#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:00:07,142 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:00:07,145 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:07,161 INFO L290 TraceCheckUtils]: 0: Hoare triple {17832#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17835#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:07,161 INFO L290 TraceCheckUtils]: 1: Hoare triple {17835#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {17836#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:00:07,162 INFO L290 TraceCheckUtils]: 2: Hoare triple {17836#(= |setClientPrivateKey_#in~handle| 1)} assume true; {17836#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:00:07,162 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17836#(= |setClientPrivateKey_#in~handle| 1)} {17797#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #968#return; {17771#false} is VALID [2022-02-20 18:00:07,170 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 18:00:07,171 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:07,173 INFO L290 TraceCheckUtils]: 0: Hoare triple {17837#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17770#true} is VALID [2022-02-20 18:00:07,173 INFO L290 TraceCheckUtils]: 1: Hoare triple {17770#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17770#true} is VALID [2022-02-20 18:00:07,174 INFO L290 TraceCheckUtils]: 2: Hoare triple {17770#true} assume true; {17770#true} is VALID [2022-02-20 18:00:07,174 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17770#true} {17771#false} #946#return; {17771#false} is VALID [2022-02-20 18:00:07,174 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-02-20 18:00:07,180 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:07,184 INFO L290 TraceCheckUtils]: 0: Hoare triple {17770#true} ~handle := #in~handle;havoc ~retValue_acc~28; {17770#true} is VALID [2022-02-20 18:00:07,185 INFO L290 TraceCheckUtils]: 1: Hoare triple {17770#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {17770#true} is VALID [2022-02-20 18:00:07,185 INFO L290 TraceCheckUtils]: 2: Hoare triple {17770#true} assume true; {17770#true} is VALID [2022-02-20 18:00:07,185 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17770#true} {17771#false} #904#return; {17771#false} is VALID [2022-02-20 18:00:07,185 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 18:00:07,186 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:07,188 INFO L290 TraceCheckUtils]: 0: Hoare triple {17770#true} ~handle := #in~handle;havoc ~retValue_acc~11; {17770#true} is VALID [2022-02-20 18:00:07,188 INFO L290 TraceCheckUtils]: 1: Hoare triple {17770#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {17770#true} is VALID [2022-02-20 18:00:07,188 INFO L290 TraceCheckUtils]: 2: Hoare triple {17770#true} assume true; {17770#true} is VALID [2022-02-20 18:00:07,189 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17770#true} {17771#false} #906#return; {17771#false} is VALID [2022-02-20 18:00:07,189 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 18:00:07,190 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:07,192 INFO L290 TraceCheckUtils]: 0: Hoare triple {17770#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~33; {17770#true} is VALID [2022-02-20 18:00:07,192 INFO L290 TraceCheckUtils]: 1: Hoare triple {17770#true} assume 1 == ~handle; {17770#true} is VALID [2022-02-20 18:00:07,192 INFO L290 TraceCheckUtils]: 2: Hoare triple {17770#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~33 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~33; {17770#true} is VALID [2022-02-20 18:00:07,193 INFO L290 TraceCheckUtils]: 3: Hoare triple {17770#true} assume true; {17770#true} is VALID [2022-02-20 18:00:07,193 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {17770#true} {17771#false} #908#return; {17771#false} is VALID [2022-02-20 18:00:07,193 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-02-20 18:00:07,194 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:07,196 INFO L290 TraceCheckUtils]: 0: Hoare triple {17837#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17770#true} is VALID [2022-02-20 18:00:07,196 INFO L290 TraceCheckUtils]: 1: Hoare triple {17770#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17770#true} is VALID [2022-02-20 18:00:07,196 INFO L290 TraceCheckUtils]: 2: Hoare triple {17770#true} assume true; {17770#true} is VALID [2022-02-20 18:00:07,196 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17770#true} {17771#false} #914#return; {17771#false} is VALID [2022-02-20 18:00:07,197 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 18:00:07,197 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:07,199 INFO L290 TraceCheckUtils]: 0: Hoare triple {17770#true} ~handle := #in~handle;havoc ~retValue_acc~16; {17770#true} is VALID [2022-02-20 18:00:07,199 INFO L290 TraceCheckUtils]: 1: Hoare triple {17770#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~16; {17770#true} is VALID [2022-02-20 18:00:07,199 INFO L290 TraceCheckUtils]: 2: Hoare triple {17770#true} assume true; {17770#true} is VALID [2022-02-20 18:00:07,199 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17770#true} {17771#false} #916#return; {17771#false} is VALID [2022-02-20 18:00:07,200 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 108 [2022-02-20 18:00:07,201 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:07,203 INFO L290 TraceCheckUtils]: 0: Hoare triple {17770#true} ~handle := #in~handle;havoc ~retValue_acc~28; {17770#true} is VALID [2022-02-20 18:00:07,203 INFO L290 TraceCheckUtils]: 1: Hoare triple {17770#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {17770#true} is VALID [2022-02-20 18:00:07,203 INFO L290 TraceCheckUtils]: 2: Hoare triple {17770#true} assume true; {17770#true} is VALID [2022-02-20 18:00:07,203 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17770#true} {17771#false} #918#return; {17771#false} is VALID [2022-02-20 18:00:07,204 INFO L290 TraceCheckUtils]: 0: Hoare triple {17770#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(16, 5);call #Ultimate.allocInit(20, 6);call #Ultimate.allocInit(4, 7);call write~init~int(37, 7, 0, 1);call write~init~int(115, 7, 1, 1);call write~init~int(10, 7, 2, 1);call write~init~int(0, 7, 3, 1);call #Ultimate.allocInit(10, 8);call #Ultimate.allocInit(12, 9);call #Ultimate.allocInit(10, 10);call #Ultimate.allocInit(18, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(21, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(16, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(44, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(11, 21);call #Ultimate.allocInit(19, 22);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(100, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(21, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(25, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {17770#true} is VALID [2022-02-20 18:00:07,204 INFO L290 TraceCheckUtils]: 1: Hoare triple {17770#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet67#1, main_#t~ret68#1, main_~retValue_acc~40#1, main_~tmp~17#1;assume -2147483648 <= main_#t~nondet67#1 && main_#t~nondet67#1 <= 2147483647;main_~retValue_acc~40#1 := main_#t~nondet67#1;havoc main_#t~nondet67#1;havoc main_~tmp~17#1;assume { :begin_inline_select_helpers } true; {17770#true} is VALID [2022-02-20 18:00:07,204 INFO L290 TraceCheckUtils]: 2: Hoare triple {17770#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {17770#true} is VALID [2022-02-20 18:00:07,204 INFO L290 TraceCheckUtils]: 3: Hoare triple {17770#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {17770#true} is VALID [2022-02-20 18:00:07,204 INFO L290 TraceCheckUtils]: 4: Hoare triple {17770#true} main_#t~ret68#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret68#1 && main_#t~ret68#1 <= 2147483647;main_~tmp~17#1 := main_#t~ret68#1;havoc main_#t~ret68#1; {17770#true} is VALID [2022-02-20 18:00:07,204 INFO L290 TraceCheckUtils]: 5: Hoare triple {17770#true} assume 0 != main_~tmp~17#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet64#1, setup_#t~nondet65#1, setup_#t~nondet66#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {17770#true} is VALID [2022-02-20 18:00:07,205 INFO L272 TraceCheckUtils]: 6: Hoare triple {17770#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {17831#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:07,205 INFO L290 TraceCheckUtils]: 7: Hoare triple {17831#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17770#true} is VALID [2022-02-20 18:00:07,205 INFO L290 TraceCheckUtils]: 8: Hoare triple {17770#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17770#true} is VALID [2022-02-20 18:00:07,205 INFO L290 TraceCheckUtils]: 9: Hoare triple {17770#true} assume true; {17770#true} is VALID [2022-02-20 18:00:07,206 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {17770#true} {17770#true} #958#return; {17770#true} is VALID [2022-02-20 18:00:07,206 INFO L290 TraceCheckUtils]: 11: Hoare triple {17770#true} assume { :end_inline_setup_bob__wrappee__Base } true; {17770#true} is VALID [2022-02-20 18:00:07,206 INFO L272 TraceCheckUtils]: 12: Hoare triple {17770#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {17832#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:07,206 INFO L290 TraceCheckUtils]: 13: Hoare triple {17832#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17770#true} is VALID [2022-02-20 18:00:07,207 INFO L290 TraceCheckUtils]: 14: Hoare triple {17770#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {17770#true} is VALID [2022-02-20 18:00:07,207 INFO L290 TraceCheckUtils]: 15: Hoare triple {17770#true} assume true; {17770#true} is VALID [2022-02-20 18:00:07,207 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {17770#true} {17770#true} #960#return; {17770#true} is VALID [2022-02-20 18:00:07,207 INFO L290 TraceCheckUtils]: 17: Hoare triple {17770#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 19, 0;havoc setup_#t~nondet64#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {17770#true} is VALID [2022-02-20 18:00:07,208 INFO L272 TraceCheckUtils]: 18: Hoare triple {17770#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {17831#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:07,208 INFO L290 TraceCheckUtils]: 19: Hoare triple {17831#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17770#true} is VALID [2022-02-20 18:00:07,208 INFO L290 TraceCheckUtils]: 20: Hoare triple {17770#true} assume !(1 == ~handle); {17770#true} is VALID [2022-02-20 18:00:07,208 INFO L290 TraceCheckUtils]: 21: Hoare triple {17770#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {17770#true} is VALID [2022-02-20 18:00:07,208 INFO L290 TraceCheckUtils]: 22: Hoare triple {17770#true} assume true; {17770#true} is VALID [2022-02-20 18:00:07,208 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {17770#true} {17770#true} #962#return; {17770#true} is VALID [2022-02-20 18:00:07,208 INFO L290 TraceCheckUtils]: 24: Hoare triple {17770#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {17770#true} is VALID [2022-02-20 18:00:07,209 INFO L272 TraceCheckUtils]: 25: Hoare triple {17770#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {17832#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:07,209 INFO L290 TraceCheckUtils]: 26: Hoare triple {17832#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17770#true} is VALID [2022-02-20 18:00:07,209 INFO L290 TraceCheckUtils]: 27: Hoare triple {17770#true} assume !(1 == ~handle); {17770#true} is VALID [2022-02-20 18:00:07,209 INFO L290 TraceCheckUtils]: 28: Hoare triple {17770#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {17770#true} is VALID [2022-02-20 18:00:07,210 INFO L290 TraceCheckUtils]: 29: Hoare triple {17770#true} assume true; {17770#true} is VALID [2022-02-20 18:00:07,210 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {17770#true} {17770#true} #964#return; {17770#true} is VALID [2022-02-20 18:00:07,210 INFO L290 TraceCheckUtils]: 31: Hoare triple {17770#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 20, 0;havoc setup_#t~nondet65#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {17790#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:00:07,211 INFO L272 TraceCheckUtils]: 32: Hoare triple {17790#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {17831#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:07,211 INFO L290 TraceCheckUtils]: 33: Hoare triple {17831#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17833#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:07,212 INFO L290 TraceCheckUtils]: 34: Hoare triple {17833#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {17833#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:07,212 INFO L290 TraceCheckUtils]: 35: Hoare triple {17833#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {17833#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:07,212 INFO L290 TraceCheckUtils]: 36: Hoare triple {17833#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {17834#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:07,213 INFO L290 TraceCheckUtils]: 37: Hoare triple {17834#(= 3 |setClientId_#in~handle|)} assume true; {17834#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:07,213 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {17834#(= 3 |setClientId_#in~handle|)} {17790#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #966#return; {17797#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:00:07,213 INFO L290 TraceCheckUtils]: 39: Hoare triple {17797#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {17797#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:00:07,214 INFO L272 TraceCheckUtils]: 40: Hoare triple {17797#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {17832#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:07,214 INFO L290 TraceCheckUtils]: 41: Hoare triple {17832#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17835#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:07,215 INFO L290 TraceCheckUtils]: 42: Hoare triple {17835#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {17836#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:00:07,215 INFO L290 TraceCheckUtils]: 43: Hoare triple {17836#(= |setClientPrivateKey_#in~handle| 1)} assume true; {17836#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:00:07,216 INFO L284 TraceCheckUtils]: 44: Hoare quadruple {17836#(= |setClientPrivateKey_#in~handle| 1)} {17797#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #968#return; {17771#false} is VALID [2022-02-20 18:00:07,216 INFO L290 TraceCheckUtils]: 45: Hoare triple {17771#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 21, 0;havoc setup_#t~nondet66#1; {17771#false} is VALID [2022-02-20 18:00:07,216 INFO L290 TraceCheckUtils]: 46: Hoare triple {17771#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {17771#false} is VALID [2022-02-20 18:00:07,216 INFO L290 TraceCheckUtils]: 47: Hoare triple {17771#false} assume !false; {17771#false} is VALID [2022-02-20 18:00:07,216 INFO L290 TraceCheckUtils]: 48: Hoare triple {17771#false} assume test_~splverifierCounter~0#1 < 4; {17771#false} is VALID [2022-02-20 18:00:07,216 INFO L290 TraceCheckUtils]: 49: Hoare triple {17771#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {17771#false} is VALID [2022-02-20 18:00:07,216 INFO L290 TraceCheckUtils]: 50: Hoare triple {17771#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet26#1 && test_#t~nondet26#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet26#1;havoc test_#t~nondet26#1; {17771#false} is VALID [2022-02-20 18:00:07,217 INFO L290 TraceCheckUtils]: 51: Hoare triple {17771#false} assume !(0 != test_~tmp___9~0#1); {17771#false} is VALID [2022-02-20 18:00:07,217 INFO L290 TraceCheckUtils]: 52: Hoare triple {17771#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet27#1 && test_#t~nondet27#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet27#1;havoc test_#t~nondet27#1; {17771#false} is VALID [2022-02-20 18:00:07,217 INFO L290 TraceCheckUtils]: 53: Hoare triple {17771#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {17771#false} is VALID [2022-02-20 18:00:07,217 INFO L290 TraceCheckUtils]: 54: Hoare triple {17771#false} assume !false; {17771#false} is VALID [2022-02-20 18:00:07,217 INFO L290 TraceCheckUtils]: 55: Hoare triple {17771#false} assume !(test_~splverifierCounter~0#1 < 4); {17771#false} is VALID [2022-02-20 18:00:07,217 INFO L290 TraceCheckUtils]: 56: Hoare triple {17771#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_#t~ret61#1, bobToRjh_#t~ret62#1, bobToRjh_~tmp~16#1, bobToRjh_~tmp___0~7#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~16#1;havoc bobToRjh_~tmp___0~7#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret59#1 := puts(17, 0);assume -2147483648 <= bobToRjh_#t~ret59#1 && bobToRjh_#t~ret59#1 <= 2147483647;havoc bobToRjh_#t~ret59#1; {17771#false} is VALID [2022-02-20 18:00:07,217 INFO L272 TraceCheckUtils]: 57: Hoare triple {17771#false} call sendEmail(~bob~0, ~rjh~0); {17771#false} is VALID [2022-02-20 18:00:07,217 INFO L290 TraceCheckUtils]: 58: Hoare triple {17771#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~39#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~39#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {17771#false} is VALID [2022-02-20 18:00:07,218 INFO L272 TraceCheckUtils]: 59: Hoare triple {17771#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {17837#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:07,218 INFO L290 TraceCheckUtils]: 60: Hoare triple {17837#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17770#true} is VALID [2022-02-20 18:00:07,218 INFO L290 TraceCheckUtils]: 61: Hoare triple {17770#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17770#true} is VALID [2022-02-20 18:00:07,218 INFO L290 TraceCheckUtils]: 62: Hoare triple {17770#true} assume true; {17770#true} is VALID [2022-02-20 18:00:07,218 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {17770#true} {17771#false} #946#return; {17771#false} is VALID [2022-02-20 18:00:07,218 INFO L290 TraceCheckUtils]: 64: Hoare triple {17771#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {17771#false} is VALID [2022-02-20 18:00:07,218 INFO L290 TraceCheckUtils]: 65: Hoare triple {17771#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {17771#false} is VALID [2022-02-20 18:00:07,218 INFO L290 TraceCheckUtils]: 66: Hoare triple {17771#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~39#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~39#1; {17771#false} is VALID [2022-02-20 18:00:07,219 INFO L290 TraceCheckUtils]: 67: Hoare triple {17771#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {17771#false} is VALID [2022-02-20 18:00:07,219 INFO L272 TraceCheckUtils]: 68: Hoare triple {17771#false} call outgoing(~sender#1, ~email~0#1); {17771#false} is VALID [2022-02-20 18:00:07,219 INFO L290 TraceCheckUtils]: 69: Hoare triple {17771#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret18#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~6#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~6#1; {17771#false} is VALID [2022-02-20 18:00:07,219 INFO L272 TraceCheckUtils]: 70: Hoare triple {17771#false} call sign_#t~ret18#1 := getClientPrivateKey(sign_~client#1); {17770#true} is VALID [2022-02-20 18:00:07,219 INFO L290 TraceCheckUtils]: 71: Hoare triple {17770#true} ~handle := #in~handle;havoc ~retValue_acc~28; {17770#true} is VALID [2022-02-20 18:00:07,219 INFO L290 TraceCheckUtils]: 72: Hoare triple {17770#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {17770#true} is VALID [2022-02-20 18:00:07,219 INFO L290 TraceCheckUtils]: 73: Hoare triple {17770#true} assume true; {17770#true} is VALID [2022-02-20 18:00:07,219 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {17770#true} {17771#false} #904#return; {17771#false} is VALID [2022-02-20 18:00:07,220 INFO L290 TraceCheckUtils]: 75: Hoare triple {17771#false} assume -2147483648 <= sign_#t~ret18#1 && sign_#t~ret18#1 <= 2147483647;sign_~tmp~6#1 := sign_#t~ret18#1;havoc sign_#t~ret18#1;sign_~privkey~1#1 := sign_~tmp~6#1; {17771#false} is VALID [2022-02-20 18:00:07,220 INFO L290 TraceCheckUtils]: 76: Hoare triple {17771#false} assume 0 == sign_~privkey~1#1; {17771#false} is VALID [2022-02-20 18:00:07,220 INFO L290 TraceCheckUtils]: 77: Hoare triple {17771#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret8#1, outgoing__wrappee__Encrypt_#t~ret9#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~2#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~0#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~2#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~0#1; {17771#false} is VALID [2022-02-20 18:00:07,220 INFO L272 TraceCheckUtils]: 78: Hoare triple {17771#false} call outgoing__wrappee__Encrypt_#t~ret8#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {17770#true} is VALID [2022-02-20 18:00:07,220 INFO L290 TraceCheckUtils]: 79: Hoare triple {17770#true} ~handle := #in~handle;havoc ~retValue_acc~11; {17770#true} is VALID [2022-02-20 18:00:07,220 INFO L290 TraceCheckUtils]: 80: Hoare triple {17770#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {17770#true} is VALID [2022-02-20 18:00:07,220 INFO L290 TraceCheckUtils]: 81: Hoare triple {17770#true} assume true; {17770#true} is VALID [2022-02-20 18:00:07,221 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {17770#true} {17771#false} #906#return; {17771#false} is VALID [2022-02-20 18:00:07,221 INFO L290 TraceCheckUtils]: 83: Hoare triple {17771#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret8#1 && outgoing__wrappee__Encrypt_#t~ret8#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~2#1 := outgoing__wrappee__Encrypt_#t~ret8#1;havoc outgoing__wrappee__Encrypt_#t~ret8#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~2#1; {17771#false} is VALID [2022-02-20 18:00:07,221 INFO L272 TraceCheckUtils]: 84: Hoare triple {17771#false} call outgoing__wrappee__Encrypt_#t~ret9#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {17770#true} is VALID [2022-02-20 18:00:07,221 INFO L290 TraceCheckUtils]: 85: Hoare triple {17770#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~33; {17770#true} is VALID [2022-02-20 18:00:07,221 INFO L290 TraceCheckUtils]: 86: Hoare triple {17770#true} assume 1 == ~handle; {17770#true} is VALID [2022-02-20 18:00:07,221 INFO L290 TraceCheckUtils]: 87: Hoare triple {17770#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~33 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~33; {17770#true} is VALID [2022-02-20 18:00:07,221 INFO L290 TraceCheckUtils]: 88: Hoare triple {17770#true} assume true; {17770#true} is VALID [2022-02-20 18:00:07,221 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {17770#true} {17771#false} #908#return; {17771#false} is VALID [2022-02-20 18:00:07,222 INFO L290 TraceCheckUtils]: 90: Hoare triple {17771#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret9#1 && outgoing__wrappee__Encrypt_#t~ret9#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~0#1 := outgoing__wrappee__Encrypt_#t~ret9#1;havoc outgoing__wrappee__Encrypt_#t~ret9#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~0#1; {17771#false} is VALID [2022-02-20 18:00:07,222 INFO L290 TraceCheckUtils]: 91: Hoare triple {17771#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {17771#false} is VALID [2022-02-20 18:00:07,222 INFO L290 TraceCheckUtils]: 92: Hoare triple {17771#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret7#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~1#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~35#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~35#1; {17771#false} is VALID [2022-02-20 18:00:07,222 INFO L290 TraceCheckUtils]: 93: Hoare triple {17771#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~35#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~35#1; {17771#false} is VALID [2022-02-20 18:00:07,222 INFO L290 TraceCheckUtils]: 94: Hoare triple {17771#false} outgoing__wrappee__Keys_#t~ret7#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret7#1 && outgoing__wrappee__Keys_#t~ret7#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~1#1 := outgoing__wrappee__Keys_#t~ret7#1;havoc outgoing__wrappee__Keys_#t~ret7#1; {17771#false} is VALID [2022-02-20 18:00:07,222 INFO L272 TraceCheckUtils]: 95: Hoare triple {17771#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~1#1); {17837#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:07,222 INFO L290 TraceCheckUtils]: 96: Hoare triple {17837#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17770#true} is VALID [2022-02-20 18:00:07,223 INFO L290 TraceCheckUtils]: 97: Hoare triple {17770#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17770#true} is VALID [2022-02-20 18:00:07,223 INFO L290 TraceCheckUtils]: 98: Hoare triple {17770#true} assume true; {17770#true} is VALID [2022-02-20 18:00:07,223 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {17770#true} {17771#false} #914#return; {17771#false} is VALID [2022-02-20 18:00:07,223 INFO L290 TraceCheckUtils]: 100: Hoare triple {17771#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret5#1, mail_#t~ret6#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~0#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret80#1, __utac_acc__SignForward_spec__1_#t~ret81#1, __utac_acc__SignForward_spec__1_#t~ret82#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~19#1, __utac_acc__SignForward_spec__1_~tmp___0~9#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~19#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~9#1;call __utac_acc__SignForward_spec__1_#t~ret80#1 := puts(25, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret80#1 && __utac_acc__SignForward_spec__1_#t~ret80#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret80#1; {17771#false} is VALID [2022-02-20 18:00:07,223 INFO L272 TraceCheckUtils]: 101: Hoare triple {17771#false} call __utac_acc__SignForward_spec__1_#t~ret81#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {17770#true} is VALID [2022-02-20 18:00:07,223 INFO L290 TraceCheckUtils]: 102: Hoare triple {17770#true} ~handle := #in~handle;havoc ~retValue_acc~16; {17770#true} is VALID [2022-02-20 18:00:07,223 INFO L290 TraceCheckUtils]: 103: Hoare triple {17770#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~16; {17770#true} is VALID [2022-02-20 18:00:07,224 INFO L290 TraceCheckUtils]: 104: Hoare triple {17770#true} assume true; {17770#true} is VALID [2022-02-20 18:00:07,224 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {17770#true} {17771#false} #916#return; {17771#false} is VALID [2022-02-20 18:00:07,224 INFO L290 TraceCheckUtils]: 106: Hoare triple {17771#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret81#1 && __utac_acc__SignForward_spec__1_#t~ret81#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~9#1 := __utac_acc__SignForward_spec__1_#t~ret81#1;havoc __utac_acc__SignForward_spec__1_#t~ret81#1; {17771#false} is VALID [2022-02-20 18:00:07,224 INFO L290 TraceCheckUtils]: 107: Hoare triple {17771#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~9#1; {17771#false} is VALID [2022-02-20 18:00:07,224 INFO L272 TraceCheckUtils]: 108: Hoare triple {17771#false} call __utac_acc__SignForward_spec__1_#t~ret82#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {17770#true} is VALID [2022-02-20 18:00:07,224 INFO L290 TraceCheckUtils]: 109: Hoare triple {17770#true} ~handle := #in~handle;havoc ~retValue_acc~28; {17770#true} is VALID [2022-02-20 18:00:07,224 INFO L290 TraceCheckUtils]: 110: Hoare triple {17770#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {17770#true} is VALID [2022-02-20 18:00:07,224 INFO L290 TraceCheckUtils]: 111: Hoare triple {17770#true} assume true; {17770#true} is VALID [2022-02-20 18:00:07,225 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {17770#true} {17771#false} #918#return; {17771#false} is VALID [2022-02-20 18:00:07,225 INFO L290 TraceCheckUtils]: 113: Hoare triple {17771#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret82#1 && __utac_acc__SignForward_spec__1_#t~ret82#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~19#1 := __utac_acc__SignForward_spec__1_#t~ret82#1;havoc __utac_acc__SignForward_spec__1_#t~ret82#1; {17771#false} is VALID [2022-02-20 18:00:07,225 INFO L290 TraceCheckUtils]: 114: Hoare triple {17771#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~19#1;assume { :begin_inline___automaton_fail } true; {17771#false} is VALID [2022-02-20 18:00:07,225 INFO L290 TraceCheckUtils]: 115: Hoare triple {17771#false} assume !false; {17771#false} is VALID [2022-02-20 18:00:07,225 INFO L134 CoverageAnalysis]: Checked inductivity of 35 backedges. 