./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec4_product32.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec4_product32.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 5711b4c0ea669ac051f0ad97dbc3a1a473a1622b7d95c937325001ba5ca1073b --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 17:59:49,151 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 17:59:49,153 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 17:59:49,185 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 17:59:49,186 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 17:59:49,188 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 17:59:49,189 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 17:59:49,191 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 17:59:49,192 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 17:59:49,196 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 17:59:49,196 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 17:59:49,197 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 17:59:49,197 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 17:59:49,199 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 17:59:49,200 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 17:59:49,202 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 17:59:49,202 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 17:59:49,203 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 17:59:49,205 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 17:59:49,209 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 17:59:49,210 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 17:59:49,210 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 17:59:49,212 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 17:59:49,212 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 17:59:49,216 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 17:59:49,217 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 17:59:49,217 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 17:59:49,218 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 17:59:49,218 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 17:59:49,219 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 17:59:49,219 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 17:59:49,220 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 17:59:49,221 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 17:59:49,222 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 17:59:49,222 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 17:59:49,223 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 17:59:49,223 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 17:59:49,223 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 17:59:49,223 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 17:59:49,224 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 17:59:49,224 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 17:59:49,225 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 17:59:49,247 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 17:59:49,248 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 17:59:49,248 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 17:59:49,248 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 17:59:49,249 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 17:59:49,249 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 17:59:49,250 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 17:59:49,250 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 17:59:49,250 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 17:59:49,250 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 17:59:49,251 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 17:59:49,251 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 17:59:49,251 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 17:59:49,251 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 17:59:49,251 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 17:59:49,251 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 17:59:49,252 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 17:59:49,252 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 17:59:49,252 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 17:59:49,252 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 17:59:49,252 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 17:59:49,252 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 17:59:49,252 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 17:59:49,253 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 17:59:49,253 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 17:59:49,253 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 17:59:49,253 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 17:59:49,253 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 17:59:49,253 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 17:59:49,254 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 17:59:49,254 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 17:59:49,254 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 17:59:49,254 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 17:59:49,254 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 5711b4c0ea669ac051f0ad97dbc3a1a473a1622b7d95c937325001ba5ca1073b [2022-02-20 17:59:49,446 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 17:59:49,460 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 17:59:49,462 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 17:59:49,462 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 17:59:49,463 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 17:59:49,465 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec4_product32.cil.c [2022-02-20 17:59:49,524 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/c44835ae8/4b833c2604de4eedbe3188c5d42603ce/FLAG4aed86591 [2022-02-20 17:59:49,950 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 17:59:49,950 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec4_product32.cil.c [2022-02-20 17:59:49,961 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/c44835ae8/4b833c2604de4eedbe3188c5d42603ce/FLAG4aed86591 [2022-02-20 17:59:49,975 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/c44835ae8/4b833c2604de4eedbe3188c5d42603ce [2022-02-20 17:59:49,976 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 17:59:49,978 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 17:59:49,980 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 17:59:49,980 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 17:59:49,983 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 17:59:49,983 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:59:49" (1/1) ... [2022-02-20 17:59:49,984 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@12c4352f and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:49, skipping insertion in model container [2022-02-20 17:59:49,984 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:59:49" (1/1) ... [2022-02-20 17:59:49,989 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 17:59:50,029 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 17:59:50,338 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec4_product32.cil.c[32699,32712] [2022-02-20 17:59:50,474 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 17:59:50,486 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 17:59:50,546 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec4_product32.cil.c[32699,32712] [2022-02-20 17:59:50,624 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 17:59:50,676 INFO L208 MainTranslator]: Completed translation [2022-02-20 17:59:50,676 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:50 WrapperNode [2022-02-20 17:59:50,677 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 17:59:50,677 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 17:59:50,678 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 17:59:50,678 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 17:59:50,682 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:50" (1/1) ... [2022-02-20 17:59:50,714 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:50" (1/1) ... [2022-02-20 17:59:50,778 INFO L137 Inliner]: procedures = 134, calls = 237, calls flagged for inlining = 61, calls inlined = 53, statements flattened = 987 [2022-02-20 17:59:50,778 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 17:59:50,779 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 17:59:50,779 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 17:59:50,779 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 17:59:50,784 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:50" (1/1) ... [2022-02-20 17:59:50,785 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:50" (1/1) ... [2022-02-20 17:59:50,803 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:50" (1/1) ... [2022-02-20 17:59:50,803 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:50" (1/1) ... [2022-02-20 17:59:50,825 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:50" (1/1) ... [2022-02-20 17:59:50,832 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:50" (1/1) ... [2022-02-20 17:59:50,835 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:50" (1/1) ... [2022-02-20 17:59:50,840 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 17:59:50,841 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 17:59:50,841 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 17:59:50,841 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 17:59:50,867 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:50" (1/1) ... [2022-02-20 17:59:50,872 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 17:59:50,880 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:59:50,889 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 17:59:50,890 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 17:59:50,913 INFO L130 BoogieDeclarations]: Found specification of procedure getClientPrivateKey [2022-02-20 17:59:50,913 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientPrivateKey [2022-02-20 17:59:50,913 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookSize [2022-02-20 17:59:50,913 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookSize [2022-02-20 17:59:50,914 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailEncryptionKey [2022-02-20 17:59:50,914 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailEncryptionKey [2022-02-20 17:59:50,914 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookAddress [2022-02-20 17:59:50,914 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookAddress [2022-02-20 17:59:50,914 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailEncryptionKey [2022-02-20 17:59:50,914 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailEncryptionKey [2022-02-20 17:59:50,915 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2022-02-20 17:59:50,915 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2022-02-20 17:59:50,915 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__wrappee__AutoResponder [2022-02-20 17:59:50,915 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__wrappee__AutoResponder [2022-02-20 17:59:50,915 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2022-02-20 17:59:50,915 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2022-02-20 17:59:50,915 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable [2022-02-20 17:59:50,915 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable [2022-02-20 17:59:50,915 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2022-02-20 17:59:50,916 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2022-02-20 17:59:50,916 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailIsEncrypted [2022-02-20 17:59:50,916 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailIsEncrypted [2022-02-20 17:59:50,916 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailSignKey [2022-02-20 17:59:50,916 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailSignKey [2022-02-20 17:59:50,916 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2022-02-20 17:59:50,917 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2022-02-20 17:59:50,917 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2022-02-20 17:59:50,917 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailFrom [2022-02-20 17:59:50,917 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailFrom [2022-02-20 17:59:50,917 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2022-02-20 17:59:50,917 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2022-02-20 17:59:50,917 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 17:59:50,917 INFO L130 BoogieDeclarations]: Found specification of procedure isSigned [2022-02-20 17:59:50,918 INFO L138 BoogieDeclarations]: Found implementation of procedure isSigned [2022-02-20 17:59:50,918 INFO L130 BoogieDeclarations]: Found specification of procedure isKeyPairValid [2022-02-20 17:59:50,918 INFO L138 BoogieDeclarations]: Found implementation of procedure isKeyPairValid [2022-02-20 17:59:50,918 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookSize [2022-02-20 17:59:50,918 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookSize [2022-02-20 17:59:50,918 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2022-02-20 17:59:50,918 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2022-02-20 17:59:50,919 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2022-02-20 17:59:50,919 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2022-02-20 17:59:50,919 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2022-02-20 17:59:50,919 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2022-02-20 17:59:50,919 INFO L130 BoogieDeclarations]: Found specification of procedure findPublicKey [2022-02-20 17:59:50,919 INFO L138 BoogieDeclarations]: Found implementation of procedure findPublicKey [2022-02-20 17:59:50,919 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2022-02-20 17:59:50,920 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2022-02-20 17:59:50,920 INFO L130 BoogieDeclarations]: Found specification of procedure isEncrypted [2022-02-20 17:59:50,920 INFO L138 BoogieDeclarations]: Found implementation of procedure isEncrypted [2022-02-20 17:59:50,920 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2022-02-20 17:59:50,920 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2022-02-20 17:59:50,921 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2022-02-20 17:59:50,921 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2022-02-20 17:59:50,921 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 17:59:50,922 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2022-02-20 17:59:50,922 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2022-02-20 17:59:50,923 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookAddress [2022-02-20 17:59:50,923 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookAddress [2022-02-20 17:59:50,923 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 17:59:50,923 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 17:59:51,147 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 17:59:51,149 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 17:59:51,852 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 17:59:51,861 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 17:59:51,861 INFO L299 CfgBuilder]: Removed 1 assume(true) statements. [2022-02-20 17:59:51,863 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:59:51 BoogieIcfgContainer [2022-02-20 17:59:51,863 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 17:59:51,864 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 17:59:51,864 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 17:59:51,866 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 17:59:51,866 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 05:59:49" (1/3) ... [2022-02-20 17:59:51,867 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@616b8b41 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:59:51, skipping insertion in model container [2022-02-20 17:59:51,867 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:50" (2/3) ... [2022-02-20 17:59:51,867 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@616b8b41 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:59:51, skipping insertion in model container [2022-02-20 17:59:51,867 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:59:51" (3/3) ... [2022-02-20 17:59:51,868 INFO L111 eAbstractionObserver]: Analyzing ICFG email_spec4_product32.cil.c [2022-02-20 17:59:51,871 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 17:59:51,871 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 17:59:51,900 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 17:59:51,904 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 17:59:51,904 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 17:59:51,924 INFO L276 IsEmpty]: Start isEmpty. Operand has 425 states, 330 states have (on average 1.5515151515151515) internal successors, (512), 335 states have internal predecessors, (512), 65 states have call successors, (65), 28 states have call predecessors, (65), 28 states have return successors, (65), 64 states have call predecessors, (65), 65 states have call successors, (65) [2022-02-20 17:59:51,957 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 117 [2022-02-20 17:59:51,957 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:51,958 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:51,959 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:51,962 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:51,962 INFO L85 PathProgramCache]: Analyzing trace with hash -302497054, now seen corresponding path program 1 times [2022-02-20 17:59:51,968 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:51,969 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2068606447] [2022-02-20 17:59:51,969 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:51,969 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:52,081 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:52,162 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:59:52,165 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:52,177 INFO L290 TraceCheckUtils]: 0: Hoare triple {492#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:59:52,177 INFO L290 TraceCheckUtils]: 1: Hoare triple {428#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {428#true} is VALID [2022-02-20 17:59:52,178 INFO L290 TraceCheckUtils]: 2: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:59:52,178 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {428#true} {428#true} #1279#return; {428#true} is VALID [2022-02-20 17:59:52,184 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:59:52,189 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:52,196 INFO L290 TraceCheckUtils]: 0: Hoare triple {493#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:59:52,197 INFO L290 TraceCheckUtils]: 1: Hoare triple {428#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {428#true} is VALID [2022-02-20 17:59:52,197 INFO L290 TraceCheckUtils]: 2: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:59:52,197 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {428#true} {428#true} #1281#return; {428#true} is VALID [2022-02-20 17:59:52,198 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:52,227 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:52,244 INFO L290 TraceCheckUtils]: 0: Hoare triple {492#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {494#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:52,245 INFO L290 TraceCheckUtils]: 1: Hoare triple {494#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {495#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:52,245 INFO L290 TraceCheckUtils]: 2: Hoare triple {495#(= |setClientId_#in~handle| 1)} assume true; {495#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:52,251 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {495#(= |setClientId_#in~handle| 1)} {438#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1283#return; {429#false} is VALID [2022-02-20 17:59:52,251 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:59:52,254 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:52,259 INFO L290 TraceCheckUtils]: 0: Hoare triple {493#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:59:52,260 INFO L290 TraceCheckUtils]: 1: Hoare triple {428#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {428#true} is VALID [2022-02-20 17:59:52,260 INFO L290 TraceCheckUtils]: 2: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:59:52,260 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {428#true} {429#false} #1285#return; {429#false} is VALID [2022-02-20 17:59:52,260 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:59:52,263 