13 proven. 0 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 18:00:07,226 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:00:07,226 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1505623421] [2022-02-20 18:00:07,226 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1505623421] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:00:07,226 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:00:07,226 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [11] imperfect sequences [] total 11 [2022-02-20 18:00:07,226 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [850801460] [2022-02-20 18:00:07,226 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:00:07,227 INFO L78 Accepts]: Start accepts. Automaton has has 11 states, 10 states have (on average 7.7) internal successors, (77), 8 states have internal predecessors, (77), 4 states have call successors, (15), 5 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) Word has length 116 [2022-02-20 18:00:07,227 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:00:07,228 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 11 states, 10 states have (on average 7.7) internal successors, (77), 8 states have internal predecessors, (77), 4 states have call successors, (15), 5 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 18:00:07,304 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 105 edges. 105 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:07,305 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 11 states [2022-02-20 18:00:07,305 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:00:07,305 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 11 interpolants. [2022-02-20 18:00:07,305 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=19, Invalid=91, Unknown=0, NotChecked=0, Total=110 [2022-02-20 18:00:07,306 INFO L87 Difference]: Start difference. First operand 372 states and 562 transitions. Second operand has 11 states, 10 states have (on average 7.7) internal successors, (77), 8 states have internal predecessors, (77), 4 states have call successors, (15), 5 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 18:00:14,014 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:14,015 INFO L93 Difference]: Finished difference Result 788 states and 1197 transitions. [2022-02-20 18:00:14,015 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 12 states. [2022-02-20 18:00:14,015 INFO L78 Accepts]: Start accepts. Automaton has has 11 states, 10 states have (on average 7.7) internal successors, (77), 8 states have internal predecessors, (77), 4 states have call successors, (15), 5 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) Word has length 116 [2022-02-20 18:00:14,016 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:00:14,016 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 11 states, 10 states have (on average 7.7) internal successors, (77), 8 states have internal predecessors, (77), 4 states have call successors, (15), 5 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 18:00:14,025 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 12 states to 12 states and 1031 transitions. [2022-02-20 18:00:14,026 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 11 states, 10 states have (on average 7.7) internal successors, (77), 8 states have internal predecessors, (77), 4 states have call successors, (15), 5 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 18:00:14,035 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 12 states to 12 states and 1031 transitions. [2022-02-20 18:00:14,036 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 12 states and 1031 transitions. [2022-02-20 18:00:14,891 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1031 edges. 1031 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:14,903 INFO L225 Difference]: With dead ends: 788 [2022-02-20 18:00:14,903 INFO L226 Difference]: Without dead ends: 443 [2022-02-20 18:00:14,904 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 48 GetRequests, 29 SyntacticMatches, 0 SemanticMatches, 19 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 46 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=84, Invalid=336, Unknown=0, NotChecked=0, Total=420 [2022-02-20 18:00:14,904 INFO L933 BasicCegarLoop]: 499 mSDtfsCounter, 973 mSDsluCounter, 952 mSDsCounter, 0 mSdLazyCounter, 2894 mSolverCounterSat, 318 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 973 SdHoareTripleChecker+Valid, 1451 SdHoareTripleChecker+Invalid, 3212 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 318 IncrementalHoareTripleChecker+Valid, 2894 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:00:14,905 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [973 Valid, 1451 Invalid, 3212 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [318 Valid, 2894 Invalid, 0 Unknown, 0 Unchecked, 3.1s Time] [2022-02-20 18:00:14,906 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 443 states. [2022-02-20 18:00:14,992 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 443 to 372. [2022-02-20 18:00:14,993 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:00:15,001 INFO L82 GeneralOperation]: Start isEquivalent. First operand 443 states. Second operand has 372 states, 285 states have (on average 1.5192982456140351) internal successors, (433), 291 states have internal predecessors, (433), 61 states have call successors, (61), 22 states have call predecessors, (61), 25 states have return successors, (67), 60 states have call predecessors, (67), 60 states have call successors, (67) [2022-02-20 18:00:15,004 INFO L74 IsIncluded]: Start isIncluded. First operand 443 states. Second operand has 372 states, 285 states have (on average 1.5192982456140351) internal successors, (433), 291 states have internal predecessors, (433), 61 states have call successors, (61), 22 states have call predecessors, (61), 25 states have return successors, (67), 60 states have call predecessors, (67), 60 states have call successors, (67) [2022-02-20 18:00:15,006 INFO L87 Difference]: Start difference. First operand 443 states. Second operand has 372 states, 285 states have (on average 1.5192982456140351) internal successors, (433), 291 states have internal predecessors, (433), 61 states have call successors, (61), 22 states have call predecessors, (61), 25 states have return successors, (67), 60 states have call predecessors, (67), 60 states have call successors, (67) [2022-02-20 18:00:15,021 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:15,021 INFO L93 Difference]: Finished difference Result 443 states and 672 transitions. [2022-02-20 18:00:15,022 INFO L276 IsEmpty]: Start isEmpty. Operand 443 states and 672 transitions. [2022-02-20 18:00:15,023 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:15,024 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:15,025 INFO L74 IsIncluded]: Start isIncluded. First operand has 372 states, 285 states have (on average 1.5192982456140351) internal successors, (433), 291 states have internal predecessors, (433), 61 states have call successors, (61), 22 states have call predecessors, (61), 25 states have return successors, (67), 60 states have call predecessors, (67), 60 states have call successors, (67) Second operand 443 states. [2022-02-20 18:00:15,025 INFO L87 Difference]: Start difference. First operand has 372 states, 285 states have (on average 1.5192982456140351) internal successors, (433), 291 states have internal predecessors, (433), 61 states have call successors, (61), 22 states have call predecessors, (61), 25 states have return successors, (67), 60 states have call predecessors, (67), 60 states have call successors, (67) Second operand 443 states. [2022-02-20 18:00:15,041 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:15,041 INFO L93 Difference]: Finished difference Result 443 states and 672 transitions. [2022-02-20 18:00:15,041 INFO L276 IsEmpty]: Start isEmpty. Operand 443 states and 672 transitions. [2022-02-20 18:00:15,043 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:15,044 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:15,044 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:00:15,044 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:00:15,045 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 372 states, 285 states have (on average 1.5192982456140351) internal successors, (433), 291 states have internal predecessors, (433), 61 states have call successors, (61), 22 states have call predecessors, (61), 25 states have return successors, (67), 60 states have call predecessors, (67), 60 states have call successors, (67) [2022-02-20 18:00:15,058 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 372 states to 372 states and 561 transitions. [2022-02-20 18:00:15,058 INFO L78 Accepts]: Start accepts. Automaton has 372 states and 561 transitions. Word has length 116 [2022-02-20 18:00:15,058 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:00:15,059 INFO L470 AbstractCegarLoop]: Abstraction has 372 states and 561 transitions. [2022-02-20 18:00:15,059 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 11 states, 10 states have (on average 7.7) internal successors, (77), 8 states have internal predecessors, (77), 4 states have call successors, (15), 5 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 18:00:15,059 INFO L276 IsEmpty]: Start isEmpty. Operand 372 states and 561 transitions. [2022-02-20 18:00:15,061 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 118 [2022-02-20 18:00:15,061 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:00:15,061 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:00:15,061 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-02-20 18:00:15,061 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:00:15,062 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:00:15,062 INFO L85 PathProgramCache]: Analyzing trace with hash 1004440397, now seen corresponding path program 2 times [2022-02-20 18:00:15,062 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:00:15,062 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1074541218] [2022-02-20 18:00:15,062 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:15,063 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:00:15,088 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,125 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:00:15,126 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,130 INFO L290 TraceCheckUtils]: 0: Hoare triple {20440#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20378#true} is VALID [2022-02-20 18:00:15,130 INFO L290 TraceCheckUtils]: 1: Hoare triple {20378#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {20378#true} is VALID [2022-02-20 18:00:15,130 INFO L290 TraceCheckUtils]: 2: Hoare triple {20378#true} assume true; {20378#true} is VALID [2022-02-20 18:00:15,130 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20378#true} {20378#true} #958#return; {20378#true} is VALID [2022-02-20 18:00:15,136 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:00:15,138 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,142 INFO L290 TraceCheckUtils]: 0: Hoare triple {20441#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {20378#true} is VALID [2022-02-20 18:00:15,142 INFO L290 TraceCheckUtils]: 1: Hoare triple {20378#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {20378#true} is VALID [2022-02-20 18:00:15,142 INFO L290 TraceCheckUtils]: 2: Hoare triple {20378#true} assume true; {20378#true} is VALID [2022-02-20 18:00:15,142 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20378#true} {20378#true} #960#return; {20378#true} is VALID [2022-02-20 18:00:15,143 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:00:15,144 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,146 INFO L290 TraceCheckUtils]: 0: Hoare triple {20440#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20378#true} is VALID [2022-02-20 18:00:15,146 INFO L290 TraceCheckUtils]: 1: Hoare triple {20378#true} assume !(1 == ~handle); {20378#true} is VALID [2022-02-20 18:00:15,146 INFO L290 TraceCheckUtils]: 2: Hoare triple {20378#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {20378#true} is VALID [2022-02-20 18:00:15,146 INFO L290 TraceCheckUtils]: 3: Hoare triple {20378#true} assume true; {20378#true} is VALID [2022-02-20 18:00:15,147 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {20378#true} {20378#true} #962#return; {20378#true} is VALID [2022-02-20 18:00:15,147 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:00:15,148 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,150 INFO L290 TraceCheckUtils]: 0: Hoare triple {20441#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {20378#true} is VALID [2022-02-20 18:00:15,150 INFO L290 TraceCheckUtils]: 1: Hoare triple {20378#true} assume !(1 == ~handle); {20378#true} is VALID [2022-02-20 18:00:15,150 INFO L290 TraceCheckUtils]: 2: Hoare triple {20378#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {20378#true} is VALID [2022-02-20 18:00:15,150 INFO L290 TraceCheckUtils]: 3: Hoare triple {20378#true} assume true; {20378#true} is VALID [2022-02-20 18:00:15,150 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {20378#true} {20378#true} #964#return; {20378#true} is VALID [2022-02-20 18:00:15,151 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:00:15,153 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,167 INFO L290 TraceCheckUtils]: 0: Hoare triple {20440#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20442#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:15,168 INFO L290 TraceCheckUtils]: 1: Hoare triple {20442#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {20442#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:15,168 INFO L290 TraceCheckUtils]: 2: Hoare triple {20442#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {20442#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:15,169 INFO L290 TraceCheckUtils]: 3: Hoare triple {20442#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {20443#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:15,169 INFO L290 TraceCheckUtils]: 4: Hoare triple {20443#(= 3 |setClientId_#in~handle|)} assume true; {20443#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:15,169 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {20443#(= 3 |setClientId_#in~handle|)} {20398#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #966#return; {20405#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:00:15,170 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:00:15,172 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,188 INFO L290 TraceCheckUtils]: 0: Hoare triple {20441#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {20444#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:15,189 INFO L290 TraceCheckUtils]: 1: Hoare triple {20444#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {20444#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:15,189 INFO L290 TraceCheckUtils]: 2: Hoare triple {20444#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {20445#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:15,190 INFO L290 TraceCheckUtils]: 3: Hoare triple {20445#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {20445#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:15,190 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {20445#(= 2 |setClientPrivateKey_#in~handle|)} {20405#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #968#return; {20379#false} is VALID [2022-02-20 18:00:15,199 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-02-20 18:00:15,200 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,202 INFO L290 TraceCheckUtils]: 0: Hoare triple {20446#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {20378#true} is VALID [2022-02-20 18:00:15,202 INFO L290 TraceCheckUtils]: 1: Hoare triple {20378#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {20378#true} is VALID [2022-02-20 18:00:15,202 INFO L290 TraceCheckUtils]: 2: Hoare triple {20378#true} assume true; {20378#true} is VALID [2022-02-20 18:00:15,203 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20378#true} {20379#false} #946#return; {20379#false} is VALID [2022-02-20 18:00:15,203 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 71 [2022-02-20 18:00:15,204 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,206 INFO L290 TraceCheckUtils]: 0: Hoare triple {20378#true} ~handle := #in~handle;havoc ~retValue_acc~28; {20378#true} is VALID [2022-02-20 18:00:15,206 INFO L290 TraceCheckUtils]: 1: Hoare triple {20378#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {20378#true} is VALID [2022-02-20 18:00:15,206 INFO L290 TraceCheckUtils]: 2: Hoare triple {20378#true} assume true; {20378#true} is VALID [2022-02-20 18:00:15,206 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20378#true} {20379#false} #904#return; {20379#false} is VALID [2022-02-20 18:00:15,206 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 18:00:15,207 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,209 INFO L290 TraceCheckUtils]: 0: Hoare triple {20378#true} ~handle := #in~handle;havoc ~retValue_acc~11; {20378#true} is VALID [2022-02-20 18:00:15,209 INFO L290 TraceCheckUtils]: 1: Hoare triple {20378#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {20378#true} is VALID [2022-02-20 18:00:15,210 INFO L290 TraceCheckUtils]: 2: Hoare triple {20378#true} assume true; {20378#true} is VALID [2022-02-20 18:00:15,210 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20378#true} {20379#false} #906#return; {20379#false} is VALID [2022-02-20 18:00:15,210 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 18:00:15,211 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,213 INFO L290 TraceCheckUtils]: 0: Hoare triple {20378#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~33; {20378#true} is VALID [2022-02-20 18:00:15,213 INFO L290 TraceCheckUtils]: 1: Hoare triple {20378#true} assume 1 == ~handle; {20378#true} is VALID [2022-02-20 18:00:15,213 INFO L290 TraceCheckUtils]: 2: Hoare triple {20378#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~33 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~33; {20378#true} is VALID [2022-02-20 18:00:15,213 INFO L290 TraceCheckUtils]: 3: Hoare triple {20378#true} assume true; {20378#true} is VALID [2022-02-20 18:00:15,213 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {20378#true} {20379#false} #908#return; {20379#false} is VALID [2022-02-20 18:00:15,214 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 18:00:15,215 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,219 INFO L290 TraceCheckUtils]: 0: Hoare triple {20446#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {20378#true} is VALID [2022-02-20 18:00:15,219 INFO L290 TraceCheckUtils]: 1: Hoare triple {20378#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {20378#true} is VALID [2022-02-20 18:00:15,219 INFO L290 TraceCheckUtils]: 2: Hoare triple {20378#true} assume true; {20378#true} is VALID [2022-02-20 18:00:15,219 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20378#true} {20379#false} #914#return; {20379#false} is VALID [2022-02-20 18:00:15,220 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 18:00:15,220 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,223 INFO L290 TraceCheckUtils]: 0: Hoare triple {20378#true} ~handle := #in~handle;havoc ~retValue_acc~16; {20378#true} is VALID [2022-02-20 18:00:15,223 INFO L290 TraceCheckUtils]: 1: Hoare triple {20378#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~16; {20378#true} is VALID [2022-02-20 18:00:15,223 INFO L290 TraceCheckUtils]: 2: Hoare triple {20378#true} assume true; {20378#true} is VALID [2022-02-20 18:00:15,223 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20378#true} {20379#false} #916#return; {20379#false} is VALID [2022-02-20 18:00:15,223 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 109 [2022-02-20 18:00:15,232 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,234 INFO L290 TraceCheckUtils]: 0: Hoare triple {20378#true} ~handle := #in~handle;havoc ~retValue_acc~28; {20378#true} is VALID [2022-02-20 18:00:15,234 INFO L290 TraceCheckUtils]: 1: Hoare triple {20378#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {20378#true} is VALID [2022-02-20 18:00:15,234 INFO L290 TraceCheckUtils]: 2: Hoare triple {20378#true} assume true; {20378#true} is VALID [2022-02-20 18:00:15,234 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20378#true} {20379#false} #918#return; {20379#false} is VALID [2022-02-20 18:00:15,234 INFO L290 TraceCheckUtils]: 0: Hoare triple {20378#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(16, 5);call #Ultimate.allocInit(20, 6);call #Ultimate.allocInit(4, 7);call write~init~int(37, 7, 0, 1);call write~init~int(115, 7, 1, 1);call write~init~int(10, 7, 2, 1);call write~init~int(0, 7, 3, 1);call #Ultimate.allocInit(10, 8);call #Ultimate.allocInit(12, 9);call #Ultimate.allocInit(10, 10);call #Ultimate.allocInit(18, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(21, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(16, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(44, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(11, 21);call #Ultimate.allocInit(19, 22);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(100, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(21, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(25, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {20378#true} is VALID [2022-02-20 18:00:15,235 INFO L290 TraceCheckUtils]: 1: Hoare triple {20378#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet67#1, main_#t~ret68#1, main_~retValue_acc~40#1, main_~tmp~17#1;assume -2147483648 <= main_#t~nondet67#1 && main_#t~nondet67#1 <= 2147483647;main_~retValue_acc~40#1 := main_#t~nondet67#1;havoc main_#t~nondet67#1;havoc main_~tmp~17#1;assume { :begin_inline_select_helpers } true; {20378#true} is VALID [2022-02-20 18:00:15,235 INFO L290 TraceCheckUtils]: 2: Hoare triple {20378#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {20378#true} is VALID [2022-02-20 18:00:15,235 INFO L290 TraceCheckUtils]: 3: Hoare triple {20378#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {20378#true} is VALID [2022-02-20 18:00:15,235 INFO L290 TraceCheckUtils]: 4: Hoare triple {20378#true} main_#t~ret68#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret68#1 && main_#t~ret68#1 <= 2147483647;main_~tmp~17#1 := main_#t~ret68#1;havoc main_#t~ret68#1; {20378#true} is VALID [2022-02-20 18:00:15,235 INFO L290 TraceCheckUtils]: 5: Hoare triple {20378#true} assume 0 != main_~tmp~17#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet64#1, setup_#t~nondet65#1, setup_#t~nondet66#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {20378#true} is VALID [2022-02-20 18:00:15,236 INFO L272 TraceCheckUtils]: 6: Hoare triple {20378#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {20440#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:15,236 INFO L290 TraceCheckUtils]: 7: Hoare triple {20440#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20378#true} is VALID [2022-02-20 18:00:15,236 INFO L290 TraceCheckUtils]: 8: Hoare triple {20378#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {20378#true} is VALID [2022-02-20 18:00:15,237 INFO L290 TraceCheckUtils]: 9: Hoare triple {20378#true} assume true; {20378#true} is VALID [2022-02-20 18:00:15,237 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {20378#true} {20378#true} #958#return; {20378#true} is VALID [2022-02-20 18:00:15,237 INFO L290 TraceCheckUtils]: 11: Hoare triple {20378#true} assume { :end_inline_setup_bob__wrappee__Base } true; {20378#true} is VALID [2022-02-20 18:00:15,238 INFO L272 TraceCheckUtils]: 12: Hoare triple {20378#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {20441#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:15,238 INFO L290 TraceCheckUtils]: 13: Hoare triple {20441#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {20378#true} is VALID [2022-02-20 18:00:15,238 INFO L290 TraceCheckUtils]: 14: Hoare triple {20378#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {20378#true} is VALID [2022-02-20 18:00:15,238 INFO L290 TraceCheckUtils]: 15: Hoare triple {20378#true} assume true; {20378#true} is VALID [2022-02-20 18:00:15,238 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {20378#true} {20378#true} #960#return; {20378#true} is VALID [2022-02-20 18:00:15,238 INFO L290 TraceCheckUtils]: 17: Hoare triple {20378#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 19, 0;havoc setup_#t~nondet64#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {20378#true} is VALID [2022-02-20 18:00:15,239 INFO L272 TraceCheckUtils]: 18: Hoare triple {20378#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {20440#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:15,239 INFO L290 TraceCheckUtils]: 19: Hoare triple {20440#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20378#true} is VALID [2022-02-20 18:00:15,239 INFO L290 TraceCheckUtils]: 20: Hoare triple {20378#true} assume !(1 == ~handle); {20378#true} is VALID [2022-02-20 18:00:15,239 INFO L290 TraceCheckUtils]: 21: Hoare triple {20378#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {20378#true} is VALID [2022-02-20 18:00:15,239 INFO L290 TraceCheckUtils]: 22: Hoare triple {20378#true} assume true; {20378#true} is VALID [2022-02-20 18:00:15,240 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {20378#true} {20378#true} #962#return; {20378#true} is VALID [2022-02-20 18:00:15,240 INFO L290 TraceCheckUtils]: 24: Hoare triple {20378#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {20378#true} is VALID [2022-02-20 18:00:15,240 INFO L272 TraceCheckUtils]: 25: Hoare triple {20378#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {20441#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:15,241 INFO L290 TraceCheckUtils]: 26: Hoare triple {20441#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {20378#true} is VALID [2022-02-20 18:00:15,241 INFO L290 TraceCheckUtils]: 27: Hoare triple {20378#true} assume !(1 == ~handle); {20378#true} is VALID [2022-02-20 18:00:15,241 INFO L290 TraceCheckUtils]: 28: Hoare triple {20378#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {20378#true} is VALID [2022-02-20 18:00:15,241 INFO L290 TraceCheckUtils]: 29: Hoare triple {20378#true} assume true; {20378#true} is VALID [2022-02-20 18:00:15,241 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {20378#true} {20378#true} #964#return; {20378#true} is VALID [2022-02-20 18:00:15,242 INFO L290 TraceCheckUtils]: 31: Hoare triple {20378#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 20, 0;havoc setup_#t~nondet65#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {20398#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:00:15,242 INFO L272 TraceCheckUtils]: 32: Hoare triple {20398#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {20440#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:15,243 INFO L290 TraceCheckUtils]: 33: Hoare triple {20440#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20442#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:15,243 INFO L290 TraceCheckUtils]: 34: Hoare triple {20442#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {20442#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:15,243 INFO L290 TraceCheckUtils]: 35: Hoare triple {20442#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {20442#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:15,244 INFO L290 TraceCheckUtils]: 36: Hoare triple {20442#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {20443#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:15,244 INFO L290 TraceCheckUtils]: 37: Hoare triple {20443#(= 3 |setClientId_#in~handle|)} assume true; {20443#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:15,245 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {20443#(= 3 |setClientId_#in~handle|)} {20398#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #966#return; {20405#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:00:15,245 INFO L290 TraceCheckUtils]: 39: Hoare triple {20405#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} assume { :end_inline_setup_chuck__wrappee__Base } true; {20405#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:00:15,246 INFO L272 TraceCheckUtils]: 40: Hoare triple {20405#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {20441#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:15,246 INFO L290 TraceCheckUtils]: 41: Hoare triple {20441#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {20444#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:15,246 INFO L290 TraceCheckUtils]: 42: Hoare triple {20444#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {20444#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:15,247 INFO L290 TraceCheckUtils]: 43: Hoare triple {20444#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {20445#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:15,247 INFO L290 TraceCheckUtils]: 44: Hoare triple {20445#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {20445#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:15,248 INFO L284 TraceCheckUtils]: 45: Hoare quadruple {20445#(= 2 |setClientPrivateKey_#in~handle|)} {20405#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #968#return; {20379#false} is VALID [2022-02-20 18:00:15,248 INFO L290 TraceCheckUtils]: 46: Hoare triple {20379#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 21, 0;havoc setup_#t~nondet66#1; {20379#false} is VALID [2022-02-20 18:00:15,249 INFO L290 TraceCheckUtils]: 47: Hoare triple {20379#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {20379#false} is VALID [2022-02-20 18:00:15,249 INFO L290 TraceCheckUtils]: 48: Hoare triple {20379#false} assume !false; {20379#false} is VALID [2022-02-20 18:00:15,249 INFO L290 TraceCheckUtils]: 49: Hoare triple {20379#false} assume test_~splverifierCounter~0#1 < 4; {20379#false} is VALID [2022-02-20 18:00:15,249 INFO L290 TraceCheckUtils]: 50: Hoare triple {20379#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {20379#false} is VALID [2022-02-20 18:00:15,249 INFO L290 TraceCheckUtils]: 51: Hoare triple {20379#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet26#1 && test_#t~nondet26#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet26#1;havoc test_#t~nondet26#1; {20379#false} is VALID [2022-02-20 18:00:15,249 INFO L290 TraceCheckUtils]: 52: Hoare triple {20379#false} assume !(0 != test_~tmp___9~0#1); {20379#false} is VALID [2022-02-20 18:00:15,249 INFO L290 TraceCheckUtils]: 53: Hoare triple {20379#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet27#1 && test_#t~nondet27#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet27#1;havoc test_#t~nondet27#1; {20379#false} is VALID [2022-02-20 18:00:15,250 INFO L290 TraceCheckUtils]: 54: Hoare triple {20379#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {20379#false} is VALID [2022-02-20 18:00:15,250 INFO L290 TraceCheckUtils]: 55: Hoare triple {20379#false} assume !false; {20379#false} is VALID [2022-02-20 18:00:15,250 INFO L290 TraceCheckUtils]: 56: Hoare triple {20379#false} assume !(test_~splverifierCounter~0#1 < 4); {20379#false} is VALID [2022-02-20 18:00:15,250 INFO L290 TraceCheckUtils]: 57: Hoare triple {20379#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_#t~ret61#1, bobToRjh_#t~ret62#1, bobToRjh_~tmp~16#1, bobToRjh_~tmp___0~7#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~16#1;havoc bobToRjh_~tmp___0~7#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret59#1 := puts(17, 0);assume -2147483648 <= bobToRjh_#t~ret59#1 && bobToRjh_#t~ret59#1 <= 2147483647;havoc bobToRjh_#t~ret59#1; {20379#false} is VALID [2022-02-20 18:00:15,250 INFO L272 TraceCheckUtils]: 58: Hoare triple {20379#false} call sendEmail(~bob~0, ~rjh~0); {20379#false} is VALID [2022-02-20 18:00:15,250 INFO L290 TraceCheckUtils]: 59: Hoare triple {20379#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~39#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~39#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {20379#false} is VALID [2022-02-20 18:00:15,250 INFO L272 TraceCheckUtils]: 60: Hoare triple {20379#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {20446#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:15,251 INFO L290 TraceCheckUtils]: 61: Hoare triple {20446#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {20378#true} is VALID [2022-02-20 18:00:15,251 INFO L290 TraceCheckUtils]: 62: Hoare triple {20378#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {20378#true} is VALID [2022-02-20 18:00:15,251 INFO L290 TraceCheckUtils]: 63: Hoare triple {20378#true} assume true; {20378#true} is VALID [2022-02-20 18:00:15,251 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {20378#true} {20379#false} #946#return; {20379#false} is VALID [2022-02-20 18:00:15,251 INFO L290 TraceCheckUtils]: 65: Hoare triple {20379#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {20379#false} is VALID [2022-02-20 18:00:15,251 INFO L290 TraceCheckUtils]: 66: Hoare triple {20379#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {20379#false} is VALID [2022-02-20 18:00:15,251 INFO L290 TraceCheckUtils]: 67: Hoare triple {20379#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~39#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~39#1; {20379#false} is VALID [2022-02-20 18:00:15,252 INFO L290 TraceCheckUtils]: 68: Hoare triple {20379#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {20379#false} is VALID [2022-02-20 18:00:15,252 INFO L272 TraceCheckUtils]: 69: Hoare triple {20379#false} call outgoing(~sender#1, ~email~0#1); {20379#false} is VALID [2022-02-20 18:00:15,252 INFO L290 TraceCheckUtils]: 70: Hoare triple {20379#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret18#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~6#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~6#1; {20379#false} is VALID [2022-02-20 18:00:15,252 INFO L272 TraceCheckUtils]: 71: Hoare triple {20379#false} call sign_#t~ret18#1 := getClientPrivateKey(sign_~client#1); {20378#true} is VALID [2022-02-20 18:00:15,252 INFO L290 TraceCheckUtils]: 72: Hoare triple {20378#true} ~handle := #in~handle;havoc ~retValue_acc~28; {20378#true} is VALID [2022-02-20 18:00:15,252 INFO L290 TraceCheckUtils]: 73: Hoare triple {20378#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {20378#true} is VALID [2022-02-20 18:00:15,252 INFO L290 TraceCheckUtils]: 74: Hoare triple {20378#true} assume true; {20378#true} is VALID [2022-02-20 18:00:15,253 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {20378#true} {20379#false} #904#return; {20379#false} is VALID [2022-02-20 18:00:15,253 INFO L290 TraceCheckUtils]: 76: Hoare triple {20379#false} assume -2147483648 <= sign_#t~ret18#1 && sign_#t~ret18#1 <= 2147483647;sign_~tmp~6#1 := sign_#t~ret18#1;havoc sign_#t~ret18#1;sign_~privkey~1#1 := sign_~tmp~6#1; {20379#false} is VALID [2022-02-20 18:00:15,253 INFO L290 TraceCheckUtils]: 77: Hoare triple {20379#false} assume 0 == sign_~privkey~1#1; {20379#false} is VALID [2022-02-20 18:00:15,253 INFO L290 TraceCheckUtils]: 78: Hoare triple {20379#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret8#1, outgoing__wrappee__Encrypt_#t~ret9#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~2#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~0#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~2#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~0#1; {20379#false} is VALID [2022-02-20 18:00:15,253 INFO L272 TraceCheckUtils]: 79: Hoare triple {20379#false} call outgoing__wrappee__Encrypt_#t~ret8#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {20378#true} is VALID [2022-02-20 18:00:15,253 INFO L290 TraceCheckUtils]: 80: Hoare triple {20378#true} ~handle := #in~handle;havoc ~retValue_acc~11; {20378#true} is VALID [2022-02-20 18:00:15,253 INFO L290 TraceCheckUtils]: 81: Hoare triple {20378#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {20378#true} is VALID [2022-02-20 18:00:15,253 INFO L290 TraceCheckUtils]: 82: Hoare triple {20378#true} assume true; {20378#true} is VALID [2022-02-20 18:00:15,254 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {20378#true} {20379#false} #906#return; {20379#false} is VALID [2022-02-20 18:00:15,254 INFO L290 TraceCheckUtils]: 84: Hoare triple {20379#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret8#1 && outgoing__wrappee__Encrypt_#t~ret8#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~2#1 := outgoing__wrappee__Encrypt_#t~ret8#1;havoc outgoing__wrappee__Encrypt_#t~ret8#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~2#1; {20379#false} is VALID [2022-02-20 18:00:15,254 INFO L272 TraceCheckUtils]: 85: Hoare triple {20379#false} call outgoing__wrappee__Encrypt_#t~ret9#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {20378#true} is VALID [2022-02-20 18:00:15,254 INFO L290 TraceCheckUtils]: 86: Hoare triple {20378#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~33; {20378#true} is VALID [2022-02-20 18:00:15,254 INFO L290 TraceCheckUtils]: 87: Hoare triple {20378#true} assume 1 == ~handle; {20378#true} is VALID [2022-02-20 18:00:15,254 INFO L290 TraceCheckUtils]: 88: Hoare triple {20378#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~33 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~33; {20378#true} is VALID [2022-02-20 18:00:15,255 INFO L290 TraceCheckUtils]: 89: Hoare triple {20378#true} assume true; {20378#true} is VALID [2022-02-20 18:00:15,255 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {20378#true} {20379#false} #908#return; {20379#false} is VALID [2022-02-20 18:00:15,255 INFO L290 TraceCheckUtils]: 91: Hoare triple {20379#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret9#1 && outgoing__wrappee__Encrypt_#t~ret9#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~0#1 := outgoing__wrappee__Encrypt_#t~ret9#1;havoc outgoing__wrappee__Encrypt_#t~ret9#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~0#1; {20379#false} is VALID [2022-02-20 18:00:15,255 INFO L290 TraceCheckUtils]: 92: Hoare triple {20379#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {20379#false} is VALID [2022-02-20 18:00:15,255 INFO L290 TraceCheckUtils]: 93: Hoare triple {20379#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret7#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~1#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~35#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~35#1; {20379#false} is VALID [2022-02-20 18:00:15,255 INFO L290 TraceCheckUtils]: 94: Hoare triple {20379#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~35#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~35#1; {20379#false} is VALID [2022-02-20 18:00:15,255 INFO L290 TraceCheckUtils]: 95: Hoare triple {20379#false} outgoing__wrappee__Keys_#t~ret7#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret7#1 && outgoing__wrappee__Keys_#t~ret7#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~1#1 := outgoing__wrappee__Keys_#t~ret7#1;havoc outgoing__wrappee__Keys_#t~ret7#1; {20379#false} is VALID [2022-02-20 18:00:15,256 INFO L272 TraceCheckUtils]: 96: Hoare triple {20379#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~1#1); {20446#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:15,256 INFO L290 TraceCheckUtils]: 97: Hoare triple {20446#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {20378#true} is VALID [2022-02-20 18:00:15,256 INFO L290 TraceCheckUtils]: 98: Hoare triple {20378#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {20378#true} is VALID [2022-02-20 18:00:15,256 INFO L290 TraceCheckUtils]: 99: Hoare triple {20378#true} assume true; {20378#true} is VALID [2022-02-20 18:00:15,256 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {20378#true} {20379#false} #914#return; {20379#false} is VALID [2022-02-20 18:00:15,256 INFO L290 TraceCheckUtils]: 101: Hoare triple {20379#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret5#1, mail_#t~ret6#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~0#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret80#1, __utac_acc__SignForward_spec__1_#t~ret81#1, __utac_acc__SignForward_spec__1_#t~ret82#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~19#1, __utac_acc__SignForward_spec__1_~tmp___0~9#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~19#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~9#1;call __utac_acc__SignForward_spec__1_#t~ret80#1 := puts(25, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret80#1 && __utac_acc__SignForward_spec__1_#t~ret80#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret80#1; {20379#false} is VALID [2022-02-20 18:00:15,256 INFO L272 TraceCheckUtils]: 102: Hoare triple {20379#false} call __utac_acc__SignForward_spec__1_#t~ret81#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {20378#true} is VALID [2022-02-20 18:00:15,256 INFO L290 TraceCheckUtils]: 103: Hoare triple {20378#true} ~handle := #in~handle;havoc ~retValue_acc~16; {20378#true} is VALID [2022-02-20 18:00:15,257 INFO L290 TraceCheckUtils]: 104: Hoare triple {20378#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~16; {20378#true} is VALID [2022-02-20 18:00:15,257 INFO L290 TraceCheckUtils]: 105: Hoare triple {20378#true} assume true; {20378#true} is VALID [2022-02-20 18:00:15,257 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {20378#true} {20379#false} #916#return; {20379#false} is VALID [2022-02-20 18:00:15,257 INFO L290 TraceCheckUtils]: 107: Hoare triple {20379#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret81#1 && __utac_acc__SignForward_spec__1_#t~ret81#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~9#1 := __utac_acc__SignForward_spec__1_#t~ret81#1;havoc __utac_acc__SignForward_spec__1_#t~ret81#1; {20379#false} is VALID [2022-02-20 18:00:15,257 INFO L290 TraceCheckUtils]: 108: Hoare triple {20379#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~9#1; {20379#false} is VALID [2022-02-20 18:00:15,257 INFO L272 TraceCheckUtils]: 109: Hoare triple {20379#false} call __utac_acc__SignForward_spec__1_#t~ret82#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {20378#true} is VALID [2022-02-20 18:00:15,257 INFO L290 TraceCheckUtils]: 110: Hoare triple {20378#true} ~handle := #in~handle;havoc ~retValue_acc~28; {20378#true} is VALID [2022-02-20 18:00:15,258 INFO L290 TraceCheckUtils]: 111: Hoare triple {20378#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {20378#true} is VALID [2022-02-20 18:00:15,258 INFO L290 TraceCheckUtils]: 112: Hoare triple {20378#true} assume true; {20378#true} is VALID [2022-02-20 18:00:15,258 INFO L284 TraceCheckUtils]: 113: Hoare quadruple {20378#true} {20379#false} #918#return; {20379#false} is VALID [2022-02-20 18:00:15,258 INFO L290 TraceCheckUtils]: 114: Hoare triple {20379#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret82#1 && __utac_acc__SignForward_spec__1_#t~ret82#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~19#1 := __utac_acc__SignForward_spec__1_#t~ret82#1;havoc __utac_acc__SignForward_spec__1_#t~ret82#1; {20379#false} is VALID [2022-02-20 18:00:15,258 INFO L290 TraceCheckUtils]: 115: Hoare triple {20379#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~19#1;assume { :begin_inline___automaton_fail } true; {20379#false} is VALID [2022-02-20 18:00:15,258 INFO L290 TraceCheckUtils]: 116: Hoare triple {20379#false} assume !false; {20379#false} is VALID [2022-02-20 18:00:15,259 INFO L134 CoverageAnalysis]: Checked inductivity of 36 backedges. 14 proven. 0 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 18:00:15,259 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:00:15,259 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1074541218] [2022-02-20 18:00:15,259 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1074541218] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:00:15,259 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:00:15,259 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [11] imperfect sequences [] total 11 [2022-02-20 18:00:15,260 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [921657798] [2022-02-20 18:00:15,260 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:00:15,260 INFO L78 Accepts]: Start accepts. Automaton has has 11 states, 10 states have (on average 7.8) internal successors, (78), 8 states have internal predecessors, (78), 4 states have call successors, (15), 5 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) Word has length 117 [2022-02-20 18:00:15,261 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:00:15,261 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 11 states, 10 states have (on average 7.8) internal successors, (78), 8 states have internal predecessors, (78), 4 states have call successors, (15), 5 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 18:00:15,342 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 106 edges. 106 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:15,342 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 11 states [2022-02-20 18:00:15,342 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:00:15,343 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 11 interpolants. [2022-02-20 18:00:15,343 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=19, Invalid=91, Unknown=0, NotChecked=0, Total=110 [2022-02-20 18:00:15,343 INFO L87 Difference]: Start difference. First operand 372 states and 561 transitions. Second operand has 11 states, 10 states have (on average 7.8) internal successors, (78), 8 states have internal predecessors, (78), 4 states have call successors, (15), 5 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 18:00:22,353 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:22,354 INFO L93 Difference]: Finished difference Result 790 states and 1203 transitions. [2022-02-20 18:00:22,354 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 12 states. [2022-02-20 18:00:22,354 INFO L78 Accepts]: Start accepts. Automaton has has 11 states, 10 states have (on average 7.8) internal successors, (78), 8 states have internal predecessors, (78), 4 states have call successors, (15), 5 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) Word has length 117 [2022-02-20 18:00:22,354 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:00:22,354 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 11 states, 10 states have (on average 7.8) internal successors, (78), 8 states have internal predecessors, (78), 4 states have call successors, (15), 5 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 18:00:22,364 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 12 states to 12 states and 1032 transitions. [2022-02-20 18:00:22,364 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 11 states, 10 states have (on average 7.8) internal successors, (78), 8 states have internal predecessors, (78), 4 states have call successors, (15), 5 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 18:00:22,372 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 12 states to 12 states and 1032 transitions. [2022-02-20 18:00:22,373 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 12 states and 1032 transitions. [2022-02-20 18:00:23,176 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1032 edges. 