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:52,266 INFO L290 TraceCheckUtils]: 0: Hoare triple {492#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:59:52,266 INFO L290 TraceCheckUtils]: 1: Hoare triple {428#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {428#true} is VALID [2022-02-20 17:59:52,266 INFO L290 TraceCheckUtils]: 2: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:59:52,266 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {428#true} {429#false} #1287#return; {429#false} is VALID [2022-02-20 17:59:52,267 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:59:52,269 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:52,271 INFO L290 TraceCheckUtils]: 0: Hoare triple {493#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:59:52,271 INFO L290 TraceCheckUtils]: 1: Hoare triple {428#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {428#true} is VALID [2022-02-20 17:59:52,272 INFO L290 TraceCheckUtils]: 2: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:59:52,272 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {428#true} {429#false} #1289#return; {429#false} is VALID [2022-02-20 17:59:52,278 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2022-02-20 17:59:52,279 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:52,282 INFO L290 TraceCheckUtils]: 0: Hoare triple {496#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:59:52,282 INFO L290 TraceCheckUtils]: 1: Hoare triple {428#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {428#true} is VALID [2022-02-20 17:59:52,282 INFO L290 TraceCheckUtils]: 2: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:59:52,282 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {428#true} {429#false} #1221#return; {429#false} is VALID [2022-02-20 17:59:52,289 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 52 [2022-02-20 17:59:52,290 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:52,293 INFO L290 TraceCheckUtils]: 0: Hoare triple {497#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:59:52,293 INFO L290 TraceCheckUtils]: 1: Hoare triple {428#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {428#true} is VALID [2022-02-20 17:59:52,293 INFO L290 TraceCheckUtils]: 2: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:59:52,293 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {428#true} {429#false} #1223#return; {429#false} is VALID [2022-02-20 17:59:52,293 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 17:59:52,294 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:52,297 INFO L290 TraceCheckUtils]: 0: Hoare triple {428#true} ~handle := #in~handle;havoc ~retValue_acc~11; {428#true} is VALID [2022-02-20 17:59:52,297 INFO L290 TraceCheckUtils]: 1: Hoare triple {428#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {428#true} is VALID [2022-02-20 17:59:52,297 INFO L290 TraceCheckUtils]: 2: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:59:52,297 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {428#true} {429#false} #1201#return; {429#false} is VALID [2022-02-20 17:59:52,298 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 17:59:52,299 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:52,301 INFO L290 TraceCheckUtils]: 0: Hoare triple {428#true} ~handle := #in~handle;havoc ~retValue_acc~5; {428#true} is VALID [2022-02-20 17:59:52,301 INFO L290 TraceCheckUtils]: 1: Hoare triple {428#true} assume 1 == ~handle;~retValue_acc~5 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~5; {428#true} is VALID [2022-02-20 17:59:52,301 INFO L290 TraceCheckUtils]: 2: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:59:52,301 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {428#true} {429#false} #1203#return; {429#false} is VALID [2022-02-20 17:59:52,302 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 17:59:52,303 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:52,305 INFO L290 TraceCheckUtils]: 0: Hoare triple {428#true} ~handle := #in~handle;havoc ~retValue_acc~36; {428#true} is VALID [2022-02-20 17:59:52,305 INFO L290 TraceCheckUtils]: 1: Hoare triple {428#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {428#true} is VALID [2022-02-20 17:59:52,305 INFO L290 TraceCheckUtils]: 2: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:59:52,305 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {428#true} {429#false} #1235#return; {429#false} is VALID [2022-02-20 17:59:52,305 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 17:59:52,306 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:52,308 INFO L290 TraceCheckUtils]: 0: Hoare triple {428#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~16; {428#true} is VALID [2022-02-20 17:59:52,309 INFO L290 TraceCheckUtils]: 1: Hoare triple {428#true} assume 1 == ~handle; {428#true} is VALID [2022-02-20 17:59:52,309 INFO L290 TraceCheckUtils]: 2: Hoare triple {428#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~16 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~16; {428#true} is VALID [2022-02-20 17:59:52,309 INFO L290 TraceCheckUtils]: 3: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:59:52,309 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {428#true} {429#false} #1237#return; {429#false} is VALID [2022-02-20 17:59:52,310 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-02-20 17:59:52,311 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:52,313 INFO L290 TraceCheckUtils]: 0: Hoare triple {496#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:59:52,313 INFO L290 TraceCheckUtils]: 1: Hoare triple {428#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {428#true} is VALID [2022-02-20 17:59:52,313 INFO L290 TraceCheckUtils]: 2: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:59:52,313 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {428#true} {429#false} #1243#return; {429#false} is VALID [2022-02-20 17:59:52,313 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 17:59:52,314 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:52,316 INFO L290 TraceCheckUtils]: 0: Hoare triple {428#true} ~handle := #in~handle;havoc ~retValue_acc~41; {428#true} is VALID [2022-02-20 17:59:52,316 INFO L290 TraceCheckUtils]: 1: Hoare triple {428#true} assume 1 == ~handle;~retValue_acc~41 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~41; {428#true} is VALID [2022-02-20 17:59:52,317 INFO L290 TraceCheckUtils]: 2: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:59:52,317 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {428#true} {429#false} #1245#return; {429#false} is VALID [2022-02-20 17:59:52,317 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 108 [2022-02-20 17:59:52,318 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:52,320 INFO L290 TraceCheckUtils]: 0: Hoare triple {428#true} ~handle := #in~handle;havoc ~retValue_acc~11; {428#true} is VALID [2022-02-20 17:59:52,320 INFO L290 TraceCheckUtils]: 1: Hoare triple {428#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {428#true} is VALID [2022-02-20 17:59:52,320 INFO L290 TraceCheckUtils]: 2: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:59:52,321 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {428#true} {429#false} #1247#return; {429#false} is VALID [2022-02-20 17:59:52,321 INFO L290 TraceCheckUtils]: 0: Hoare triple {428#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(13, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(34, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(20, 25);call #Ultimate.allocInit(22, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {428#true} is VALID [2022-02-20 17:59:52,322 INFO L290 TraceCheckUtils]: 1: Hoare triple {428#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret15#1, main_~retValue_acc~19#1, main_~tmp~3#1;havoc main_~retValue_acc~19#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {428#true} is VALID [2022-02-20 17:59:52,322 INFO L290 TraceCheckUtils]: 2: Hoare triple {428#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {428#true} is VALID [2022-02-20 17:59:52,322 INFO L290 TraceCheckUtils]: 3: Hoare triple {428#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {428#true} is VALID [2022-02-20 17:59:52,322 INFO L290 TraceCheckUtils]: 4: Hoare triple {428#true} main_#t~ret15#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret15#1 && main_#t~ret15#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret15#1;havoc main_#t~ret15#1; {428#true} is VALID [2022-02-20 17:59:52,323 INFO L290 TraceCheckUtils]: 5: Hoare triple {428#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet12#1, setup_#t~nondet13#1, setup_#t~nondet14#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {428#true} is VALID [2022-02-20 17:59:52,323 INFO L272 TraceCheckUtils]: 6: Hoare triple {428#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {492#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:52,324 INFO L290 TraceCheckUtils]: 7: Hoare triple {492#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:59:52,324 INFO L290 TraceCheckUtils]: 8: Hoare triple {428#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {428#true} is VALID [2022-02-20 17:59:52,324 INFO L290 TraceCheckUtils]: 9: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:59:52,324 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {428#true} {428#true} #1279#return; {428#true} is VALID [2022-02-20 17:59:52,324 INFO L290 TraceCheckUtils]: 11: Hoare triple {428#true} assume { :end_inline_setup_bob__wrappee__Base } true; {428#true} is VALID [2022-02-20 17:59:52,325 INFO L272 TraceCheckUtils]: 12: Hoare triple {428#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {493#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:52,325 INFO L290 TraceCheckUtils]: 13: Hoare triple {493#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:59:52,325 INFO L290 TraceCheckUtils]: 14: Hoare triple {428#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {428#true} is VALID [2022-02-20 17:59:52,326 INFO L290 TraceCheckUtils]: 15: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:59:52,326 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {428#true} {428#true} #1281#return; {428#true} is VALID [2022-02-20 17:59:52,326 INFO L290 TraceCheckUtils]: 17: Hoare triple {428#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet12#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {438#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:59:52,327 INFO L272 TraceCheckUtils]: 18: Hoare triple {438#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {492#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:52,327 INFO L290 TraceCheckUtils]: 19: Hoare triple {492#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {494#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:52,328 INFO L290 TraceCheckUtils]: 20: Hoare triple {494#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {495#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:52,328 INFO L290 TraceCheckUtils]: 21: Hoare triple {495#(= |setClientId_#in~handle| 1)} assume true; {495#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:52,329 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {495#(= |setClientId_#in~handle| 1)} {438#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1283#return; {429#false} is VALID [2022-02-20 17:59:52,329 INFO L290 TraceCheckUtils]: 23: Hoare triple {429#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {429#false} is VALID [2022-02-20 17:59:52,329 INFO L272 TraceCheckUtils]: 24: Hoare triple {429#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {493#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:52,329 INFO L290 TraceCheckUtils]: 25: Hoare triple {493#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:59:52,330 INFO L290 TraceCheckUtils]: 26: Hoare triple {428#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {428#true} is VALID [2022-02-20 17:59:52,330 INFO L290 TraceCheckUtils]: 27: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:59:52,330 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {428#true} {429#false} #1285#return; {429#false} is VALID [2022-02-20 17:59:52,330 INFO L290 TraceCheckUtils]: 29: Hoare triple {429#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet13#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {429#false} is VALID [2022-02-20 17:59:52,330 INFO L272 TraceCheckUtils]: 30: Hoare triple {429#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {492#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:52,331 INFO L290 TraceCheckUtils]: 31: Hoare triple {492#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:59:52,331 INFO L290 TraceCheckUtils]: 32: Hoare triple {428#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {428#true} is VALID [2022-02-20 17:59:52,331 INFO L290 TraceCheckUtils]: 33: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:59:52,331 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {428#true} {429#false} #1287#return; {429#false} is VALID [2022-02-20 17:59:52,331 INFO L290 TraceCheckUtils]: 35: Hoare triple {429#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {429#false} is VALID [2022-02-20 17:59:52,331 INFO L272 TraceCheckUtils]: 36: Hoare triple {429#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {493#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:52,332 INFO L290 TraceCheckUtils]: 37: Hoare triple {493#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:59:52,332 INFO L290 TraceCheckUtils]: 38: Hoare triple {428#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {428#true} is VALID [2022-02-20 17:59:52,332 INFO L290 TraceCheckUtils]: 39: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:59:52,332 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {428#true} {429#false} #1289#return; {429#false} is VALID [2022-02-20 17:59:52,332 INFO L290 TraceCheckUtils]: 41: Hoare triple {429#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 8, 0;havoc setup_#t~nondet14#1; {429#false} is VALID [2022-02-20 17:59:52,333 INFO L290 TraceCheckUtils]: 42: Hoare triple {429#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_#t~nondet107#1, test_#t~nondet108#1, test_#t~nondet109#1, test_#t~nondet110#1, test_#t~nondet111#1, test_#t~nondet112#1, test_#t~nondet113#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~25#1, test_~tmp___0~10#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~25#1;havoc test_~tmp___0~10#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {429#false} is VALID [2022-02-20 17:59:52,333 INFO L290 TraceCheckUtils]: 43: Hoare triple {429#false} assume false; {429#false} is VALID [2022-02-20 17:59:52,333 INFO L290 TraceCheckUtils]: 44: Hoare triple {429#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_#t~ret10#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret7#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret7#1 && bobToRjh_#t~ret7#1 <= 2147483647;havoc bobToRjh_#t~ret7#1; {429#false} is VALID [2022-02-20 17:59:52,333 INFO L272 TraceCheckUtils]: 45: Hoare triple {429#false} call sendEmail(~bob~0, ~rjh~0); {429#false} is VALID [2022-02-20 17:59:52,334 INFO L290 TraceCheckUtils]: 46: Hoare triple {429#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {429#false} is VALID [2022-02-20 17:59:52,334 INFO L272 TraceCheckUtils]: 47: Hoare triple {429#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {496#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:52,334 INFO L290 TraceCheckUtils]: 48: Hoare triple {496#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:59:52,334 INFO L290 TraceCheckUtils]: 49: Hoare triple {428#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {428#true} is VALID [2022-02-20 17:59:52,334 INFO L290 TraceCheckUtils]: 50: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:59:52,335 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {428#true} {429#false} #1221#return; {429#false} is VALID [2022-02-20 17:59:52,335 INFO L272 TraceCheckUtils]: 52: Hoare triple {429#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {497#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:52,335 INFO L290 TraceCheckUtils]: 53: Hoare triple {497#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:59:52,335 INFO L290 TraceCheckUtils]: 54: Hoare triple {428#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {428#true} is VALID [2022-02-20 17:59:52,335 INFO L290 TraceCheckUtils]: 55: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:59:52,336 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {428#true} {429#false} #1223#return; {429#false} is VALID [2022-02-20 17:59:52,336 INFO L290 TraceCheckUtils]: 57: Hoare triple {429#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {429#false} is VALID [2022-02-20 17:59:52,336 INFO L290 TraceCheckUtils]: 58: Hoare triple {429#false} #t~ret65#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret65#1 && #t~ret65#1 <= 2147483647;~tmp~17#1 := #t~ret65#1;havoc #t~ret65#1;~email~0#1 := ~tmp~17#1; {429#false} is VALID [2022-02-20 17:59:52,336 INFO L272 TraceCheckUtils]: 59: Hoare triple {429#false} call outgoing(~sender#1, ~email~0#1); {429#false} is VALID [2022-02-20 17:59:52,336 INFO L290 TraceCheckUtils]: 60: Hoare triple {429#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret69#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~19#1; {429#false} is VALID [2022-02-20 17:59:52,337 INFO L272 TraceCheckUtils]: 61: Hoare triple {429#false} call sign_#t~ret69#1 := getClientPrivateKey(sign_~client#1); {428#true} is VALID [2022-02-20 17:59:52,337 INFO L290 TraceCheckUtils]: 62: Hoare triple {428#true} ~handle := #in~handle;havoc ~retValue_acc~11; {428#true} is VALID [2022-02-20 17:59:52,337 INFO L290 TraceCheckUtils]: 63: Hoare triple {428#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {428#true} is VALID [2022-02-20 17:59:52,337 INFO L290 TraceCheckUtils]: 64: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:59:52,337 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {428#true} {429#false} #1201#return; {429#false} is VALID [2022-02-20 17:59:52,337 INFO L290 TraceCheckUtils]: 66: Hoare triple {429#false} assume -2147483648 <= sign_#t~ret69#1 && sign_#t~ret69#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret69#1;havoc sign_#t~ret69#1;sign_~privkey~1#1 := sign_~tmp~19#1; {429#false} is VALID [2022-02-20 17:59:52,338 INFO L290 TraceCheckUtils]: 67: Hoare triple {429#false} assume 0 == sign_~privkey~1#1; {429#false} is VALID [2022-02-20 17:59:52,338 INFO L290 TraceCheckUtils]: 68: Hoare triple {429#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret52#1, outgoing__wrappee__AddressBook_#t~ret53#1, outgoing__wrappee__AddressBook_#t~ret54#1, outgoing__wrappee__AddressBook_#t~ret55#1, outgoing__wrappee__AddressBook_#t~ret56#1, outgoing__wrappee__AddressBook_#t~ret57#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~13#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~6#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~13#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~6#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {429#false} is VALID [2022-02-20 17:59:52,338 INFO L272 TraceCheckUtils]: 69: Hoare triple {429#false} call outgoing__wrappee__AddressBook_#t~ret52#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {428#true} is VALID [2022-02-20 17:59:52,338 INFO L290 TraceCheckUtils]: 70: Hoare triple {428#true} ~handle := #in~handle;havoc ~retValue_acc~5; {428#true} is VALID [2022-02-20 17:59:52,338 INFO L290 TraceCheckUtils]: 71: Hoare triple {428#true} assume 1 == ~handle;~retValue_acc~5 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~5; {428#true} is VALID [2022-02-20 17:59:52,339 INFO L290 TraceCheckUtils]: 72: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:59:52,339 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {428#true} {429#false} #1203#return; {429#false} is VALID [2022-02-20 17:59:52,339 INFO L290 TraceCheckUtils]: 74: Hoare triple {429#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret52#1 && outgoing__wrappee__AddressBook_#t~ret52#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~13#1 := outgoing__wrappee__AddressBook_#t~ret52#1;havoc outgoing__wrappee__AddressBook_#t~ret52#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~13#1; {429#false} is VALID [2022-02-20 17:59:52,339 INFO L290 TraceCheckUtils]: 75: Hoare triple {429#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {429#false} is VALID [2022-02-20 17:59:52,339 INFO L272 TraceCheckUtils]: 76: Hoare triple {429#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {429#false} is VALID [2022-02-20 17:59:52,340 INFO L290 TraceCheckUtils]: 77: Hoare triple {429#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~12#1;havoc ~pubkey~0#1;havoc ~tmp___0~5#1; {429#false} is VALID [2022-02-20 17:59:52,340 INFO L272 TraceCheckUtils]: 78: Hoare triple {429#false} call #t~ret50#1 := getEmailTo(~msg#1); {428#true} is VALID [2022-02-20 17:59:52,340 INFO L290 TraceCheckUtils]: 79: Hoare triple {428#true} ~handle := #in~handle;havoc ~retValue_acc~36; {428#true} is VALID [2022-02-20 