1032 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:23,187 INFO L225 Difference]: With dead ends: 790 [2022-02-20 18:00:23,187 INFO L226 Difference]: Without dead ends: 445 [2022-02-20 18:00:23,189 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 48 GetRequests, 29 SyntacticMatches, 0 SemanticMatches, 19 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 46 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=84, Invalid=336, Unknown=0, NotChecked=0, Total=420 [2022-02-20 18:00:23,191 INFO L933 BasicCegarLoop]: 500 mSDtfsCounter, 969 mSDsluCounter, 952 mSDsCounter, 0 mSdLazyCounter, 2918 mSolverCounterSat, 316 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 969 SdHoareTripleChecker+Valid, 1452 SdHoareTripleChecker+Invalid, 3234 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 316 IncrementalHoareTripleChecker+Valid, 2918 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.2s IncrementalHoareTripleChecker+Time [2022-02-20 18:00:23,191 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [969 Valid, 1452 Invalid, 3234 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [316 Valid, 2918 Invalid, 0 Unknown, 0 Unchecked, 3.2s Time] [2022-02-20 18:00:23,192 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 445 states. [2022-02-20 18:00:23,293 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 445 to 374. [2022-02-20 18:00:23,293 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:00:23,294 INFO L82 GeneralOperation]: Start isEquivalent. First operand 445 states. Second operand has 374 states, 286 states have (on average 1.5174825174825175) internal successors, (434), 293 states have internal predecessors, (434), 61 states have call successors, (61), 22 states have call predecessors, (61), 26 states have return successors, (72), 60 states have call predecessors, (72), 60 states have call successors, (72) [2022-02-20 18:00:23,295 INFO L74 IsIncluded]: Start isIncluded. First operand 445 states. Second operand has 374 states, 286 states have (on average 1.5174825174825175) internal successors, (434), 293 states have internal predecessors, (434), 61 states have call successors, (61), 22 states have call predecessors, (61), 26 states have return successors, (72), 60 states have call predecessors, (72), 60 states have call successors, (72) [2022-02-20 18:00:23,295 INFO L87 Difference]: Start difference. First operand 445 states. Second operand has 374 states, 286 states have (on average 1.5174825174825175) internal successors, (434), 293 states have internal predecessors, (434), 61 states have call successors, (61), 22 states have call predecessors, (61), 26 states have return successors, (72), 60 states have call predecessors, (72), 60 states have call successors, (72) [2022-02-20 18:00:23,311 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:23,311 INFO L93 Difference]: Finished difference Result 445 states and 678 transitions. [2022-02-20 18:00:23,311 INFO L276 IsEmpty]: Start isEmpty. Operand 445 states and 678 transitions. [2022-02-20 18:00:23,313 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:23,313 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:23,314 INFO L74 IsIncluded]: Start isIncluded. First operand has 374 states, 286 states have (on average 1.5174825174825175) internal successors, (434), 293 states have internal predecessors, (434), 61 states have call successors, (61), 22 states have call predecessors, (61), 26 states have return successors, (72), 60 states have call predecessors, (72), 60 states have call successors, (72) Second operand 445 states. [2022-02-20 18:00:23,315 INFO L87 Difference]: Start difference. First operand has 374 states, 286 states have (on average 1.5174825174825175) internal successors, (434), 293 states have internal predecessors, (434), 61 states have call successors, (61), 22 states have call predecessors, (61), 26 states have return successors, (72), 60 states have call predecessors, (72), 60 states have call successors, (72) Second operand 445 states. [2022-02-20 18:00:23,330 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:23,331 INFO L93 Difference]: Finished difference Result 445 states and 678 transitions. [2022-02-20 18:00:23,331 INFO L276 IsEmpty]: Start isEmpty. Operand 445 states and 678 transitions. [2022-02-20 18:00:23,333 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:23,333 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:23,333 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:00:23,333 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:00:23,334 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 374 states, 286 states have (on average 1.5174825174825175) internal successors, (434), 293 states have internal predecessors, (434), 61 states have call successors, (61), 22 states have call predecessors, (61), 26 states have return successors, (72), 60 states have call predecessors, (72), 60 states have call successors, (72) [2022-02-20 18:00:23,347 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 374 states to 374 states and 567 transitions. [2022-02-20 18:00:23,347 INFO L78 Accepts]: Start accepts. Automaton has 374 states and 567 transitions. Word has length 117 [2022-02-20 18:00:23,347 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:00:23,348 INFO L470 AbstractCegarLoop]: Abstraction has 374 states and 567 transitions. [2022-02-20 18:00:23,348 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 11 states, 10 states have (on average 7.8) internal successors, (78), 8 states have internal predecessors, (78), 4 states have call successors, (15), 5 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 18:00:23,348 INFO L276 IsEmpty]: Start isEmpty. Operand 374 states and 567 transitions. [2022-02-20 18:00:23,351 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 119 [2022-02-20 18:00:23,351 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:00:23,351 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:00:23,351 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-02-20 18:00:23,351 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:00:23,352 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:00:23,352 INFO L85 PathProgramCache]: Analyzing trace with hash 945960143, now seen corresponding path program 1 times [2022-02-20 18:00:23,352 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:00:23,352 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [665012013] [2022-02-20 18:00:23,352 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:23,352 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:00:23,390 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:23,440 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:00:23,441 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:23,444 INFO L290 TraceCheckUtils]: 0: Hoare triple {23058#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22995#true} is VALID [2022-02-20 18:00:23,444 INFO L290 TraceCheckUtils]: 1: Hoare triple {22995#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {22995#true} is VALID [2022-02-20 18:00:23,445 INFO L290 TraceCheckUtils]: 2: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:23,445 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22995#true} {22995#true} #958#return; {22995#true} is VALID [2022-02-20 18:00:23,451 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:00:23,452 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:23,455 INFO L290 TraceCheckUtils]: 0: Hoare triple {23059#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22995#true} is VALID [2022-02-20 18:00:23,455 INFO L290 TraceCheckUtils]: 1: Hoare triple {22995#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {22995#true} is VALID [2022-02-20 18:00:23,455 INFO L290 TraceCheckUtils]: 2: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:23,455 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22995#true} {22995#true} #960#return; {22995#true} is VALID [2022-02-20 18:00:23,455 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:00:23,457 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:23,459 INFO L290 TraceCheckUtils]: 0: Hoare triple {23058#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22995#true} is VALID [2022-02-20 18:00:23,460 INFO L290 TraceCheckUtils]: 1: Hoare triple {22995#true} assume !(1 == ~handle); {22995#true} is VALID [2022-02-20 18:00:23,460 INFO L290 TraceCheckUtils]: 2: Hoare triple {22995#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {22995#true} is VALID [2022-02-20 18:00:23,460 INFO L290 TraceCheckUtils]: 3: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:23,460 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {22995#true} {22995#true} #962#return; {22995#true} is VALID [2022-02-20 18:00:23,460 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:00:23,462 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:23,464 INFO L290 TraceCheckUtils]: 0: Hoare triple {23059#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22995#true} is VALID [2022-02-20 18:00:23,464 INFO L290 TraceCheckUtils]: 1: Hoare triple {22995#true} assume !(1 == ~handle); {22995#true} is VALID [2022-02-20 18:00:23,464 INFO L290 TraceCheckUtils]: 2: Hoare triple {22995#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {22995#true} is VALID [2022-02-20 18:00:23,464 INFO L290 TraceCheckUtils]: 3: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:23,465 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {22995#true} {22995#true} #964#return; {22995#true} is VALID [2022-02-20 18:00:23,465 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:00:23,466 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:23,468 INFO L290 TraceCheckUtils]: 0: Hoare triple {23058#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22995#true} is VALID [2022-02-20 18:00:23,468 INFO L290 TraceCheckUtils]: 1: Hoare triple {22995#true} assume !(1 == ~handle); {22995#true} is VALID [2022-02-20 18:00:23,468 INFO L290 TraceCheckUtils]: 2: Hoare triple {22995#true} assume !(2 == ~handle); {22995#true} is VALID [2022-02-20 18:00:23,468 INFO L290 TraceCheckUtils]: 3: Hoare triple {22995#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {22995#true} is VALID [2022-02-20 18:00:23,469 INFO L290 TraceCheckUtils]: 4: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:23,469 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {22995#true} {22995#true} #966#return; {22995#true} is VALID [2022-02-20 18:00:23,469 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:00:23,470 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:23,473 INFO L290 TraceCheckUtils]: 0: Hoare triple {23059#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22995#true} is VALID [2022-02-20 18:00:23,473 INFO L290 TraceCheckUtils]: 1: Hoare triple {22995#true} assume !(1 == ~handle); {22995#true} is VALID [2022-02-20 18:00:23,473 INFO L290 TraceCheckUtils]: 2: Hoare triple {22995#true} assume !(2 == ~handle); {22995#true} is VALID [2022-02-20 18:00:23,473 INFO L290 TraceCheckUtils]: 3: Hoare triple {22995#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {22995#true} is VALID [2022-02-20 18:00:23,473 INFO L290 TraceCheckUtils]: 4: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:23,473 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {22995#true} {22995#true} #968#return; {22995#true} is VALID [2022-02-20 18:00:23,479 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 18:00:23,480 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:23,482 INFO L290 TraceCheckUtils]: 0: Hoare triple {23060#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22995#true} is VALID [2022-02-20 18:00:23,483 INFO L290 TraceCheckUtils]: 1: Hoare triple {22995#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22995#true} is VALID [2022-02-20 18:00:23,483 INFO L290 TraceCheckUtils]: 2: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:23,483 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22995#true} {22996#false} #946#return; {22996#false} is VALID [2022-02-20 18:00:23,483 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 18:00:23,484 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:23,487 INFO L290 TraceCheckUtils]: 0: Hoare triple {22995#true} ~handle := #in~handle;havoc ~retValue_acc~28; {22995#true} is VALID [2022-02-20 18:00:23,487 INFO L290 TraceCheckUtils]: 1: Hoare triple {22995#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {22995#true} is VALID [2022-02-20 18:00:23,487 INFO L290 TraceCheckUtils]: 2: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:23,487 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22995#true} {22996#false} #904#return; {22996#false} is VALID [2022-02-20 18:00:23,488 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2022-02-20 18:00:23,488 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:23,490 INFO L290 TraceCheckUtils]: 0: Hoare triple {22995#true} ~handle := #in~handle;havoc ~retValue_acc~11; {22995#true} is VALID [2022-02-20 18:00:23,490 INFO L290 TraceCheckUtils]: 1: Hoare triple {22995#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {22995#true} is VALID [2022-02-20 18:00:23,490 INFO L290 TraceCheckUtils]: 2: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:23,490 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22995#true} {22996#false} #906#return; {22996#false} is VALID [2022-02-20 18:00:23,490 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 18:00:23,491 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:23,493 INFO L290 TraceCheckUtils]: 0: Hoare triple {22995#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~33; {22995#true} is VALID [2022-02-20 18:00:23,493 INFO L290 TraceCheckUtils]: 1: Hoare triple {22995#true} assume 1 == ~handle; {22995#true} is VALID [2022-02-20 18:00:23,493 INFO L290 TraceCheckUtils]: 2: Hoare triple {22995#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~33 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~33; {22995#true} is VALID [2022-02-20 18:00:23,493 INFO L290 TraceCheckUtils]: 3: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:23,493 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {22995#true} {22996#false} #908#return; {22996#false} is VALID [2022-02-20 18:00:23,494 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 97 [2022-02-20 18:00:23,495 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:23,496 INFO L290 TraceCheckUtils]: 0: Hoare triple {23060#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22995#true} is VALID [2022-02-20 18:00:23,496 INFO L290 TraceCheckUtils]: 1: Hoare triple {22995#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22995#true} is VALID [2022-02-20 18:00:23,497 INFO L290 TraceCheckUtils]: 2: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:23,497 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22995#true} {22996#false} #914#return; {22996#false} is VALID [2022-02-20 18:00:23,497 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-02-20 18:00:23,498 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:23,504 INFO L290 TraceCheckUtils]: 0: Hoare triple {22995#true} ~handle := #in~handle;havoc ~retValue_acc~16; {22995#true} is VALID [2022-02-20 18:00:23,504 INFO L290 TraceCheckUtils]: 1: Hoare triple {22995#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~16; {22995#true} is VALID [2022-02-20 18:00:23,504 INFO L290 TraceCheckUtils]: 2: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:23,504 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22995#true} {22996#false} #916#return; {22996#false} is VALID [2022-02-20 18:00:23,504 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 110 [2022-02-20 18:00:23,505 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:23,507 INFO L290 TraceCheckUtils]: 0: Hoare triple {22995#true} ~handle := #in~handle;havoc ~retValue_acc~28; {22995#true} is VALID [2022-02-20 18:00:23,507 INFO L290 TraceCheckUtils]: 1: Hoare triple {22995#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {22995#true} is VALID [2022-02-20 18:00:23,508 INFO L290 TraceCheckUtils]: 2: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:23,508 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22995#true} {22996#false} #918#return; {22996#false} is VALID [2022-02-20 18:00:23,508 INFO L290 TraceCheckUtils]: 0: Hoare triple {22995#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(16, 5);call #Ultimate.allocInit(20, 6);call #Ultimate.allocInit(4, 7);call write~init~int(37, 7, 0, 1);call write~init~int(115, 7, 1, 1);call write~init~int(10, 7, 2, 1);call write~init~int(0, 7, 3, 1);call #Ultimate.allocInit(10, 8);call #Ultimate.allocInit(12, 9);call #Ultimate.allocInit(10, 10);call #Ultimate.allocInit(18, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(21, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(16, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(44, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(11, 21);call #Ultimate.allocInit(19, 22);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(100, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(21, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(25, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {22995#true} is VALID [2022-02-20 18:00:23,508 INFO L290 TraceCheckUtils]: 1: Hoare triple {22995#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet67#1, main_#t~ret68#1, main_~retValue_acc~40#1, main_~tmp~17#1;assume -2147483648 <= main_#t~nondet67#1 && main_#t~nondet67#1 <= 2147483647;main_~retValue_acc~40#1 := main_#t~nondet67#1;havoc main_#t~nondet67#1;havoc main_~tmp~17#1;assume { :begin_inline_select_helpers } true; {22995#true} is VALID [2022-02-20 18:00:23,508 INFO L290 TraceCheckUtils]: 2: Hoare triple {22995#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {22995#true} is VALID [2022-02-20 18:00:23,508 INFO L290 TraceCheckUtils]: 3: Hoare triple {22995#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {22995#true} is VALID [2022-02-20 18:00:23,508 INFO L290 TraceCheckUtils]: 4: Hoare triple {22995#true} main_#t~ret68#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret68#1 && main_#t~ret68#1 <= 2147483647;main_~tmp~17#1 := main_#t~ret68#1;havoc main_#t~ret68#1; {22995#true} is VALID [2022-02-20 18:00:23,509 INFO L290 TraceCheckUtils]: 5: Hoare triple {22995#true} assume 0 != main_~tmp~17#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet64#1, setup_#t~nondet65#1, setup_#t~nondet66#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {22995#true} is VALID [2022-02-20 18:00:23,509 INFO L272 TraceCheckUtils]: 6: Hoare triple {22995#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {23058#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:23,509 INFO L290 TraceCheckUtils]: 7: Hoare triple {23058#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22995#true} is VALID [2022-02-20 18:00:23,510 INFO L290 TraceCheckUtils]: 8: Hoare triple {22995#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {22995#true} is VALID [2022-02-20 18:00:23,510 INFO L290 TraceCheckUtils]: 9: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:23,510 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {22995#true} {22995#true} #958#return; {22995#true} is VALID [2022-02-20 18:00:23,510 INFO L290 TraceCheckUtils]: 11: Hoare triple {22995#true} assume { :end_inline_setup_bob__wrappee__Base } true; {22995#true} is VALID [2022-02-20 18:00:23,511 INFO L272 TraceCheckUtils]: 12: Hoare triple {22995#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {23059#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:23,511 INFO L290 TraceCheckUtils]: 13: Hoare triple {23059#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22995#true} is VALID [2022-02-20 18:00:23,511 INFO L290 TraceCheckUtils]: 14: Hoare triple {22995#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {22995#true} is VALID [2022-02-20 18:00:23,511 INFO L290 TraceCheckUtils]: 15: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:23,511 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {22995#true} {22995#true} #960#return; {22995#true} is VALID [2022-02-20 18:00:23,511 INFO L290 TraceCheckUtils]: 17: Hoare triple {22995#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 19, 0;havoc setup_#t~nondet64#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {22995#true} is VALID [2022-02-20 18:00:23,512 INFO L272 TraceCheckUtils]: 18: Hoare triple {22995#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {23058#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:23,512 INFO L290 TraceCheckUtils]: 19: Hoare triple {23058#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22995#true} is VALID [2022-02-20 18:00:23,512 INFO L290 TraceCheckUtils]: 20: Hoare triple {22995#true} assume !(1 == ~handle); {22995#true} is VALID [2022-02-20 18:00:23,513 INFO L290 TraceCheckUtils]: 21: Hoare triple {22995#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {22995#true} is VALID [2022-02-20 18:00:23,513 INFO L290 TraceCheckUtils]: 22: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:23,513 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {22995#true} {22995#true} #962#return; {22995#true} is VALID [2022-02-20 18:00:23,513 INFO L290 TraceCheckUtils]: 24: Hoare triple {22995#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {22995#true} is VALID [2022-02-20 18:00:23,514 INFO L272 TraceCheckUtils]: 25: Hoare triple {22995#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {23059#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:23,514 INFO L290 TraceCheckUtils]: 26: Hoare triple {23059#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22995#true} is VALID [2022-02-20 18:00:23,514 INFO L290 TraceCheckUtils]: 27: Hoare triple {22995#true} assume !(1 == ~handle); {22995#true} is VALID [2022-02-20 18:00:23,514 INFO L290 TraceCheckUtils]: 28: Hoare triple {22995#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {22995#true} is VALID [2022-02-20 18:00:23,514 INFO L290 TraceCheckUtils]: 29: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:23,514 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {22995#true} {22995#true} #964#return; {22995#true} is VALID [2022-02-20 18:00:23,514 INFO L290 TraceCheckUtils]: 31: Hoare triple {22995#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 20, 0;havoc setup_#t~nondet65#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {22995#true} is VALID [2022-02-20 18:00:23,515 INFO L272 TraceCheckUtils]: 32: Hoare triple {22995#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {23058#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:23,515 INFO L290 TraceCheckUtils]: 33: Hoare triple {23058#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22995#true} is VALID [2022-02-20 18:00:23,515 INFO L290 TraceCheckUtils]: 34: Hoare triple {22995#true} assume !(1 == ~handle); {22995#true} is VALID [2022-02-20 18:00:23,516 INFO L290 TraceCheckUtils]: 35: Hoare triple {22995#true} assume !(2 == ~handle); {22995#true} is VALID [2022-02-20 18:00:23,516 INFO L290 TraceCheckUtils]: 36: Hoare triple {22995#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {22995#true} is VALID [2022-02-20 18:00:23,516 INFO L290 TraceCheckUtils]: 37: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:23,516 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {22995#true} {22995#true} #966#return; {22995#true} is VALID [2022-02-20 18:00:23,516 INFO L290 TraceCheckUtils]: 39: Hoare triple {22995#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {22995#true} is VALID [2022-02-20 18:00:23,517 INFO L272 TraceCheckUtils]: 40: Hoare triple {22995#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {23059#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:23,517 INFO L290 TraceCheckUtils]: 41: Hoare triple {23059#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22995#true} is VALID [2022-02-20 18:00:23,517 INFO L290 TraceCheckUtils]: 42: Hoare triple {22995#true} assume !(1 == ~handle); {22995#true} is VALID [2022-02-20 18:00:23,517 INFO L290 TraceCheckUtils]: 43: Hoare triple {22995#true} assume !