17:59:52,340 INFO L290 TraceCheckUtils]: 80: Hoare triple {428#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {428#true} is VALID [2022-02-20 17:59:52,340 INFO L290 TraceCheckUtils]: 81: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:59:52,340 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {428#true} {429#false} #1235#return; {429#false} is VALID [2022-02-20 17:59:52,341 INFO L290 TraceCheckUtils]: 83: Hoare triple {429#false} assume -2147483648 <= #t~ret50#1 && #t~ret50#1 <= 2147483647;~tmp~12#1 := #t~ret50#1;havoc #t~ret50#1;~receiver~0#1 := ~tmp~12#1; {429#false} is VALID [2022-02-20 17:59:52,341 INFO L272 TraceCheckUtils]: 84: Hoare triple {429#false} call #t~ret51#1 := findPublicKey(~client#1, ~receiver~0#1); {428#true} is VALID [2022-02-20 17:59:52,341 INFO L290 TraceCheckUtils]: 85: Hoare triple {428#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~16; {428#true} is VALID [2022-02-20 17:59:52,341 INFO L290 TraceCheckUtils]: 86: Hoare triple {428#true} assume 1 == ~handle; {428#true} is VALID [2022-02-20 17:59:52,341 INFO L290 TraceCheckUtils]: 87: Hoare triple {428#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~16 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~16; {428#true} is VALID [2022-02-20 17:59:52,342 INFO L290 TraceCheckUtils]: 88: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:59:52,342 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {428#true} {429#false} #1237#return; {429#false} is VALID [2022-02-20 17:59:52,342 INFO L290 TraceCheckUtils]: 90: Hoare triple {429#false} assume -2147483648 <= #t~ret51#1 && #t~ret51#1 <= 2147483647;~tmp___0~5#1 := #t~ret51#1;havoc #t~ret51#1;~pubkey~0#1 := ~tmp___0~5#1; {429#false} is VALID [2022-02-20 17:59:52,342 INFO L290 TraceCheckUtils]: 91: Hoare triple {429#false} assume !(0 != ~pubkey~0#1); {429#false} is VALID [2022-02-20 17:59:52,342 INFO L290 TraceCheckUtils]: 92: Hoare triple {429#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret49#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~11#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~11#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~18#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~18#1; {429#false} is VALID [2022-02-20 17:59:52,342 INFO L290 TraceCheckUtils]: 93: Hoare triple {429#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~18#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~18#1; {429#false} is VALID [2022-02-20 17:59:52,343 INFO L290 TraceCheckUtils]: 94: Hoare triple {429#false} outgoing__wrappee__Keys_#t~ret49#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret49#1 && outgoing__wrappee__Keys_#t~ret49#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~11#1 := outgoing__wrappee__Keys_#t~ret49#1;havoc outgoing__wrappee__Keys_#t~ret49#1; {429#false} is VALID [2022-02-20 17:59:52,343 INFO L272 TraceCheckUtils]: 95: Hoare triple {429#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~11#1); {496#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:52,343 INFO L290 TraceCheckUtils]: 96: Hoare triple {496#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:59:52,343 INFO L290 TraceCheckUtils]: 97: Hoare triple {428#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {428#true} is VALID [2022-02-20 17:59:52,343 INFO L290 TraceCheckUtils]: 98: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:59:52,344 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {428#true} {429#false} #1243#return; {429#false} is VALID [2022-02-20 17:59:52,344 INFO L290 TraceCheckUtils]: 100: Hoare triple {429#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret47#1, mail_#t~ret48#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~10#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~10#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret76#1, __utac_acc__SignForward_spec__1_#t~ret77#1, __utac_acc__SignForward_spec__1_#t~ret78#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~21#1, __utac_acc__SignForward_spec__1_~tmp___0~9#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~21#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~9#1;call __utac_acc__SignForward_spec__1_#t~ret76#1 := puts(27, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret76#1 && __utac_acc__SignForward_spec__1_#t~ret76#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret76#1; {429#false} is VALID [2022-02-20 17:59:52,344 INFO L272 TraceCheckUtils]: 101: Hoare triple {429#false} call __utac_acc__SignForward_spec__1_#t~ret77#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {428#true} is VALID [2022-02-20 17:59:52,344 INFO L290 TraceCheckUtils]: 102: Hoare triple {428#true} ~handle := #in~handle;havoc ~retValue_acc~41; {428#true} is VALID [2022-02-20 17:59:52,344 INFO L290 TraceCheckUtils]: 103: Hoare triple {428#true} assume 1 == ~handle;~retValue_acc~41 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~41; {428#true} is VALID [2022-02-20 17:59:52,345 INFO L290 TraceCheckUtils]: 104: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:59:52,345 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {428#true} {429#false} #1245#return; {429#false} is VALID [2022-02-20 17:59:52,345 INFO L290 TraceCheckUtils]: 106: Hoare triple {429#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret77#1 && __utac_acc__SignForward_spec__1_#t~ret77#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~9#1 := __utac_acc__SignForward_spec__1_#t~ret77#1;havoc __utac_acc__SignForward_spec__1_#t~ret77#1; {429#false} is VALID [2022-02-20 17:59:52,345 INFO L290 TraceCheckUtils]: 107: Hoare triple {429#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~9#1; {429#false} is VALID [2022-02-20 17:59:52,345 INFO L272 TraceCheckUtils]: 108: Hoare triple {429#false} call __utac_acc__SignForward_spec__1_#t~ret78#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {428#true} is VALID [2022-02-20 17:59:52,345 INFO L290 TraceCheckUtils]: 109: Hoare triple {428#true} ~handle := #in~handle;havoc ~retValue_acc~11; {428#true} is VALID [2022-02-20 17:59:52,346 INFO L290 TraceCheckUtils]: 110: Hoare triple {428#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {428#true} is VALID [2022-02-20 17:59:52,346 INFO L290 TraceCheckUtils]: 111: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:59:52,346 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {428#true} {429#false} #1247#return; {429#false} is VALID [2022-02-20 17:59:52,346 INFO L290 TraceCheckUtils]: 113: Hoare triple {429#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret78#1 && __utac_acc__SignForward_spec__1_#t~ret78#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~21#1 := __utac_acc__SignForward_spec__1_#t~ret78#1;havoc __utac_acc__SignForward_spec__1_#t~ret78#1; {429#false} is VALID [2022-02-20 17:59:52,346 INFO L290 TraceCheckUtils]: 114: Hoare triple {429#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~21#1;assume { :begin_inline___automaton_fail } true; {429#false} is VALID [2022-02-20 17:59:52,347 INFO L290 TraceCheckUtils]: 115: Hoare triple {429#false} assume !false; {429#false} is VALID [2022-02-20 17:59:52,347 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 26 trivial. 