(2 == ~handle); {22995#true} is VALID [2022-02-20 18:00:23,517 INFO L290 TraceCheckUtils]: 44: Hoare triple {22995#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {22995#true} is VALID [2022-02-20 18:00:23,518 INFO L290 TraceCheckUtils]: 45: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:23,518 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {22995#true} {22995#true} #968#return; {22995#true} is VALID [2022-02-20 18:00:23,518 INFO L290 TraceCheckUtils]: 47: Hoare triple {22995#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 21, 0;havoc setup_#t~nondet66#1; {22995#true} is VALID [2022-02-20 18:00:23,518 INFO L290 TraceCheckUtils]: 48: Hoare triple {22995#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {23027#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:00:23,519 INFO L290 TraceCheckUtils]: 49: Hoare triple {23027#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {23027#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:00:23,519 INFO L290 TraceCheckUtils]: 50: Hoare triple {23027#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {23027#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:00:23,519 INFO L290 TraceCheckUtils]: 51: Hoare triple {23027#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {23028#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:00:23,520 INFO L290 TraceCheckUtils]: 52: Hoare triple {23028#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet26#1 && test_#t~nondet26#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet26#1;havoc test_#t~nondet26#1; {23028#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:00:23,520 INFO L290 TraceCheckUtils]: 53: Hoare triple {23028#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(0 != test_~tmp___9~0#1); {23028#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:00:23,520 INFO L290 TraceCheckUtils]: 54: Hoare triple {23028#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet27#1 && test_#t~nondet27#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet27#1;havoc test_#t~nondet27#1; {23028#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:00:23,521 INFO L290 TraceCheckUtils]: 55: Hoare triple {23028#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {23028#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:00:23,521 INFO L290 TraceCheckUtils]: 56: Hoare triple {23028#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !false; {23028#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:00:23,521 INFO L290 TraceCheckUtils]: 57: Hoare triple {23028#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(test_~splverifierCounter~0#1 < 4); {22996#false} is VALID [2022-02-20 18:00:23,522 INFO L290 TraceCheckUtils]: 58: Hoare triple {22996#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_#t~ret61#1, bobToRjh_#t~ret62#1, bobToRjh_~tmp~16#1, bobToRjh_~tmp___0~7#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~16#1;havoc bobToRjh_~tmp___0~7#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret59#1 := puts(17, 0);assume -2147483648 <= bobToRjh_#t~ret59#1 && bobToRjh_#t~ret59#1 <= 2147483647;havoc bobToRjh_#t~ret59#1; {22996#false} is VALID [2022-02-20 18:00:23,522 INFO L272 TraceCheckUtils]: 59: Hoare triple {22996#false} call sendEmail(~bob~0, ~rjh~0); {22996#false} is VALID [2022-02-20 18:00:23,522 INFO L290 TraceCheckUtils]: 60: Hoare triple {22996#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~39#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~39#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {22996#false} is VALID [2022-02-20 18:00:23,522 INFO L272 TraceCheckUtils]: 61: Hoare triple {22996#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {23060#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:23,522 INFO L290 TraceCheckUtils]: 62: Hoare triple {23060#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22995#true} is VALID [2022-02-20 18:00:23,522 INFO L290 TraceCheckUtils]: 63: Hoare triple {22995#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22995#true} is VALID [2022-02-20 18:00:23,522 INFO L290 TraceCheckUtils]: 64: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:23,523 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {22995#true} {22996#false} #946#return; {22996#false} is VALID [2022-02-20 18:00:23,523 INFO L290 TraceCheckUtils]: 66: Hoare triple {22996#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {22996#false} is VALID [2022-02-20 18:00:23,523 INFO L290 TraceCheckUtils]: 67: Hoare triple {22996#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {22996#false} is VALID [2022-02-20 18:00:23,523 INFO L290 TraceCheckUtils]: 68: Hoare triple {22996#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~39#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~39#1; {22996#false} is VALID [2022-02-20 18:00:23,523 INFO L290 TraceCheckUtils]: 69: Hoare triple {22996#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {22996#false} is VALID [2022-02-20 18:00:23,523 INFO L272 TraceCheckUtils]: 70: Hoare triple {22996#false} call outgoing(~sender#1, ~email~0#1); {22996#false} is VALID [2022-02-20 18:00:23,523 INFO L290 TraceCheckUtils]: 71: Hoare triple {22996#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret18#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~6#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~6#1; {22996#false} is VALID [2022-02-20 18:00:23,524 INFO L272 TraceCheckUtils]: 72: Hoare triple {22996#false} call sign_#t~ret18#1 := getClientPrivateKey(sign_~client#1); {22995#true} is VALID [2022-02-20 18:00:23,524 INFO L290 TraceCheckUtils]: 73: Hoare triple {22995#true} ~handle := #in~handle;havoc ~retValue_acc~28; {22995#true} is VALID [2022-02-20 18:00:23,524 INFO L290 TraceCheckUtils]: 74: Hoare triple {22995#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {22995#true} is VALID [2022-02-20 18:00:23,524 INFO L290 TraceCheckUtils]: 75: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:23,524 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {22995#true} {22996#false} #904#return; {22996#false} is VALID [2022-02-20 18:00:23,524 INFO L290 TraceCheckUtils]: 77: Hoare triple {22996#false} assume -2147483648 <= sign_#t~ret18#1 && sign_#t~ret18#1 <= 2147483647;sign_~tmp~6#1 := sign_#t~ret18#1;havoc sign_#t~ret18#1;sign_~privkey~1#1 := sign_~tmp~6#1; {22996#false} is VALID [2022-02-20 18:00:23,524 INFO L290 TraceCheckUtils]: 78: Hoare triple {22996#false} assume 0 == sign_~privkey~1#1; {22996#false} is VALID [2022-02-20 18:00:23,525 INFO L290 TraceCheckUtils]: 79: Hoare triple {22996#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret8#1, outgoing__wrappee__Encrypt_#t~ret9#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~2#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~0#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~2#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~0#1; {22996#false} is VALID [2022-02-20 18:00:23,525 INFO L272 TraceCheckUtils]: 80: Hoare triple {22996#false} call outgoing__wrappee__Encrypt_#t~ret8#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {22995#true} is VALID [2022-02-20 18:00:23,525 INFO L290 TraceCheckUtils]: 81: Hoare triple {22995#true} ~handle := #in~handle;havoc ~retValue_acc~11; {22995#true} is VALID [2022-02-20 18:00:23,525 INFO L290 TraceCheckUtils]: 82: Hoare triple {22995#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {22995#true} is VALID [2022-02-20 18:00:23,525 INFO L290 TraceCheckUtils]: 83: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:23,525 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {22995#true} {22996#false} #906#return; {22996#false} is VALID [2022-02-20 18:00:23,525 INFO L290 TraceCheckUtils]: 85: Hoare triple {22996#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret8#1 && outgoing__wrappee__Encrypt_#t~ret8#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~2#1 := outgoing__wrappee__Encrypt_#t~ret8#1;havoc outgoing__wrappee__Encrypt_#t~ret8#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~2#1; {22996#false} is VALID [2022-02-20 18:00:23,525 INFO L272 TraceCheckUtils]: 86: Hoare triple {22996#false} call outgoing__wrappee__Encrypt_#t~ret9#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {22995#true} is VALID [2022-02-20 18:00:23,526 INFO L290 TraceCheckUtils]: 87: Hoare triple {22995#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~33; {22995#true} is VALID [2022-02-20 18:00:23,526 INFO L290 TraceCheckUtils]: 88: Hoare triple {22995#true} assume 1 == ~handle; {22995#true} is VALID [2022-02-20 18:00:23,526 INFO L290 TraceCheckUtils]: 89: Hoare triple {22995#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~33 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~33; {22995#true} is VALID [2022-02-20 18:00:23,526 INFO L290 TraceCheckUtils]: 90: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:23,526 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {22995#true} {22996#false} #908#return; {22996#false} is VALID [2022-02-20 18:00:23,526 INFO L290 TraceCheckUtils]: 92: Hoare triple {22996#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret9#1 && outgoing__wrappee__Encrypt_#t~ret9#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~0#1 := outgoing__wrappee__Encrypt_#t~ret9#1;havoc outgoing__wrappee__Encrypt_#t~ret9#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~0#1; {22996#false} is VALID [2022-02-20 18:00:23,526 INFO L290 TraceCheckUtils]: 93: Hoare triple {22996#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {22996#false} is VALID [2022-02-20 18:00:23,527 INFO L290 TraceCheckUtils]: 94: Hoare triple {22996#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret7#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~1#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~35#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~35#1; {22996#false} is VALID [2022-02-20 18:00:23,527 INFO L290 TraceCheckUtils]: 95: Hoare triple {22996#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~35#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~35#1; {22996#false} is VALID [2022-02-20 18:00:23,527 INFO L290 TraceCheckUtils]: 96: Hoare triple {22996#false} outgoing__wrappee__Keys_#t~ret7#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret7#1 && outgoing__wrappee__Keys_#t~ret7#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~1#1 := outgoing__wrappee__Keys_#t~ret7#1;havoc outgoing__wrappee__Keys_#t~ret7#1; {22996#false} is VALID [2022-02-20 18:00:23,527 INFO L272 TraceCheckUtils]: 97: Hoare triple {22996#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~1#1); {23060#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:23,527 INFO L290 TraceCheckUtils]: 98: Hoare triple {23060#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22995#true} is VALID [2022-02-20 18:00:23,527 INFO L290 TraceCheckUtils]: 99: Hoare triple {22995#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22995#true} is VALID [2022-02-20 18:00:23,527 INFO L290 TraceCheckUtils]: 100: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:23,528 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {22995#true} {22996#false} #914#return; {22996#false} is VALID [2022-02-20 18:00:23,528 INFO L290 TraceCheckUtils]: 102: Hoare triple {22996#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret5#1, mail_#t~ret6#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~0#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret80#1, __utac_acc__SignForward_spec__1_#t~ret81#1, __utac_acc__SignForward_spec__1_#t~ret82#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~19#1, __utac_acc__SignForward_spec__1_~tmp___0~9#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~19#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~9#1;call __utac_acc__SignForward_spec__1_#t~ret80#1 := puts(25, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret80#1 && __utac_acc__SignForward_spec__1_#t~ret80#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret80#1; {22996#false} is VALID [2022-02-20 18:00:23,528 INFO L272 TraceCheckUtils]: 103: Hoare triple {22996#false} call __utac_acc__SignForward_spec__1_#t~ret81#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {22995#true} is VALID [2022-02-20 18:00:23,528 INFO L290 TraceCheckUtils]: 104: Hoare triple {22995#true} ~handle := #in~handle;havoc ~retValue_acc~16; {22995#true} is VALID [2022-02-20 18:00:23,528 INFO L290 TraceCheckUtils]: 105: Hoare triple {22995#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~16; {22995#true} is VALID [2022-02-20 18:00:23,528 INFO L290 TraceCheckUtils]: 106: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:23,528 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {22995#true} {22996#false} #916#return; {22996#false} is VALID [2022-02-20 18:00:23,528 INFO L290 TraceCheckUtils]: 108: Hoare triple {22996#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret81#1 && __utac_acc__SignForward_spec__1_#t~ret81#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~9#1 := __utac_acc__SignForward_spec__1_#t~ret81#1;havoc __utac_acc__SignForward_spec__1_#t~ret81#1; {22996#false} is VALID [2022-02-20 18:00:23,529 INFO L290 TraceCheckUtils]: 109: Hoare triple {22996#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~9#1; {22996#false} is VALID [2022-02-20 18:00:23,529 INFO L272 TraceCheckUtils]: 110: Hoare triple {22996#false} call __utac_acc__SignForward_spec__1_#t~ret82#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {22995#true} is VALID [2022-02-20 18:00:23,529 INFO L290 TraceCheckUtils]: 111: Hoare triple {22995#true} ~handle := #in~handle;havoc ~retValue_acc~28; {22995#true} is VALID [2022-02-20 18:00:23,529 INFO L290 TraceCheckUtils]: 112: Hoare triple {22995#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {22995#true} is VALID [2022-02-20 18:00:23,529 INFO L290 TraceCheckUtils]: 113: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:23,529 INFO L284 TraceCheckUtils]: 114: Hoare quadruple {22995#true} {22996#false} #918#return; {22996#false} is VALID [2022-02-20 18:00:23,529 INFO L290 TraceCheckUtils]: 115: Hoare triple {22996#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret82#1 && __utac_acc__SignForward_spec__1_#t~ret82#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~19#1 := __utac_acc__SignForward_spec__1_#t~ret82#1;havoc __utac_acc__SignForward_spec__1_#t~ret82#1; {22996#false} is VALID [2022-02-20 18:00:23,530 INFO L290 TraceCheckUtils]: 116: Hoare triple {22996#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~19#1;assume { :begin_inline___automaton_fail } true; {22996#false} is VALID [2022-02-20 18:00:23,530 INFO L290 TraceCheckUtils]: 117: Hoare triple {22996#false} assume !false; {22996#false} is VALID [2022-02-20 18:00:23,531 INFO L134 CoverageAnalysis]: Checked inductivity of 36 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 34 trivial. 0 not checked. [2022-02-20 18:00:23,531 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:00:23,531 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [665012013] [2022-02-20 18:00:23,532 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [665012013] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:00:23,532 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [373241718] [2022-02-20 18:00:23,532 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:23,532 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:00:23,532 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:00:23,533 INFO L229 MonitoredProcess]: Starting monitored process 7 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:00:23,549 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (7)] Waiting until timeout for monitored process [2022-02-20 18:00:23,744 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:23,747 INFO L263 TraceCheckSpWp]: Trace formula consists of 1044 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 18:00:23,790 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:23,792 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:00:24,023 INFO L290 TraceCheckUtils]: 0: Hoare triple {22995#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(16, 5);call #Ultimate.allocInit(20, 6);call #Ultimate.allocInit(4, 7);call write~init~int(37, 7, 0, 1);call write~init~int(115, 7, 1, 1);call write~init~int(10, 7, 2, 1);call write~init~int(0, 7, 3, 1);call #Ultimate.allocInit(10, 8);call #Ultimate.allocInit(12, 9);call #Ultimate.allocInit(10, 10);call #Ultimate.allocInit(18, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(21, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(16, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(44, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(11, 21);call #Ultimate.allocInit(19, 22);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(100, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(21, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(25, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {22995#true} is VALID [2022-02-20 18:00:24,023 INFO L290 TraceCheckUtils]: 1: Hoare triple {22995#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet67#1, main_#t~ret68#1, main_~retValue_acc~40#1, main_~tmp~17#1;assume -2147483648 <= main_#t~nondet67#1 && main_#t~nondet67#1 <= 2147483647;main_~retValue_acc~40#1 := main_#t~nondet67#1;havoc main_#t~nondet67#1;havoc main_~tmp~17#1;assume { :begin_inline_select_helpers } true; {22995#true} is VALID [2022-02-20 18:00:24,023 INFO L290 TraceCheckUtils]: 2: Hoare triple {22995#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {22995#true} is VALID [2022-02-20 18:00:24,023 INFO L290 TraceCheckUtils]: 3: Hoare triple {22995#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {22995#true} is VALID [2022-02-20 18:00:24,023 INFO L290 TraceCheckUtils]: 4: Hoare triple {22995#true} main_#t~ret68#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret68#1 && main_#t~ret68#1 <= 2147483647;main_~tmp~17#1 := main_#t~ret68#1;havoc main_#t~ret68#1; {22995#true} is VALID [2022-02-20 18:00:24,023 INFO L290 TraceCheckUtils]: 5: Hoare triple {22995#true} assume 0 != main_~tmp~17#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet64#1, setup_#t~nondet65#1, setup_#t~nondet66#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {22995#true} is VALID [2022-02-20 18:00:24,024 INFO L272 TraceCheckUtils]: 6: Hoare triple {22995#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {22995#true} is VALID [2022-02-20 18:00:24,024 INFO L290 TraceCheckUtils]: 7: Hoare triple {22995#true} ~handle := #in~handle;~value := #in~value; {22995#true} is VALID [2022-02-20 18:00:24,024 INFO L290 TraceCheckUtils]: 8: Hoare triple {22995#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {22995#true} is VALID [2022-02-20 18:00:24,024 INFO L290 TraceCheckUtils]: 9: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:24,024 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {22995#true} {22995#true} #958#return; {22995#true} is VALID [2022-02-20 18:00:24,024 INFO L290 TraceCheckUtils]: 11: Hoare triple {22995#true} assume { :end_inline_setup_bob__wrappee__Base } true; {22995#true} is VALID [2022-02-20 18:00:24,024 INFO L272 TraceCheckUtils]: 12: Hoare triple {22995#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {22995#true} is VALID [2022-02-20 18:00:24,025 INFO L290 TraceCheckUtils]: 13: Hoare triple {22995#true} ~handle := #in~handle;~value := #in~value; {22995#true} is VALID [2022-02-20 18:00:24,025 INFO L290 TraceCheckUtils]: 14: Hoare triple {22995#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {22995#true} is VALID [2022-02-20 18:00:24,025 INFO L290 TraceCheckUtils]: 15: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:24,025 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {22995#true} {22995#true} #960#return; {22995#true} is VALID [2022-02-20 18:00:24,025 INFO L290 TraceCheckUtils]: 17: Hoare triple {22995#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 19, 0;havoc setup_#t~nondet64#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {22995#true} is VALID [2022-02-20 18:00:24,025 INFO L272 TraceCheckUtils]: 18: Hoare triple {22995#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {22995#true} is VALID [2022-02-20 18:00:24,025 INFO L290 TraceCheckUtils]: 19: Hoare triple {22995#true} ~handle := #in~handle;~value := #in~value; {22995#true} is VALID [2022-02-20 18:00:24,025 INFO L290 TraceCheckUtils]: 20: Hoare triple {22995#true} assume !(1 == ~handle); {22995#true} is VALID [2022-02-20 18:00:24,026 INFO L290 TraceCheckUtils]: 21: Hoare triple {22995#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {22995#true} is VALID [2022-02-20 18:00:24,026 INFO L290 TraceCheckUtils]: 22: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:24,026 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {22995#true} {22995#true} #962#return; {22995#true} is VALID [2022-02-20 18:00:24,026 INFO L290 TraceCheckUtils]: 24: Hoare triple {22995#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {22995#true} is VALID [2022-02-20 18:00:24,026 INFO L272 TraceCheckUtils]: 25: Hoare triple {22995#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {22995#true} is VALID [2022-02-20 18:00:24,026 INFO L290 TraceCheckUtils]: 26: Hoare triple {22995#true} ~handle := #in~handle;~value := #in~value; {22995#true} is VALID [2022-02-20 18:00:24,026 INFO L290 TraceCheckUtils]: 27: Hoare triple {22995#true} assume !(1 == ~handle); {22995#true} is VALID [2022-02-20 18:00:24,027 INFO L290 TraceCheckUtils]: 28: Hoare triple {22995#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {22995#true} is VALID [2022-02-20 18:00:24,027 INFO L290 TraceCheckUtils]: 29: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:24,027 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {22995#true} {22995#true} #964#return; {22995#true} is VALID [2022-02-20 18:00:24,027 INFO L290 TraceCheckUtils]: 31: Hoare triple {22995#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 20, 0;havoc setup_#t~nondet65#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {22995#true} is VALID [2022-02-20 18:00:24,027 INFO L272 TraceCheckUtils]: 32: Hoare triple {22995#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {22995#true} is VALID [2022-02-20 18:00:24,027 INFO L290 TraceCheckUtils]: 33: Hoare triple {22995#true} ~handle := #in~handle;~value := #in~value; {22995#true} is VALID [2022-02-20 18:00:24,027 INFO L290 TraceCheckUtils]: 34: Hoare triple {22995#true} assume !(1 == ~handle); {22995#true} is VALID [2022-02-20 18:00:24,028 INFO L290 TraceCheckUtils]: 35: Hoare triple {22995#true} assume !(2 == ~handle); {22995#true} is VALID [2022-02-20 18:00:24,028 INFO L290 TraceCheckUtils]: 36: Hoare triple {22995#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {22995#true} is VALID [2022-02-20 18:00:24,028 INFO L290 TraceCheckUtils]: 37: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:24,028 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {22995#true} {22995#true} #966#return; {22995#true} is VALID [2022-02-20 18:00:24,028 INFO L290 TraceCheckUtils]: 39: Hoare triple {22995#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {22995#true} is VALID [2022-02-20 18:00:24,028 INFO L272 TraceCheckUtils]: 40: Hoare triple {22995#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {22995#true} is VALID [2022-02-20 18:00:24,028 INFO L290 TraceCheckUtils]: 41: Hoare triple {22995#true} ~handle := #in~handle;~value := #in~value; {22995#true} is VALID [2022-02-20 18:00:24,029 INFO L290 TraceCheckUtils]: 42: Hoare triple {22995#true} assume !(1 == ~handle); {22995#true} is VALID [2022-02-20 18:00:24,029 INFO L290 TraceCheckUtils]: 43: Hoare triple {22995#true} assume !(2 == ~handle); {22995#true} is VALID [2022-02-20 18:00:24,029 INFO L290 TraceCheckUtils]: 44: Hoare triple {22995#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {22995#true} is VALID [2022-02-20 18:00:24,029 INFO L290 TraceCheckUtils]: 45: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:24,029 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {22995#true} {22995#true} #968#return; {22995#true} is VALID [2022-02-20 18:00:24,029 INFO L290 TraceCheckUtils]: 47: Hoare triple {22995#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 21, 0;havoc setup_#t~nondet66#1; {22995#true} is VALID [2022-02-20 18:00:24,033 INFO L290 TraceCheckUtils]: 48: Hoare triple {22995#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {23208#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:00:24,033 INFO L290 TraceCheckUtils]: 49: Hoare triple {23208#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {23208#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:00:24,033 INFO L290 TraceCheckUtils]: 50: Hoare triple {23208#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {23208#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:00:24,034 INFO L290 TraceCheckUtils]: 51: Hoare triple {23208#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {23028#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:00:24,034 INFO L290 TraceCheckUtils]: 52: Hoare triple {23028#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet26#1 && test_#t~nondet26#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet26#1;havoc test_#t~nondet26#1; {23028#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:00:24,034 INFO L290 TraceCheckUtils]: 53: Hoare triple {23028#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(0 != test_~tmp___9~0#1); {23028#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:00:24,034 INFO L290 TraceCheckUtils]: 54: Hoare triple {23028#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet27#1 && test_#t~nondet27#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet27#1;havoc test_#t~nondet27#1; {23028#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:00:24,035 INFO L290 TraceCheckUtils]: 55: Hoare triple {23028#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {23028#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:00:24,035 INFO L290 TraceCheckUtils]: 56: Hoare triple {23028#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !false; {23028#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:00:24,035 INFO L290 TraceCheckUtils]: 57: Hoare triple {23028#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(test_~splverifierCounter~0#1 < 4); {22996#false} is VALID [2022-02-20 18:00:24,035 INFO L290 TraceCheckUtils]: 58: Hoare triple {22996#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_#t~ret61#1, bobToRjh_#t~ret62#1, bobToRjh_~tmp~16#1, bobToRjh_~tmp___0~7#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~16#1;havoc bobToRjh_~tmp___0~7#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret59#1 := puts(17, 0);assume -2147483648 <= bobToRjh_#t~ret59#1 && bobToRjh_#t~ret59#1 <= 2147483647;havoc bobToRjh_#t~ret59#1; {22996#false} is VALID [2022-02-20 18:00:24,035 INFO L272 TraceCheckUtils]: 59: Hoare triple {22996#false} call sendEmail(~bob~0, ~rjh~0); {22996#false} is VALID [2022-02-20 18:00:24,035 INFO L290 TraceCheckUtils]: 60: Hoare triple {22996#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~39#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~39#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {22996#false} is VALID [2022-02-20 18:00:24,036 INFO L272 TraceCheckUtils]: 61: Hoare triple {22996#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {22996#false} is VALID [2022-02-20 18:00:24,036 INFO L290 TraceCheckUtils]: 62: Hoare triple {22996#false} ~handle := #in~handle;~value := #in~value; {22996#false} is VALID [2022-02-20 18:00:24,036 INFO L290 TraceCheckUtils]: 63: Hoare triple {22996#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22996#false} is VALID [2022-02-20 18:00:24,036 INFO L290 TraceCheckUtils]: 64: Hoare triple {22996#false} assume true; {22996#false} is VALID [2022-02-20 18:00:24,036 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {22996#false} {22996#false} #946#return; {22996#false} is VALID [2022-02-20 18:00:24,036 INFO L290 TraceCheckUtils]: 66: Hoare triple {22996#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {22996#false} is VALID [2022-02-20 18:00:24,036 INFO L290 TraceCheckUtils]: 67: Hoare triple {22996#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {22996#false} is VALID [2022-02-20 18:00:24,036 INFO L290 TraceCheckUtils]: 68: Hoare triple {22996#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~39#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~39#1; {22996#false} is VALID [2022-02-20 18:00:24,036 INFO L290 TraceCheckUtils]: 69: Hoare triple {22996#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {22996#false} is VALID [2022-02-20 18:00:24,036 INFO L272 TraceCheckUtils]: 70: Hoare triple {22996#false} call outgoing(~sender#1, ~email~0#1); {22996#false} is VALID [2022-02-20 18:00:24,037 INFO L290 TraceCheckUtils]: 71: Hoare triple {22996#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret18#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~6#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~6#1; {22996#false} is VALID [2022-02-20 18:00:24,037 INFO L272 TraceCheckUtils]: 72: Hoare triple {22996#false} call sign_#t~ret18#1 := getClientPrivateKey(sign_~client#1); {22996#false} is VALID [2022-02-20 18:00:24,037 INFO L290 TraceCheckUtils]: 73: Hoare triple {22996#false} ~handle := #in~handle;havoc ~retValue_acc~28; {22996#false} is VALID [2022-02-20 18:00:24,037 INFO L290 TraceCheckUtils]: 74: Hoare triple {22996#false} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {22996#false} is VALID [2022-02-20 18:00:24,037 INFO L290 TraceCheckUtils]: 75: Hoare triple {22996#false} assume true; {22996#false} is VALID [2022-02-20 18:00:24,037 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {22996#false} {22996#false} #904#return; {22996#false} is VALID [2022-02-20 18:00:24,037 INFO L290 TraceCheckUtils]: 77: Hoare triple {22996#false} assume -2147483648 <= sign_#t~ret18#1 && sign_#t~ret18#1 <= 2147483647;sign_~tmp~6#1 := sign_#t~ret18#1;havoc sign_#t~ret18#1;sign_~privkey~1#1 := sign_~tmp~6#1; {22996#false} is VALID [2022-02-20 18:00:24,038 INFO L290 TraceCheckUtils]: 78: Hoare triple {22996#false} assume 0 == sign_~privkey~1#1; {22996#false} is VALID [2022-02-20 18:00:24,038 INFO L290 TraceCheckUtils]: 79: Hoare triple {22996#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret8#1, outgoing__wrappee__Encrypt_#t~ret9#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~2#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~0#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~2#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~0#1; {22996#false} is VALID [2022-02-20 18:00:24,038 INFO L272 TraceCheckUtils]: 80: Hoare triple {22996#false} call outgoing__wrappee__Encrypt_#t~ret8#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {22996#false} is VALID [2022-02-20 18:00:24,038 INFO L290 TraceCheckUtils]: 81: Hoare triple {22996#false} ~handle := #in~handle;havoc ~retValue_acc~11; {22996#false} is VALID [2022-02-20 18:00:24,038 INFO L290 TraceCheckUtils]: 82: Hoare triple {22996#false} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {22996#false} is VALID [2022-02-20 18:00:24,038 INFO L290 TraceCheckUtils]: 83: Hoare triple {22996#false} assume true; {22996#false} is VALID [2022-02-20 18:00:24,038 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {22996#false} {22996#false} #906#return; {22996#false} is VALID [2022-02-20 18:00:24,039 INFO L290 TraceCheckUtils]: 85: Hoare triple {22996#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret8#1 && outgoing__wrappee__Encrypt_#t~ret8#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~2#1 := outgoing__wrappee__Encrypt_#t~ret8#1;havoc outgoing__wrappee__Encrypt_#t~ret8#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~2#1; {22996#false} is VALID [2022-02-20 18:00:24,039 INFO L272 TraceCheckUtils]: 86: Hoare triple {22996#false} call outgoing__wrappee__Encrypt_#t~ret9#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {22996#false} is VALID [2022-02-20 18:00:24,039 INFO L290 TraceCheckUtils]: 87: Hoare triple {22996#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~33; {22996#false} is VALID [2022-02-20 18:00:24,039 INFO L290 TraceCheckUtils]: 88: Hoare triple {22996#false} assume 1 == ~handle; {22996#false} is VALID [2022-02-20 18:00:24,039 INFO L290 TraceCheckUtils]: 89: Hoare triple {22996#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~33 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~33; {22996#false} is VALID [2022-02-20 18:00:24,039 INFO L290 TraceCheckUtils]: 90: Hoare triple {22996#false} assume true; {22996#false} is VALID [2022-02-20 18:00:24,039 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {22996#false} {22996#false} #908#return; {22996#false} is VALID [2022-02-20 18:00:24,040 INFO L290 TraceCheckUtils]: 92: Hoare triple {22996#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret9#1 && outgoing__wrappee__Encrypt_#t~ret9#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~0#1 := outgoing__wrappee__Encrypt_#t~ret9#1;havoc outgoing__wrappee__Encrypt_#t~ret9#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~0#1; {22996#false} is VALID [2022-02-20 18:00:24,040 INFO L290 TraceCheckUtils]: 93: Hoare triple {22996#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {22996#false} is VALID [2022-02-20 18:00:24,040 INFO L290 TraceCheckUtils]: 94: Hoare triple {22996#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret7#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~1#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~35#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~35#1; {22996#false} is VALID [2022-02-20 18:00:24,040 INFO L290 TraceCheckUtils]: 95: Hoare triple {22996#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~35#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~35#1; {22996#false} is VALID [2022-02-20 18:00:24,040 INFO L290 TraceCheckUtils]: 96: Hoare triple {22996#false} outgoing__wrappee__Keys_#t~ret7#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret7#1 && outgoing__wrappee__Keys_#t~ret7#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~1#1 := outgoing__wrappee__Keys_#t~ret7#1;havoc outgoing__wrappee__Keys_#t~ret7#1; {22996#false} is VALID [2022-02-20 18:00:24,040 INFO L272 TraceCheckUtils]: 97: Hoare triple {22996#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~1#1); {22996#false} is VALID [2022-02-20 18:00:24,040 INFO L290 TraceCheckUtils]: 98: Hoare triple {22996#false} ~handle := #in~handle;~value := #in~value; {22996#false} is VALID [2022-02-20 18:00:24,041 INFO L290 TraceCheckUtils]: 99: Hoare triple {22996#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22996#false} is VALID [2022-02-20 18:00:24,041 INFO L290 TraceCheckUtils]: 100: Hoare triple {22996#false} assume true; {22996#false} is VALID [2022-02-20 18:00:24,041 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {22996#false} {22996#false} #914#return; {22996#false} is VALID [2022-02-20 18:00:24,041 INFO L290 TraceCheckUtils]: 102: Hoare triple {22996#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret5#1, mail_#t~ret6#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~0#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret80#1, __utac_acc__SignForward_spec__1_#t~ret81#1, __utac_acc__SignForward_spec__1_#t~ret82#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~19#1, __utac_acc__SignForward_spec__1_~tmp___0~9#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~19#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~9#1;call __utac_acc__SignForward_spec__1_#t~ret80#1 := puts(25, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret80#1 && __utac_acc__SignForward_spec__1_#t~ret80#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret80#1; {22996#false} is VALID [2022-02-20 18:00:24,041 INFO L272 TraceCheckUtils]: 103: Hoare triple {22996#false} call __utac_acc__SignForward_spec__1_#t~ret81#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {22996#false} is VALID [2022-02-20 18:00:24,041 INFO L290 TraceCheckUtils]: 104: Hoare triple {22996#false} ~handle := #in~handle;havoc ~retValue_acc~16; {22996#false} is VALID [2022-02-20 18:00:24,041 INFO L290 TraceCheckUtils]: 105: Hoare triple {22996#false} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~16; {22996#false} is VALID [2022-02-20 18:00:24,041 INFO L290 TraceCheckUtils]: 106: Hoare triple {22996#false} assume true; {22996#false} is VALID [2022-02-20 18:00:24,042 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {22996#false} {22996#false} #916#return; {22996#false} is VALID [2022-02-20 18:00:24,042 INFO L290 TraceCheckUtils]: 108: Hoare triple {22996#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret81#1 && __utac_acc__SignForward_spec__1_#t~ret81#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~9#1 := __utac_acc__SignForward_spec__1_#t~ret81#1;havoc __utac_acc__SignForward_spec__1_#t~ret81#1; {22996#false} is VALID [2022-02-20 18:00:24,042 INFO L290 TraceCheckUtils]: 109: Hoare triple {22996#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~9#1; {22996#false} is VALID [2022-02-20 18:00:24,042 INFO L272 TraceCheckUtils]: 110: Hoare triple {22996#false} call __utac_acc__SignForward_spec__1_#t~ret82#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {22996#false} is VALID [2022-02-20 18:00:24,042 INFO L290 TraceCheckUtils]: 111: Hoare triple {22996#false} ~handle := #in~handle;havoc ~retValue_acc~28; {22996#false} is VALID [2022-02-20 18:00:24,042 INFO L290 TraceCheckUtils]: 112: Hoare triple {22996#false} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {22996#false} is VALID [2022-02-20 18:00:24,042 INFO L290 TraceCheckUtils]: 113: Hoare triple {22996#false} assume true; {22996#false} is VALID [2022-02-20 18:00:24,043 INFO L284 TraceCheckUtils]: 114: Hoare quadruple {22996#false} {22996#false} #918#return; {22996#false} is VALID [2022-02-20 18:00:24,043 INFO L290 TraceCheckUtils]: 115: Hoare triple {22996#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret82#1 && __utac_acc__SignForward_spec__1_#t~ret82#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~19#1 := __utac_acc__SignForward_spec__1_#t~ret82#1;havoc __utac_acc__SignForward_spec__1_#t~ret82#1; {22996#false} is VALID [2022-02-20 18:00:24,043 INFO L290 TraceCheckUtils]: 116: Hoare triple {22996#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~19#1;assume { :begin_inline___automaton_fail } true; {22996#false} is VALID [2022-02-20 18:00:24,043 INFO L290 TraceCheckUtils]: 117: Hoare triple {22996#false} assume !false; {22996#false} is VALID [2022-02-20 18:00:24,043 INFO L134 CoverageAnalysis]: Checked inductivity of 36 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 34 trivial. 0 not checked. [2022-02-20 18:00:24,044 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 18:00:24,333 INFO L290 TraceCheckUtils]: 117: Hoare triple {22996#false} assume !false; {22996#false} is VALID [2022-02-20 18:00:24,334 INFO L290 TraceCheckUtils]: 116: Hoare triple {22996#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~19#1;assume { :begin_inline___automaton_fail } true; {22996#false} is VALID [2022-02-20 18:00:24,334 INFO L290 TraceCheckUtils]: 115: Hoare triple {22996#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret82#1 && __utac_acc__SignForward_spec__1_#t~ret82#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~19#1 := __utac_acc__SignForward_spec__1_#t~ret82#1;havoc __utac_acc__SignForward_spec__1_#t~ret82#1; {22996#false} is VALID [2022-02-20 18:00:24,334 INFO L284 TraceCheckUtils]: 114: Hoare quadruple {22995#true} {22996#false} #918#return; {22996#false} is VALID [2022-02-20 18:00:24,334 INFO L290 TraceCheckUtils]: 113: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:24,334 INFO L290 TraceCheckUtils]: 112: Hoare triple {22995#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {22995#true} is VALID [2022-02-20 18:00:24,334 INFO L290 TraceCheckUtils]: 111: Hoare triple {22995#true} ~handle := #in~handle;havoc ~retValue_acc~28; {22995#true} is VALID [2022-02-20 18:00:24,334 INFO L272 TraceCheckUtils]: 110: Hoare triple {22996#false} call __utac_acc__SignForward_spec__1_#t~ret82#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {22995#true} is VALID [2022-02-20 18:00:24,334 INFO L290 TraceCheckUtils]: 109: Hoare triple {22996#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~9#1; {22996#false} is VALID [2022-02-20 18:00:24,334 INFO L290 TraceCheckUtils]: 108: Hoare triple {22996#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret81#1 && __utac_acc__SignForward_spec__1_#t~ret81#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~9#1 := __utac_acc__SignForward_spec__1_#t~ret81#1;havoc __utac_acc__SignForward_spec__1_#t~ret81#1; {22996#false} is VALID [2022-02-20 18:00:24,334 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {22995#true} {22996#false} #916#return; {22996#false} is VALID [2022-02-20 18:00:24,334 INFO L290 TraceCheckUtils]: 106: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:24,334 INFO L290 TraceCheckUtils]: 105: Hoare triple {22995#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~16; {22995#true} is VALID [2022-02-20 18:00:24,334 INFO L290 TraceCheckUtils]: 104: Hoare triple {22995#true} ~handle := #in~handle;havoc ~retValue_acc~16; {22995#true} is VALID [2022-02-20 18:00:24,334 INFO L272 TraceCheckUtils]: 103: Hoare triple {22996#false} call __utac_acc__SignForward_spec__1_#t~ret81#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {22995#true} is VALID [2022-02-20 18:00:24,335 INFO L290 TraceCheckUtils]: 102: Hoare triple {22996#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret5#1, mail_#t~ret6#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~0#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret80#1, __utac_acc__SignForward_spec__1_#t~ret81#1, __utac_acc__SignForward_spec__1_#t~ret82#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~19#1, __utac_acc__SignForward_spec__1_~tmp___0~9#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~19#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~9#1;call __utac_acc__SignForward_spec__1_#t~ret80#1 := puts(25, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret80#1 && __utac_acc__SignForward_spec__1_#t~ret80#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret80#1; {22996#false} is VALID [2022-02-20 18:00:24,335 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {22995#true} {22996#false} #914#return; {22996#false} is VALID [2022-02-20 18:00:24,335 INFO L290 TraceCheckUtils]: 100: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:24,335 INFO L290 TraceCheckUtils]: 99: Hoare triple {22995#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22995#true} is VALID [2022-02-20 18:00:24,335 INFO L290 TraceCheckUtils]: 98: Hoare triple {22995#true} ~handle := #in~handle;~value := #in~value; {22995#true} is VALID [2022-02-20 18:00:24,335 INFO L272 TraceCheckUtils]: 97: Hoare triple {22996#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~1#1); {22995#true} is VALID [2022-02-20 18:00:24,335 INFO L290 TraceCheckUtils]: 96: Hoare triple {22996#false} outgoing__wrappee__Keys_#t~ret7#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret7#1 && outgoing__wrappee__Keys_#t~ret7#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~1#1 := outgoing__wrappee__Keys_#t~ret7#1;havoc outgoing__wrappee__Keys_#t~ret7#1; {22996#false} is VALID [2022-02-20 18:00:24,335 INFO L290 TraceCheckUtils]: 95: Hoare triple {22996#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~35#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~35#1; {22996#false} is VALID [2022-02-20 18:00:24,335 INFO L290 TraceCheckUtils]: 94: Hoare triple {22996#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret7#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~1#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~35#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~35#1; {22996#false} is VALID [2022-02-20 18:00:24,335 INFO L290 TraceCheckUtils]: 93: Hoare triple {22996#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {22996#false} is VALID [2022-02-20 18:00:24,335 INFO L290 TraceCheckUtils]: 92: Hoare triple {22996#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret9#1 && outgoing__wrappee__Encrypt_#t~ret9#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~0#1 := outgoing__wrappee__Encrypt_#t~ret9#1;havoc outgoing__wrappee__Encrypt_#t~ret9#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~0#1; {22996#false} is VALID [2022-02-20 18:00:24,335 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {22995#true} {22996#false} #908#return; {22996#false} is VALID [2022-02-20 18:00:24,335 INFO L290 TraceCheckUtils]: 90: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:24,335 INFO L290 TraceCheckUtils]: 89: Hoare triple {22995#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~33 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~33; {22995#true} is VALID [2022-02-20 18:00:24,335 INFO L290 TraceCheckUtils]: 88: Hoare triple {22995#true} assume 1 == ~handle; {22995#true} is VALID [2022-02-20 18:00:24,335 INFO L290 TraceCheckUtils]: 87: Hoare triple {22995#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~33; {22995#true} is VALID [2022-02-20 18:00:24,336 INFO L272 TraceCheckUtils]: 86: Hoare triple {22996#false} call outgoing__wrappee__Encrypt_#t~ret9#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {22995#true} is VALID [2022-02-20 18:00:24,336 INFO L290 TraceCheckUtils]: 85: Hoare triple {22996#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret8#1 && outgoing__wrappee__Encrypt_#t~ret8#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~2#1 := outgoing__wrappee__Encrypt_#t~ret8#1;havoc outgoing__wrappee__Encrypt_#t~ret8#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~2#1; {22996#false} is VALID [2022-02-20 18:00:24,336 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {22995#true} {22996#false} #906#return; {22996#false} is VALID [2022-02-20 18:00:24,336 INFO L290 TraceCheckUtils]: 83: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:24,336 INFO L290 TraceCheckUtils]: 82: Hoare triple {22995#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {22995#true} is VALID [2022-02-20 18:00:24,336 INFO L290 TraceCheckUtils]: 81: Hoare triple {22995#true} ~handle := #in~handle;havoc ~retValue_acc~11; {22995#true} is VALID [2022-02-20 18:00:24,336 INFO L272 TraceCheckUtils]: 80: Hoare triple {22996#false} call outgoing__wrappee__Encrypt_#t~ret8#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {22995#true} is VALID [2022-02-20 18:00:24,336 INFO L290 TraceCheckUtils]: 79: Hoare triple {22996#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret8#1, outgoing__wrappee__Encrypt_#t~ret9#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~2#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~0#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~2#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~0#1; {22996#false} is VALID [2022-02-20 18:00:24,336 INFO L290 TraceCheckUtils]: 78: Hoare triple {22996#false} assume 0 == sign_~privkey~1#1; {22996#false} is VALID [2022-02-20 18:00:24,336 INFO L290 TraceCheckUtils]: 77: Hoare triple {22996#false} assume -2147483648 <= sign_#t~ret18#1 && sign_#t~ret18#1 <= 2147483647;sign_~tmp~6#1 := sign_#t~ret18#1;havoc sign_#t~ret18#1;sign_~privkey~1#1 := sign_~tmp~6#1; {22996#false} is VALID [2022-02-20 18:00:24,336 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {22995#true} {22996#false} #904#return; {22996#false} is VALID [2022-02-20 18:00:24,336 INFO L290 TraceCheckUtils]: 75: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:24,336 INFO L290 TraceCheckUtils]: 74: Hoare triple {22995#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {22995#true} is VALID [2022-02-20 18:00:24,336 INFO L290 TraceCheckUtils]: 73: Hoare triple {22995#true} ~handle := #in~handle;havoc ~retValue_acc~28; {22995#true} is VALID [2022-02-20 18:00:24,336 INFO L272 TraceCheckUtils]: 72: Hoare triple {22996#false} call sign_#t~ret18#1 := getClientPrivateKey(sign_~client#1); {22995#true} is VALID [2022-02-20 18:00:24,336 INFO L290 TraceCheckUtils]: 71: Hoare triple {22996#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret18#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~6#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~6#1; {22996#false} is VALID [2022-02-20 18:00:24,336 INFO L272 TraceCheckUtils]: 70: Hoare triple {22996#false} call outgoing(~sender#1, ~email~0#1); {22996#false} is VALID [2022-02-20 18:00:24,337 INFO L290 TraceCheckUtils]: 69: Hoare triple {22996#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {22996#false} is VALID [2022-02-20 18:00:24,337 INFO L290 TraceCheckUtils]: 68: Hoare triple {22996#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~39#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~39#1; {22996#false} is VALID [2022-02-20 18:00:24,337 INFO L290 TraceCheckUtils]: 67: Hoare triple {22996#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {22996#false} is VALID [2022-02-20 18:00:24,337 INFO L290 TraceCheckUtils]: 66: Hoare triple {22996#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {22996#false} is VALID [2022-02-20 18:00:24,337 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {22995#true} {22996#false} #946#return; {22996#false} is VALID [2022-02-20 18:00:24,337 INFO L290 TraceCheckUtils]: 64: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:24,337 INFO L290 TraceCheckUtils]: 63: Hoare triple {22995#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22995#true} is VALID [2022-02-20 18:00:24,337 INFO L290 TraceCheckUtils]: 62: Hoare triple {22995#true} ~handle := #in~handle;~value := #in~value; {22995#true} is VALID [2022-02-20 18:00:24,338 INFO L272 TraceCheckUtils]: 61: Hoare triple {22996#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {22995#true} is VALID [2022-02-20 18:00:24,338 INFO L290 TraceCheckUtils]: 60: Hoare triple {22996#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~39#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~39#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {22996#false} is VALID [2022-02-20 18:00:24,338 INFO L272 TraceCheckUtils]: 59: Hoare triple {22996#false} call sendEmail(~bob~0, ~rjh~0); {22996#false} is VALID [2022-02-20 18:00:24,338 INFO L290 TraceCheckUtils]: 58: Hoare triple {22996#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_#t~ret61#1, bobToRjh_#t~ret62#1, bobToRjh_~tmp~16#1, bobToRjh_~tmp___0~7#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~16#1;havoc bobToRjh_~tmp___0~7#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret59#1 := puts(17, 0);assume -2147483648 <= bobToRjh_#t~ret59#1 && bobToRjh_#t~ret59#1 <= 2147483647;havoc bobToRjh_#t~ret59#1; {22996#false} is VALID [2022-02-20 18:00:24,339 INFO L290 TraceCheckUtils]: 57: Hoare triple {23596#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(test_~splverifierCounter~0#1 < 4); {22996#false} is VALID [2022-02-20 18:00:24,339 INFO L290 TraceCheckUtils]: 56: Hoare triple {23596#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !false; {23596#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:00:24,340 INFO L290 TraceCheckUtils]: 55: Hoare triple {23596#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {23596#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:00:24,340 INFO L290 TraceCheckUtils]: 54: Hoare triple {23596#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet27#1 && test_#t~nondet27#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet27#1;havoc test_#t~nondet27#1; {23596#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:00:24,340 INFO L290 TraceCheckUtils]: 53: Hoare triple {23596#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(0 != test_~tmp___9~0#1); {23596#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:00:24,341 INFO L290 TraceCheckUtils]: 52: Hoare triple {23596#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet26#1 && test_#t~nondet26#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet26#1;havoc test_#t~nondet26#1; {23596#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:00:24,341 INFO L290 TraceCheckUtils]: 51: Hoare triple {23615#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {23596#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:00:24,342 INFO L290 TraceCheckUtils]: 50: Hoare triple {23615#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume test_~splverifierCounter~0#1 < 4; {23615#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 18:00:24,342 INFO L290 TraceCheckUtils]: 49: Hoare triple {23615#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume !false; {23615#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 18:00:24,343 INFO L290 TraceCheckUtils]: 48: Hoare triple {22995#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {23615#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 18:00:24,343 INFO L290 TraceCheckUtils]: 47: Hoare triple {22995#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 21, 0;havoc setup_#t~nondet66#1; {22995#true} is VALID [2022-02-20 18:00:24,343 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {22995#true} {22995#true} #968#return; {22995#true} is VALID [2022-02-20 18:00:24,343 INFO L290 TraceCheckUtils]: 45: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:24,343 INFO L290 TraceCheckUtils]: 44: Hoare triple {22995#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {22995#true} is VALID [2022-02-20 18:00:24,343 INFO L290 TraceCheckUtils]: 43: Hoare triple {22995#true} assume !(2 == ~handle); {22995#true} is VALID [2022-02-20 18:00:24,344 INFO L290 TraceCheckUtils]: 42: Hoare triple {22995#true} assume !(1 == ~handle); {22995#true} is VALID [2022-02-20 18:00:24,344 INFO L290 TraceCheckUtils]: 41: Hoare triple {22995#true} ~handle := #in~handle;~value := #in~value; {22995#true} is VALID [2022-02-20 18:00:24,344 INFO L272 TraceCheckUtils]: 40: Hoare triple {22995#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {22995#true} is VALID [2022-02-20 18:00:24,344 INFO L290 TraceCheckUtils]: 39: Hoare triple {22995#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {22995#true} is VALID [2022-02-20 18:00:24,344 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {22995#true} {22995#true} #966#return; {22995#true} is VALID [2022-02-20 18:00:24,344 INFO L290 TraceCheckUtils]: 37: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:24,344 INFO L290 TraceCheckUtils]: 36: Hoare triple {22995#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {22995#true} is VALID [2022-02-20 18:00:24,344 INFO L290 TraceCheckUtils]: 35: Hoare triple {22995#true} assume !(2 == ~handle); {22995#true} is VALID [2022-02-20 18:00:24,345 INFO L290 TraceCheckUtils]: 34: Hoare triple {22995#true} assume !(1 == ~handle); {22995#true} is VALID [2022-02-20 18:00:24,345 INFO L290 TraceCheckUtils]: 33: Hoare triple {22995#true} ~handle := #in~handle;~value := #in~value; {22995#true} is VALID [2022-02-20 18:00:24,345 INFO L272 TraceCheckUtils]: 32: Hoare triple {22995#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {22995#true} is VALID [2022-02-20 18:00:24,345 INFO L290 TraceCheckUtils]: 31: Hoare triple {22995#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 20, 0;havoc setup_#t~nondet65#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {22995#true} is VALID [2022-02-20 18:00:24,345 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {22995#true} {22995#true} #964#return; {22995#true} is VALID [2022-02-20 18:00:24,345 INFO L290 TraceCheckUtils]: 29: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:24,345 INFO L290 TraceCheckUtils]: 28: Hoare triple {22995#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {22995#true} is VALID [2022-02-20 18:00:24,346 INFO L290 TraceCheckUtils]: 27: Hoare triple {22995#true} assume !(1 == ~handle); {22995#true} is VALID [2022-02-20 18:00:24,346 INFO L290 TraceCheckUtils]: 26: Hoare triple {22995#true} ~handle := #in~handle;~value := #in~value; {22995#true} is VALID [2022-02-20 18:00:24,346 INFO L272 TraceCheckUtils]: 25: Hoare triple {22995#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {22995#true} is VALID [2022-02-20 18:00:24,346 INFO L290 TraceCheckUtils]: 24: Hoare triple {22995#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {22995#true} is VALID [2022-02-20 18:00:24,346 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {22995#true} {22995#true} #962#return; {22995#true} is VALID [2022-02-20 18:00:24,346 INFO L290 TraceCheckUtils]: 22: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:24,346 INFO L290 TraceCheckUtils]: 21: Hoare triple {22995#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {22995#true} is VALID [2022-02-20 18:00:24,347 INFO L290 TraceCheckUtils]: 20: Hoare triple {22995#true} assume !(1 == ~handle); {22995#true} is VALID [2022-02-20 18:00:24,347 INFO L290 TraceCheckUtils]: 19: Hoare triple {22995#true} ~handle := #in~handle;~value := #in~value; {22995#true} is VALID [2022-02-20 18:00:24,347 INFO L272 TraceCheckUtils]: 18: Hoare triple {22995#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {22995#true} is VALID [2022-02-20 18:00:24,347 INFO L290 TraceCheckUtils]: 17: Hoare triple {22995#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 19, 0;havoc setup_#t~nondet64#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {22995#true} is VALID [2022-02-20 18:00:24,347 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {22995#true} {22995#true} #960#return; {22995#true} is VALID [2022-02-20 18:00:24,347 INFO L290 TraceCheckUtils]: 15: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:24,347 INFO L290 TraceCheckUtils]: 14: Hoare triple {22995#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {22995#true} is VALID [2022-02-20 18:00:24,347 INFO L290 TraceCheckUtils]: 13: Hoare triple {22995#true} ~handle := #in~handle;~value := #in~value; {22995#true} is VALID [2022-02-20 18:00:24,348 INFO L272 TraceCheckUtils]: 12: Hoare triple {22995#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {22995#true} is VALID [2022-02-20 18:00:24,348 INFO L290 TraceCheckUtils]: 11: Hoare triple {22995#true} assume { :end_inline_setup_bob__wrappee__Base } true; {22995#true} is VALID [2022-02-20 18:00:24,348 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {22995#true} {22995#true} #958#return; {22995#true} is VALID [2022-02-20 18:00:24,348 INFO L290 TraceCheckUtils]: 9: Hoare triple {22995#true} assume true; {22995#true} is VALID [2022-02-20 18:00:24,348 INFO L290 TraceCheckUtils]: 8: Hoare triple {22995#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {22995#true} is VALID [2022-02-20 18:00:24,348 INFO L290 TraceCheckUtils]: 7: Hoare triple {22995#true} ~handle := #in~handle;~value := #in~value; {22995#true} is VALID [2022-02-20 18:00:24,348 INFO L272 TraceCheckUtils]: 6: Hoare triple {22995#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {22995#true} is VALID [2022-02-20 18:00:24,349 INFO L290 TraceCheckUtils]: 5: Hoare triple {22995#true} assume 0 != main_~tmp~17#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet64#1, setup_#t~nondet65#1, setup_#t~nondet66#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {22995#true} is VALID [2022-02-20 18:00:24,349 INFO L290 TraceCheckUtils]: 4: Hoare triple {22995#true} main_#t~ret68#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret68#1 && main_#t~ret68#1 <= 2147483647;main_~tmp~17#1 := main_#t~ret68#1;havoc main_#t~ret68#1; {22995#true} is VALID [2022-02-20 18:00:24,349 INFO L290 TraceCheckUtils]: 3: Hoare triple {22995#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {22995#true} is VALID [2022-02-20 18:00:24,349 INFO L290 TraceCheckUtils]: 2: Hoare triple {22995#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {22995#true} is VALID [2022-02-20 18:00:24,349 INFO L290 TraceCheckUtils]: 1: Hoare triple {22995#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet67#1, main_#t~ret68#1, main_~retValue_acc~40#1, main_~tmp~17#1;assume -2147483648 <= main_#t~nondet67#1 && main_#t~nondet67#1 <= 2147483647;main_~retValue_acc~40#1 := main_#t~nondet67#1;havoc main_#t~nondet67#1;havoc main_~tmp~17#1;assume { :begin_inline_select_helpers } true; {22995#true} is VALID [2022-02-20 18:00:24,349 INFO L290 TraceCheckUtils]: 0: Hoare triple {22995#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(16, 5);call #Ultimate.allocInit(20, 6);call #Ultimate.allocInit(4, 7);call write~init~int(37, 7, 0, 1);call write~init~int(115, 7, 1, 1);call write~init~int(10, 7, 2, 1);call write~init~int(0, 7, 3, 1);call #Ultimate.allocInit(10, 8);call #Ultimate.allocInit(12, 9);call #Ultimate.allocInit(10, 10);call #Ultimate.allocInit(18, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(21, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(16, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(44, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(11, 21);call #Ultimate.allocInit(19, 22);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(100, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(21, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(25, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {22995#true} is VALID [2022-02-20 18:00:24,350 INFO L134 CoverageAnalysis]: Checked inductivity of 36 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 34 trivial. 0 not checked. [2022-02-20 18:00:24,350 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [373241718] provided 0 perfect and 2 imperfect interpolant sequences [2022-02-20 18:00:24,350 INFO L191 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-02-20 18:00:24,350 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [7, 4, 4] total 10 [2022-02-20 18:00:24,353 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [199178438] [2022-02-20 18:00:24,353 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-02-20 18:00:24,354 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 10.7) internal successors, (107), 7 states have internal predecessors, (107), 2 states have call successors, (30), 5 states have call predecessors, (30), 2 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) Word has length 118 [2022-02-20 18:00:25,013 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:00:25,013 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 10 states, 10 states have (on average 10.7) internal successors, (107), 7 states have internal predecessors, (107), 2 states have call successors, (30), 5 states have call predecessors, (30), 2 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:00:25,141 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 157 edges. 157 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:25,142 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 10 states [2022-02-20 18:00:25,142 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:00:25,142 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2022-02-20 18:00:25,142 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=27, Invalid=63, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:00:25,142 INFO L87 Difference]: Start difference. First operand 374 states and 567 transitions. Second operand has 10 states, 10 states have (on average 10.7) internal successors, (107), 7 states have internal predecessors, (107), 2 states have call successors, (30), 5 states have call predecessors, (30), 2 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:00:29,343 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:29,343 INFO L93 Difference]: Finished difference Result 944 states and 1501 transitions. [2022-02-20 18:00:29,344 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 10 states. [2022-02-20 18:00:29,344 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 10.7) internal successors, (107), 7 states have internal predecessors, (107), 2 states have call successors, (30), 5 states have call predecessors, (30), 2 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) Word has length 118 [2022-02-20 18:00:29,344 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:00:29,344 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 10 states, 10 states have (on average 10.7) internal successors, (107), 7 states have internal predecessors, (107), 2 states have call successors, (30), 5 states have call predecessors, (30), 2 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:00:29,360 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 1235 transitions. [2022-02-20 18:00:29,361 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 10 states, 10 states have (on average 10.7) internal successors, (107), 7 states have internal predecessors, (107), 2 states have call successors, (30), 5 states have call predecessors, (30), 2 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:00:29,376 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 1235 transitions. [2022-02-20 18:00:29,377 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 10 states and 1235 transitions. [2022-02-20 18:00:30,351 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1235 edges. 1235 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:30,396 INFO L225 Difference]: With dead ends: 944 [2022-02-20 18:00:30,397 INFO L226 Difference]: Without dead ends: 772 [2022-02-20 18:00:30,398 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 271 GetRequests, 259 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 21 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=47, Invalid=135, Unknown=0, NotChecked=0, Total=182 [2022-02-20 18:00:30,398 INFO L933 BasicCegarLoop]: 591 mSDtfsCounter, 1330 mSDsluCounter, 813 mSDsCounter, 0 mSdLazyCounter, 967 mSolverCounterSat, 415 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.5s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1375 SdHoareTripleChecker+Valid, 1404 SdHoareTripleChecker+Invalid, 1382 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 415 IncrementalHoareTripleChecker+Valid, 967 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.5s IncrementalHoareTripleChecker+Time [2022-02-20 18:00:30,399 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1375 Valid, 1404 Invalid, 1382 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [415 Valid, 967 Invalid, 0 Unknown, 0 Unchecked, 1.5s Time] [2022-02-20 18:00:30,400 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 772 states. [2022-02-20 18:00:30,732 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 772 to 677. [2022-02-20 18:00:30,732 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:00:30,736 INFO L82 GeneralOperation]: Start isEquivalent. First operand 772 states. Second operand has 677 states, 525 states have (on average 1.5847619047619048) internal successors, (832), 532 states have internal predecessors, (832), 125 states have call successors, (125), 22 states have call predecessors, (125), 26 states have return successors, (146), 124 states have call predecessors, (146), 124 states have call successors, (146) [2022-02-20 18:00:30,738 INFO L74 IsIncluded]: Start isIncluded. First operand 772 states. Second operand has 677 states, 525 states have (on average 1.5847619047619048) internal successors, (832), 532 states have internal predecessors, (832), 125 states have call successors, (125), 22 states have call predecessors, (125), 26 states have return successors, (146), 124 states have call predecessors, (146), 124 states have call successors, (146) [2022-02-20 18:00:30,739 INFO L87 Difference]: Start difference. First operand 772 states. Second operand has 677 states, 525 states have (on average 1.5847619047619048) internal successors, (832), 532 states have internal predecessors, (832), 125 states have call successors, (125), 22 states have call predecessors, (125), 26 states have return successors, (146), 124 states have call predecessors, (146), 124 states have call successors, (146) [2022-02-20 18:00:30,781 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:30,782 INFO L93 Difference]: Finished difference Result 772 states and 1259 transitions. [2022-02-20 18:00:30,782 INFO L276 IsEmpty]: Start isEmpty. Operand 772 states and 1259 transitions. [2022-02-20 18:00:30,785 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:30,785 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:30,787 INFO L74 IsIncluded]: Start isIncluded. First operand has 677 states, 525 states have (on average 1.5847619047619048) internal successors, (832), 532 states have internal predecessors, (832), 125 states have call successors, (125), 22 states have call predecessors, (125), 26 states have return successors, (146), 124 states have call predecessors, (146), 124 states have call successors, (146) Second operand 772 states. [2022-02-20 18:00:30,788 INFO L87 Difference]: Start difference. First operand has 677 states, 525 states have (on average 1.5847619047619048) internal successors, (832), 532 states have internal predecessors, (832), 125 states have call successors, (125), 22 states have call predecessors, (125), 26 states have return successors, (146), 124 states have call predecessors, (146), 124 states have call successors, (146) Second operand 772 states. [2022-02-20 18:00:30,830 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:30,830 INFO L93 Difference]: Finished difference Result 772 states and 1259 transitions. [2022-02-20 18:00:30,830 INFO L276 IsEmpty]: Start isEmpty. Operand 772 states and 1259 transitions. [2022-02-20 18:00:30,834 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:30,834 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:30,834 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:00:30,834 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:00:30,836 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 677 states, 525 states have (on average 1.5847619047619048) internal successors, (832), 532 states have internal predecessors, (832), 125 states have call successors, (125), 22 states have call predecessors, (125), 26 states have return successors, (146), 124 states have call predecessors, (146), 124 states have call successors, (146) [2022-02-20 18:00:30,875 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 677 states to 677 states and 1103 transitions. [2022-02-20 18:00:30,875 INFO L78 Accepts]: Start accepts. Automaton has 677 states and 1103 transitions. Word has length 118 [2022-02-20 18:00:30,875 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:00:30,876 INFO L470 AbstractCegarLoop]: Abstraction has 677 states and 1103 transitions. [2022-02-20 18:00:30,876 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 10 states, 10 states have (on average 10.7) internal successors, (107), 7 states have internal predecessors, (107), 2 states have call successors, (30), 5 states have call predecessors, (30), 2 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:00:30,876 INFO L276 IsEmpty]: Start isEmpty. Operand 677 states and 1103 transitions. [2022-02-20 18:00:30,879 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 125 [2022-02-20 18:00:30,879 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:00:30,879 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:00:30,907 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (7)] Forceful destruction successful, exit code 0 [2022-02-20 18:00:31,093 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable9,7 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:00:31,094 INFO L402 AbstractCegarLoop]: === Iteration 11 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:00:31,094 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:00:31,094 INFO L85 PathProgramCache]: Analyzing trace with hash 2125577554, now seen corresponding path program 1 times [2022-02-20 18:00:31,094 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:00:31,094 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1129117692] [2022-02-20 18:00:31,094 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:31,094 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:00:31,132 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:31,155 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:00:31,156 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:31,158 INFO L290 TraceCheckUtils]: 0: Hoare triple {27724#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27662#true} is VALID [2022-02-20 18:00:31,158 INFO L290 TraceCheckUtils]: 1: Hoare triple {27662#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {27662#true} is VALID [2022-02-20 18:00:31,158 INFO L290 TraceCheckUtils]: 2: Hoare triple {27662#true} assume true; {27662#true} is VALID [2022-02-20 18:00:31,159 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27662#true} {27662#true} #958#return; {27662#true} is VALID [2022-02-20 18:00:31,164 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:00:31,166 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:31,168 INFO L290 TraceCheckUtils]: 0: Hoare triple {27725#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {27662#true} is VALID [2022-02-20 18:00:31,168 INFO L290 TraceCheckUtils]: 1: Hoare triple {27662#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {27662#true} is VALID [2022-02-20 18:00:31,168 INFO L290 TraceCheckUtils]: 2: Hoare triple {27662#true} assume true; {27662#true} is VALID [2022-02-20 18:00:31,168 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27662#true} {27662#true} #960#return; {27662#true} is VALID [2022-02-20 18:00:31,168 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:00:31,170 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:31,172 INFO L290 TraceCheckUtils]: 0: Hoare triple {27724#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27662#true} is VALID [2022-02-20 18:00:31,172 INFO L290 TraceCheckUtils]: 1: Hoare triple {27662#true} assume !(1 == ~handle); {27662#true} is VALID [2022-02-20 18:00:31,172 INFO L290 TraceCheckUtils]: 2: Hoare triple {27662#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {27662#true} is VALID [2022-02-20 18:00:31,172 INFO L290 TraceCheckUtils]: 3: Hoare triple {27662#true} assume true; {27662#true} is VALID [2022-02-20 18:00:31,173 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {27662#true} {27662#true} #962#return; {27662#true} is VALID [2022-02-20 18:00:31,173 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:00:31,174 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:31,176 INFO L290 TraceCheckUtils]: 0: Hoare triple {27725#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {27662#true} is VALID [2022-02-20 18:00:31,176 INFO L290 TraceCheckUtils]: 1: Hoare triple {27662#true} assume !(1 == ~handle); {27662#true} is VALID [2022-02-20 18:00:31,176 INFO L290 TraceCheckUtils]: 2: Hoare triple {27662#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {27662#true} is VALID [2022-02-20 18:00:31,176 INFO L290 TraceCheckUtils]: 3: Hoare triple {27662#true} assume true; {27662#true} is VALID [2022-02-20 18:00:31,176 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {27662#true} {27662#true} #964#return; {27662#true} is VALID [2022-02-20 18:00:31,176 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:00:31,178 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:31,180 INFO L290 TraceCheckUtils]: 0: Hoare triple {27724#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27662#true} is VALID [2022-02-20 18:00:31,180 INFO L290 TraceCheckUtils]: 1: Hoare triple {27662#true} assume !(1 == ~handle); {27662#true} is VALID [2022-02-20 18:00:31,180 INFO L290 TraceCheckUtils]: 2: Hoare triple {27662#true} assume !(2 == ~handle); {27662#true} is VALID [2022-02-20 18:00:31,180 INFO L290 TraceCheckUtils]: 3: Hoare triple {27662#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {27662#true} is VALID [2022-02-20 18:00:31,180 INFO L290 TraceCheckUtils]: 4: Hoare triple {27662#true} assume true; {27662#true} is VALID [2022-02-20 18:00:31,180 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {27662#true} {27662#true} #966#return; {27662#true} is VALID [2022-02-20 18:00:31,180 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:00:31,182 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:31,183 INFO L290 TraceCheckUtils]: 0: Hoare triple {27725#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {27662#true} is VALID [2022-02-20 18:00:31,184 INFO L290 TraceCheckUtils]: 1: Hoare triple {27662#true} assume !(1 == ~handle); {27662#true} is VALID [2022-02-20 18:00:31,184 INFO L290 TraceCheckUtils]: 2: Hoare triple {27662#true} assume !(2 == ~handle); {27662#true} is VALID [2022-02-20 18:00:31,184 INFO L290 TraceCheckUtils]: 3: Hoare triple {27662#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {27662#true} is VALID [2022-02-20 18:00:31,184 INFO L290 TraceCheckUtils]: 4: Hoare triple {27662#true} assume true; {27662#true} is VALID [2022-02-20 18:00:31,184 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {27662#true} {27662#true} #968#return; {27662#true} is VALID [2022-02-20 18:00:31,190 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:00:31,190 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:31,192 INFO L290 TraceCheckUtils]: 0: Hoare triple {27726#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {27662#true} is VALID [2022-02-20 18:00:31,192 INFO L290 TraceCheckUtils]: 1: Hoare triple {27662#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {27662#true} is VALID [2022-02-20 18:00:31,193 INFO L290 TraceCheckUtils]: 2: Hoare triple {27662#true} assume true; {27662#true} is VALID [2022-02-20 18:00:31,193 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27662#true} {27663#false} #946#return; {27663#false} is VALID [2022-02-20 18:00:31,193 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 18:00:31,194 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:31,195 INFO L290 TraceCheckUtils]: 0: Hoare triple {27662#true} ~handle := #in~handle;havoc ~retValue_acc~28; {27662#true} is VALID [2022-02-20 18:00:31,196 INFO L290 TraceCheckUtils]: 1: Hoare triple {27662#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {27662#true} is VALID [2022-02-20 18:00:31,196 INFO L290 TraceCheckUtils]: 2: Hoare triple {27662#true} assume true; {27662#true} is VALID [2022-02-20 18:00:31,196 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27662#true} {27663#false} #904#return; {27663#false} is VALID [2022-02-20 18:00:31,196 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 18:00:31,197 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:31,198 INFO L290 TraceCheckUtils]: 0: Hoare triple {27662#true} ~handle := #in~handle;havoc ~retValue_acc~11; {27662#true} is VALID [2022-02-20 18:00:31,199 INFO L290 TraceCheckUtils]: 1: Hoare triple {27662#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {27662#true} is VALID [2022-02-20 18:00:31,199 INFO L290 TraceCheckUtils]: 2: Hoare triple {27662#true} assume true; {27662#true} is VALID [2022-02-20 18:00:31,199 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27662#true} {27663#false} #906#return; {27663#false} is VALID [2022-02-20 18:00:31,199 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:00:31,200 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:31,202 INFO L290 TraceCheckUtils]: 0: Hoare triple {27662#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~33; {27662#true} is VALID [2022-02-20 18:00:31,202 INFO L290 TraceCheckUtils]: 1: Hoare triple {27662#true} assume 1 == ~handle; {27662#true} is VALID [2022-02-20 18:00:31,202 INFO L290 TraceCheckUtils]: 2: Hoare triple {27662#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~33 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~33; {27662#true} is VALID [2022-02-20 18:00:31,202 INFO L290 TraceCheckUtils]: 3: Hoare triple {27662#true} assume true; {27662#true} is VALID [2022-02-20 18:00:31,202 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {27662#true} {27663#false} #908#return; {27663#false} is VALID [2022-02-20 18:00:31,202 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-02-20 18:00:31,203 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:31,205 INFO L290 TraceCheckUtils]: 0: Hoare triple {27726#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {27662#true} is VALID [2022-02-20 18:00:31,205 INFO L290 TraceCheckUtils]: 1: Hoare triple {27662#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {27662#true} is VALID [2022-02-20 18:00:31,205 INFO L290 TraceCheckUtils]: 2: Hoare triple {27662#true} assume true; {27662#true} is VALID [2022-02-20 18:00:31,205 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27662#true} {27663#false} #914#return; {27663#false} is VALID [2022-02-20 18:00:31,206 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 109 [2022-02-20 18:00:31,206 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:31,208 INFO L290 TraceCheckUtils]: 0: Hoare triple {27662#true} ~handle := #in~handle;havoc ~retValue_acc~16; {27662#true} is VALID [2022-02-20 18:00:31,208 INFO L290 TraceCheckUtils]: 1: Hoare triple {27662#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~16; {27662#true} is VALID [2022-02-20 18:00:31,208 INFO L290 TraceCheckUtils]: 2: Hoare triple {27662#true} assume true; {27662#true} is VALID [2022-02-20 18:00:31,208 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27662#true} {27663#false} #916#return; {27663#false} is VALID [2022-02-20 18:00:31,208 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 116 [2022-02-20 18:00:31,209 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:31,211 INFO L290 TraceCheckUtils]: 0: Hoare triple {27662#true} ~handle := #in~handle;havoc ~retValue_acc~28; {27662#true} is VALID [2022-02-20 18:00:31,211 INFO L290 TraceCheckUtils]: 1: Hoare triple {27662#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {27662#true} is VALID [2022-02-20 18:00:31,211 INFO L290 TraceCheckUtils]: 2: Hoare triple {27662#true} assume true; {27662#true} is VALID [2022-02-20 18:00:31,211 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27662#true} {27663#false} #918#return; {27663#false} is VALID [2022-02-20 18:00:31,211 INFO L290 TraceCheckUtils]: 0: Hoare triple {27662#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(16, 5);call #Ultimate.allocInit(20, 6);call #Ultimate.allocInit(4, 7);call write~init~int(37, 7, 0, 1);call write~init~int(115, 7, 1, 1);call write~init~int(10, 7, 2, 1);call write~init~int(0, 7, 3, 1);call #Ultimate.allocInit(10, 8);call #Ultimate.allocInit(12, 9);call #Ultimate.allocInit(10, 10);call #Ultimate.allocInit(18, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(21, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(16, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(44, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(11, 21);call #Ultimate.allocInit(19, 22);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(100, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(21, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(25, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {27662#true} is VALID [2022-02-20 18:00:31,212 INFO L290 TraceCheckUtils]: 1: Hoare triple {27662#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet67#1, main_#t~ret68#1, main_~retValue_acc~40#1, main_~tmp~17#1;assume -2147483648 <= main_#t~nondet67#1 && main_#t~nondet67#1 <= 2147483647;main_~retValue_acc~40#1 := main_#t~nondet67#1;havoc main_#t~nondet67#1;havoc main_~tmp~17#1;assume { :begin_inline_select_helpers } true; {27662#true} is VALID [2022-02-20 18:00:31,212 INFO L290 TraceCheckUtils]: 2: Hoare triple {27662#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {27662#true} is VALID [2022-02-20 18:00:31,212 INFO L290 TraceCheckUtils]: 3: Hoare triple {27662#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {27662#true} is VALID [2022-02-20 18:00:31,212 INFO L290 TraceCheckUtils]: 4: Hoare triple {27662#true} main_#t~ret68#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret68#1 && main_#t~ret68#1 <= 2147483647;main_~tmp~17#1 := main_#t~ret68#1;havoc main_#t~ret68#1; {27662#true} is VALID [2022-02-20 18:00:31,212 INFO L290 TraceCheckUtils]: 5: Hoare triple {27662#true} assume 0 != main_~tmp~17#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet64#1, setup_#t~nondet65#1, setup_#t~nondet66#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {27662#true} is VALID [2022-02-20 18:00:31,213 INFO L272 TraceCheckUtils]: 6: Hoare triple {27662#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {27724#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:31,213 INFO L290 TraceCheckUtils]: 7: Hoare triple {27724#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27662#true} is VALID [2022-02-20 18:00:31,213 INFO L290 TraceCheckUtils]: 8: Hoare triple {27662#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {27662#true} is VALID [2022-02-20 18:00:31,213 INFO L290 TraceCheckUtils]: 9: Hoare triple {27662#true} assume true; {27662#true} is VALID [2022-02-20 18:00:31,213 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {27662#true} {27662#true} #958#return; {27662#true} is VALID [2022-02-20 18:00:31,213 INFO L290 TraceCheckUtils]: 11: Hoare triple {27662#true} assume { :end_inline_setup_bob__wrappee__Base } true; {27662#true} is VALID [2022-02-20 18:00:31,214 INFO L272 TraceCheckUtils]: 12: Hoare triple {27662#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {27725#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:31,214 INFO L290 TraceCheckUtils]: 13: Hoare triple {27725#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {27662#true} is VALID [2022-02-20 18:00:31,214 INFO L290 TraceCheckUtils]: 14: Hoare triple {27662#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {27662#true} is VALID [2022-02-20 18:00:31,215 INFO L290 TraceCheckUtils]: 15: Hoare triple {27662#true} assume true; {27662#true} is VALID [2022-02-20 18:00:31,215 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {27662#true} {27662#true} #960#return; {27662#true} is VALID [2022-02-20 18:00:31,215 INFO L290 TraceCheckUtils]: 17: Hoare triple {27662#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 19, 0;havoc setup_#t~nondet64#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {27662#true} is VALID [2022-02-20 18:00:31,216 INFO L272 TraceCheckUtils]: 18: Hoare triple {27662#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {27724#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:31,216 INFO L290 TraceCheckUtils]: 19: Hoare triple {27724#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27662#true} is VALID [2022-02-20 18:00:31,216 INFO L290 TraceCheckUtils]: 20: Hoare triple {27662#true} assume !(1 == ~handle); {27662#true} is VALID [2022-02-20 18:00:31,216 INFO L290 TraceCheckUtils]: 21: Hoare triple {27662#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {27662#true} is VALID [2022-02-20 18:00:31,216 INFO L290 TraceCheckUtils]: 22: Hoare triple {27662#true} assume true; {27662#true} is VALID [2022-02-20 18:00:31,216 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {27662#true} {27662#true} #962#return; {27662#true} is VALID [2022-02-20 18:00:31,216 INFO L290 TraceCheckUtils]: 24: Hoare triple {27662#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {27662#true} is VALID [2022-02-20 18:00:31,217 INFO L272 TraceCheckUtils]: 25: Hoare triple {27662#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {27725#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:31,217 INFO L290 TraceCheckUtils]: 26: Hoare triple {27725#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {27662#true} is VALID [2022-02-20 18:00:31,217 INFO L290 TraceCheckUtils]: 27: Hoare triple {27662#true} assume !(1 == ~handle); {27662#true} is VALID [2022-02-20 18:00:31,217 INFO L290 TraceCheckUtils]: 28: Hoare triple {27662#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {27662#true} is VALID [2022-02-20 18:00:31,217 INFO L290 TraceCheckUtils]: 29: Hoare triple {27662#true} assume true; {27662#true} is VALID [2022-02-20 18:00:31,218 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {27662#true} {27662#true} #964#return; {27662#true} is VALID [2022-02-20 18:00:31,218 INFO L290 TraceCheckUtils]: 31: Hoare triple {27662#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 20, 0;havoc setup_#t~nondet65#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {27662#true} is VALID [2022-02-20 18:00:31,218 INFO L272 TraceCheckUtils]: 32: Hoare triple {27662#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {27724#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:31,219 INFO L290 TraceCheckUtils]: 33: Hoare triple {27724#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27662#true} is VALID [2022-02-20 18:00:31,219 INFO L290 TraceCheckUtils]: 34: Hoare triple {27662#true} assume !(1 == ~handle); {27662#true} is VALID [2022-02-20 18:00:31,219 INFO L290 TraceCheckUtils]: 35: Hoare triple {27662#true} assume !(2 == ~handle); {27662#true} is VALID [2022-02-20 18:00:31,219 INFO L290 TraceCheckUtils]: 36: Hoare triple {27662#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {27662#true} is VALID [2022-02-20 18:00:31,219 INFO L290 TraceCheckUtils]: 37: Hoare triple {27662#true} assume true; {27662#true} is VALID [2022-02-20 18:00:31,219 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {27662#true} {27662#true} #966#return; {27662#true} is VALID [2022-02-20 18:00:31,219 INFO L290 TraceCheckUtils]: 39: Hoare triple {27662#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {27662#true} is VALID [2022-02-20 18:00:31,220 INFO L272 TraceCheckUtils]: 40: Hoare triple {27662#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {27725#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:31,220 INFO L290 TraceCheckUtils]: 41: Hoare triple {27725#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {27662#true} is VALID [2022-02-20 18:00:31,220 INFO L290 TraceCheckUtils]: 42: Hoare triple {27662#true} assume !(1 == ~handle); {27662#true} is VALID [2022-02-20 18:00:31,220 INFO L290 TraceCheckUtils]: 43: Hoare triple {27662#true} assume !(2 == ~handle); {27662#true} is VALID [2022-02-20 18:00:31,221 INFO L290 TraceCheckUtils]: 44: Hoare triple {27662#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {27662#true} is VALID [2022-02-20 18:00:31,221 INFO L290 TraceCheckUtils]: 45: Hoare triple {27662#true} assume true; {27662#true} is VALID [2022-02-20 18:00:31,221 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {27662#true} {27662#true} #968#return; {27662#true} is VALID [2022-02-20 18:00:31,221 INFO L290 TraceCheckUtils]: 47: Hoare triple {27662#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 21, 0;havoc setup_#t~nondet66#1; {27662#true} is VALID [2022-02-20 18:00:31,221 INFO L290 TraceCheckUtils]: 48: Hoare triple {27662#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {27694#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 18:00:31,222 INFO L290 TraceCheckUtils]: 49: Hoare triple {27694#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume !false; {27694#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 18:00:31,222 INFO L290 TraceCheckUtils]: 50: Hoare triple {27694#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {27694#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 18:00:31,222 INFO L290 TraceCheckUtils]: 51: Hoare triple {27694#(= |ULTIMATE.start_test_~op2~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {27694#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 18:00:31,223 INFO L290 TraceCheckUtils]: 52: Hoare triple {27694#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet26#1 && test_#t~nondet26#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet26#1;havoc test_#t~nondet26#1; {27694#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 18:00:31,223 INFO L290 TraceCheckUtils]: 53: Hoare triple {27694#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume !(0 != test_~tmp___9~0#1); {27694#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 18:00:31,223 INFO L290 TraceCheckUtils]: 54: Hoare triple {27694#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume !(0 == test_~op2~0#1); {27663#false} is VALID [2022-02-20 18:00:31,223 INFO L290 TraceCheckUtils]: 55: Hoare triple {27663#false} assume !(0 == test_~op3~0#1); {27663#false} is VALID [2022-02-20 18:00:31,224 INFO L290 TraceCheckUtils]: 56: Hoare triple {27663#false} assume !(0 == test_~op4~0#1); {27663#false} is VALID [2022-02-20 18:00:31,224 INFO L290 TraceCheckUtils]: 57: Hoare triple {27663#false} assume !(0 == test_~op5~0#1); {27663#false} is VALID [2022-02-20 18:00:31,224 INFO L290 TraceCheckUtils]: 58: Hoare triple {27663#false} assume !(0 == test_~op6~0#1); {27663#false} is VALID [2022-02-20 18:00:31,224 INFO L290 TraceCheckUtils]: 59: Hoare triple {27663#false} assume !(0 == test_~op7~0#1); {27663#false} is VALID [2022-02-20 18:00:31,224 INFO L290 TraceCheckUtils]: 60: Hoare triple {27663#false} assume !(0 == test_~op8~0#1); {27663#false} is VALID [2022-02-20 18:00:31,224 INFO L290 TraceCheckUtils]: 61: Hoare triple {27663#false} assume !(0 == test_~op9~0#1); {27663#false} is VALID [2022-02-20 18:00:31,224 INFO L290 TraceCheckUtils]: 62: Hoare triple {27663#false} assume !(0 == test_~op10~0#1); {27663#false} is VALID [2022-02-20 18:00:31,225 INFO L290 TraceCheckUtils]: 63: Hoare triple {27663#false} assume !(0 == test_~op11~0#1); {27663#false} is VALID [2022-02-20 18:00:31,225 INFO L290 TraceCheckUtils]: 64: Hoare triple {27663#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_#t~ret61#1, bobToRjh_#t~ret62#1, bobToRjh_~tmp~16#1, bobToRjh_~tmp___0~7#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~16#1;havoc bobToRjh_~tmp___0~7#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret59#1 := puts(17, 0);assume -2147483648 <= bobToRjh_#t~ret59#1 && bobToRjh_#t~ret59#1 <= 2147483647;havoc bobToRjh_#t~ret59#1; {27663#false} is VALID [2022-02-20 18:00:31,225 INFO L272 TraceCheckUtils]: 65: Hoare triple {27663#false} call sendEmail(~bob~0, ~rjh~0); {27663#false} is VALID [2022-02-20 18:00:31,225 INFO L290 TraceCheckUtils]: 66: Hoare triple {27663#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~39#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~39#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {27663#false} is VALID [2022-02-20 18:00:31,225 INFO L272 TraceCheckUtils]: 67: Hoare triple {27663#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {27726#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:31,225 INFO L290 TraceCheckUtils]: 68: Hoare triple {27726#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {27662#true} is VALID [2022-02-20 18:00:31,225 INFO L290 TraceCheckUtils]: 69: Hoare triple {27662#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {27662#true} is VALID [2022-02-20 18:00:31,225 INFO L290 TraceCheckUtils]: 70: Hoare triple {27662#true} assume true; {27662#true} is VALID [2022-02-20 18:00:31,226 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {27662#true} {27663#false} #946#return; {27663#false} is VALID [2022-02-20 18:00:31,226 INFO L290 TraceCheckUtils]: 72: Hoare triple {27663#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {27663#false} is VALID [2022-02-20 18:00:31,226 INFO L290 TraceCheckUtils]: 73: Hoare triple {27663#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {27663#false} is VALID [2022-02-20 18:00:31,226 INFO L290 TraceCheckUtils]: 74: Hoare triple {27663#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~39#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~39#1; {27663#false} is VALID [2022-02-20 18:00:31,226 INFO L290 TraceCheckUtils]: 75: Hoare triple {27663#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {27663#false} is VALID [2022-02-20 18:00:31,226 INFO L272 TraceCheckUtils]: 76: Hoare triple {27663#false} call outgoing(~sender#1, ~email~0#1); {27663#false} is VALID [2022-02-20 18:00:31,226 INFO L290 TraceCheckUtils]: 77: Hoare triple {27663#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret18#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~6#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~6#1; {27663#false} is VALID [2022-02-20 18:00:31,227 INFO L272 TraceCheckUtils]: 78: Hoare triple {27663#false} call sign_#t~ret18#1 := getClientPrivateKey(sign_~client#1); {27662#true} is VALID [2022-02-20 18:00:31,227 INFO L290 TraceCheckUtils]: 79: Hoare triple {27662#true} ~handle := #in~handle;havoc ~retValue_acc~28; {27662#true} is VALID [2022-02-20 18:00:31,227 INFO L290 TraceCheckUtils]: 80: Hoare triple {27662#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {27662#true} is VALID [2022-02-20 18:00:31,227 INFO L290 TraceCheckUtils]: 81: Hoare triple {27662#true} assume true; {27662#true} is VALID [2022-02-20 18:00:31,227 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {27662#true} {27663#false} #904#return; {27663#false} is VALID [2022-02-20 18:00:31,227 INFO L290 TraceCheckUtils]: 83: Hoare triple {27663#false} assume -2147483648 <= sign_#t~ret18#1 && sign_#t~ret18#1 <= 2147483647;sign_~tmp~6#1 := sign_#t~ret18#1;havoc sign_#t~ret18#1;sign_~privkey~1#1 := sign_~tmp~6#1; {27663#false} is VALID [2022-02-20 18:00:31,227 INFO L290 TraceCheckUtils]: 84: Hoare triple {27663#false} assume 0 == sign_~privkey~1#1; {27663#false} is VALID [2022-02-20 18:00:31,228 INFO L290 TraceCheckUtils]: 85: Hoare triple {27663#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret8#1, outgoing__wrappee__Encrypt_#t~ret9#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~2#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~0#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~2#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~0#1; {27663#false} is VALID [2022-02-20 18:00:31,228 INFO L272 TraceCheckUtils]: 86: Hoare triple {27663#false} call outgoing__wrappee__Encrypt_#t~ret8#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {27662#true} is VALID [2022-02-20 18:00:31,228 INFO L290 TraceCheckUtils]: 87: Hoare triple {27662#true} ~handle := #in~handle;havoc ~retValue_acc~11; {27662#true} is VALID [2022-02-20 18:00:31,228 INFO L290 TraceCheckUtils]: 88: Hoare triple {27662#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {27662#true} is VALID [2022-02-20 18:00:31,228 INFO L290 TraceCheckUtils]: 89: Hoare triple {27662#true} assume true; {27662#true} is VALID [2022-02-20 18:00:31,228 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {27662#true} {27663#false} #906#return; {27663#false} is VALID [2022-02-20 18:00:31,228 INFO L290 TraceCheckUtils]: 91: Hoare triple {27663#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret8#1 && outgoing__wrappee__Encrypt_#t~ret8#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~2#1 := outgoing__wrappee__Encrypt_#t~ret8#1;havoc outgoing__wrappee__Encrypt_#t~ret8#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~2#1; {27663#false} is VALID [2022-02-20 18:00:31,229 INFO L272 TraceCheckUtils]: 92: Hoare triple {27663#false} call outgoing__wrappee__Encrypt_#t~ret9#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {27662#true} is VALID [2022-02-20 18:00:31,229 INFO L290 TraceCheckUtils]: 93: Hoare triple {27662#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~33; {27662#true} is VALID [2022-02-20 18:00:31,229 INFO L290 TraceCheckUtils]: 94: Hoare triple {27662#true} assume 1 == ~handle; {27662#true} is VALID [2022-02-20 18:00:31,229 INFO L290 TraceCheckUtils]: 95: Hoare triple {27662#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~33 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~33; {27662#true} is VALID [2022-02-20 18:00:31,229 INFO L290 TraceCheckUtils]: 96: Hoare triple {27662#true} assume true; {27662#true} is VALID [2022-02-20 18:00:31,229 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {27662#true} {27663#false} #908#return; {27663#false} is VALID [2022-02-20 18:00:31,229 INFO L290 TraceCheckUtils]: 98: Hoare triple {27663#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret9#1 && outgoing__wrappee__Encrypt_#t~ret9#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~0#1 := outgoing__wrappee__Encrypt_#t~ret9#1;havoc outgoing__wrappee__Encrypt_#t~ret9#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~0#1; {27663#false} is VALID [2022-02-20 18:00:31,229 INFO L290 TraceCheckUtils]: 99: Hoare triple {27663#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {27663#false} is VALID [2022-02-20 18:00:31,230 INFO L290 TraceCheckUtils]: 100: Hoare triple {27663#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret7#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~1#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~35#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~35#1; {27663#false} is VALID [2022-02-20 18:00:31,230 INFO L290 TraceCheckUtils]: 101: Hoare triple {27663#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~35#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~35#1; {27663#false} is VALID [2022-02-20 18:00:31,230 INFO L290 TraceCheckUtils]: 102: Hoare triple {27663#false} outgoing__wrappee__Keys_#t~ret7#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret7#1 && outgoing__wrappee__Keys_#t~ret7#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~1#1 := outgoing__wrappee__Keys_#t~ret7#1;havoc outgoing__wrappee__Keys_#t~ret7#1; {27663#false} is VALID [2022-02-20 18:00:31,230 INFO L272 TraceCheckUtils]: 103: Hoare triple {27663#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~1#1); {27726#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:31,230 INFO L290 TraceCheckUtils]: 104: Hoare triple {27726#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {27662#true} is VALID [2022-02-20 18:00:31,230 INFO L290 TraceCheckUtils]: 105: Hoare triple {27662#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {27662#true} is VALID [2022-02-20 18:00:31,230 INFO L290 TraceCheckUtils]: 106: Hoare triple {27662#true} assume true; {27662#true} is VALID [2022-02-20 18:00:31,231 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {27662#true} {27663#false} #914#return; {27663#false} is VALID [2022-02-20 18:00:31,231 INFO L290 TraceCheckUtils]: 108: Hoare triple {27663#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret5#1, mail_#t~ret6#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~0#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret80#1, __utac_acc__SignForward_spec__1_#t~ret81#1, __utac_acc__SignForward_spec__1_#t~ret82#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~19#1, __utac_acc__SignForward_spec__1_~tmp___0~9#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~19#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~9#1;call __utac_acc__SignForward_spec__1_#t~ret80#1 := puts(25, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret80#1 && __utac_acc__SignForward_spec__1_#t~ret80#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret80#1; {27663#false} is VALID [2022-02-20 18:00:31,231 INFO L272 TraceCheckUtils]: 109: Hoare triple {27663#false} call __utac_acc__SignForward_spec__1_#t~ret81#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {27662#true} is VALID [2022-02-20 18:00:31,231 INFO L290 TraceCheckUtils]: 110: Hoare triple {27662#true} ~handle := #in~handle;havoc ~retValue_acc~16; {27662#true} is VALID [2022-02-20 18:00:31,231 INFO L290 TraceCheckUtils]: 111: Hoare triple {27662#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~16; {27662#true} is VALID [2022-02-20 18:00:31,231 INFO L290 TraceCheckUtils]: 112: Hoare triple {27662#true} assume true; {27662#true} is VALID [2022-02-20 18:00:31,231 INFO L284 TraceCheckUtils]: 113: Hoare quadruple {27662#true} {27663#false} #916#return; {27663#false} is VALID [2022-02-20 18:00:31,231 INFO L290 TraceCheckUtils]: 114: Hoare triple {27663#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret81#1 && __utac_acc__SignForward_spec__1_#t~ret81#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~9#1 := __utac_acc__SignForward_spec__1_#t~ret81#1;havoc __utac_acc__SignForward_spec__1_#t~ret81#1; {27663#false} is VALID [2022-02-20 18:00:31,232 INFO L290 TraceCheckUtils]: 115: Hoare triple {27663#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~9#1; {27663#false} is VALID [2022-02-20 18:00:31,232 INFO L272 TraceCheckUtils]: 116: Hoare triple {27663#false} call __utac_acc__SignForward_spec__1_#t~ret82#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {27662#true} is VALID [2022-02-20 18:00:31,232 INFO L290 TraceCheckUtils]: 117: Hoare triple {27662#true} ~handle := #in~handle;havoc ~retValue_acc~28; {27662#true} is VALID [2022-02-20 18:00:31,232 INFO L290 TraceCheckUtils]: 118: Hoare triple {27662#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~28; {27662#true} is VALID [2022-02-20 18:00:31,232 INFO L290 TraceCheckUtils]: 119: Hoare triple {27662#true} assume true; {27662#true} is VALID [2022-02-20 18:00:31,232 INFO L284 TraceCheckUtils]: 120: Hoare quadruple {27662#true} {27663#false} #918#return; {27663#false} is VALID [2022-02-20 18:00:31,232 INFO L290 TraceCheckUtils]: 121: Hoare triple {27663#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret82#1 && __utac_acc__SignForward_spec__1_#t~ret82#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~19#1 := __utac_acc__SignForward_spec__1_#t~ret82#1;havoc __utac_acc__SignForward_spec__1_#t~ret82#1; {27663#false} is VALID [2022-02-20 18:00:31,233 INFO L290 TraceCheckUtils]: 122: Hoare triple {27663#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~19#1;assume { :begin_inline___automaton_fail } true; {27663#false} is VALID [2022-02-20 18:00:31,233 INFO L290 TraceCheckUtils]: 123: Hoare triple {27663#false} assume !false; {27663#false} is VALID [2022-02-20 18:00:31,233 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 34 trivial. 0 not checked. [2022-02-20 18:00:31,233 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:00:31,233 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1129117692] [2022-02-20 18:00:31,233 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1129117692] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:00:31,234 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:00:31,234 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:00:31,234 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2132609383] [2022-02-20 18:00:31,234 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:00:31,235 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 13.333333333333334) internal successors, (80), 3 states have internal predecessors, (80), 2 states have call successors, (15), 5 states have call predecessors, (15), 1 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) Word has length 124 [2022-02-20 18:00:31,235 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:00:31,235 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 13.333333333333334) internal successors, (80), 3 states have internal predecessors, (80), 2 states have call successors, (15), 5 states have call predecessors, (15), 1 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 18:00:31,325 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 108 edges. 108 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:31,325 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:00:31,325 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:00:31,326 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:00:31,326 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:00:31,326 INFO L87 Difference]: Start difference. First operand 677 states and 1103 transitions. Second operand has 6 states, 6 states have (on average 13.333333333333334) internal successors, (80), 3 states have internal predecessors, (80), 2 states have call successors, (15), 5 states have call predecessors, (15), 1 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13)