0 not checked. [2022-02-20 17:59:52,348 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:52,348 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2068606447] [2022-02-20 17:59:52,349 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2068606447] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:59:52,349 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2128607239] [2022-02-20 17:59:52,349 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:52,349 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:52,349 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:59:52,351 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:59:52,352 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 17:59:52,622 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:52,627 INFO L263 TraceCheckSpWp]: Trace formula consists of 1152 conjuncts, 1 conjunts are in the unsatisfiable core [2022-02-20 17:59:52,715 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:52,736 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:59:52,940 INFO L290 TraceCheckUtils]: 0: Hoare triple {428#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(13, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(34, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(20, 25);call #Ultimate.allocInit(22, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {428#true} is VALID [2022-02-20 17:59:52,941 INFO L290 TraceCheckUtils]: 1: Hoare triple {428#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret15#1, main_~retValue_acc~19#1, main_~tmp~3#1;havoc main_~retValue_acc~19#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {428#true} is VALID [2022-02-20 17:59:52,941 INFO L290 TraceCheckUtils]: 2: Hoare triple {428#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {428#true} is VALID [2022-02-20 17:59:52,941 INFO L290 TraceCheckUtils]: 3: Hoare triple {428#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {428#true} is VALID [2022-02-20 17:59:52,941 INFO L290 TraceCheckUtils]: 4: Hoare triple {428#true} main_#t~ret15#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret15#1 && main_#t~ret15#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret15#1;havoc main_#t~ret15#1; {428#true} is VALID [2022-02-20 17:59:52,942 INFO L290 TraceCheckUtils]: 5: Hoare triple {428#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet12#1, setup_#t~nondet13#1, setup_#t~nondet14#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {428#true} is VALID [2022-02-20 17:59:52,942 INFO L272 TraceCheckUtils]: 6: Hoare triple {428#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {428#true} is VALID [2022-02-20 17:59:52,942 INFO L290 TraceCheckUtils]: 7: Hoare triple {428#true} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:59:52,942 INFO L290 TraceCheckUtils]: 8: Hoare triple {428#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {428#true} is VALID [2022-02-20 17:59:52,942 INFO L290 TraceCheckUtils]: 9: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:59:52,942 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {428#true} {428#true} #1279#return; {428#true} is VALID [2022-02-20 17:59:52,943 INFO L290 TraceCheckUtils]: 11: Hoare triple {428#true} assume { :end_inline_setup_bob__wrappee__Base } true; {428#true} is VALID [2022-02-20 17:59:52,943 INFO L272 TraceCheckUtils]: 12: Hoare triple {428#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {428#true} is VALID [2022-02-20 17:59:52,943 INFO L290 TraceCheckUtils]: 13: Hoare triple {428#true} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:59:52,943 INFO L290 TraceCheckUtils]: 14: Hoare triple {428#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {428#true} is VALID [2022-02-20 17:59:52,943 INFO L290 TraceCheckUtils]: 15: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:59:52,944 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {428#true} {428#true} #1281#return; {428#true} is VALID [2022-02-20 17:59:52,944 INFO L290 TraceCheckUtils]: 17: Hoare triple {428#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet12#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {428#true} is VALID [2022-02-20 17:59:52,944 INFO L272 TraceCheckUtils]: 18: Hoare triple {428#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {428#true} is VALID [2022-02-20 17:59:52,944 INFO L290 TraceCheckUtils]: 19: Hoare triple {428#true} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:59:52,944 INFO L290 TraceCheckUtils]: 20: Hoare triple {428#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {428#true} is VALID [2022-02-20 17:59:52,944 INFO L290 TraceCheckUtils]: 21: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:59:52,945 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {428#true} {428#true} #1283#return; {428#true} is VALID [2022-02-20 17:59:52,945 INFO L290 TraceCheckUtils]: 23: Hoare triple {428#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {428#true} is VALID [2022-02-20 17:59:52,945 INFO L272 TraceCheckUtils]: 24: Hoare triple {428#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {428#true} is VALID [2022-02-20 17:59:52,945 INFO L290 TraceCheckUtils]: 25: Hoare triple {428#true} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:59:52,945 INFO L290 TraceCheckUtils]: 26: Hoare triple {428#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {428#true} is VALID [2022-02-20 17:59:52,945 INFO L290 TraceCheckUtils]: 27: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:59:52,946 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {428#true} {428#true} #1285#return; {428#true} is VALID [2022-02-20 17:59:52,946 INFO L290 TraceCheckUtils]: 29: Hoare triple {428#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet13#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {428#true} is VALID [2022-02-20 17:59:52,946 INFO L272 TraceCheckUtils]: 30: Hoare triple {428#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {428#true} is VALID [2022-02-20 17:59:52,946 INFO L290 TraceCheckUtils]: 31: Hoare triple {428#true} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:59:52,946 INFO L290 TraceCheckUtils]: 32: Hoare triple {428#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {428#true} is VALID [2022-02-20 17:59:52,947 INFO L290 TraceCheckUtils]: 33: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:59:52,947 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {428#true} {428#true} #1287#return; {428#true} is VALID [2022-02-20 17:59:52,947 INFO L290 TraceCheckUtils]: 35: Hoare triple {428#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {428#true} is VALID [2022-02-20 17:59:52,947 INFO L272 TraceCheckUtils]: 36: Hoare triple {428#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {428#true} is VALID [2022-02-20 17:59:52,947 INFO L290 TraceCheckUtils]: 37: Hoare triple {428#true} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:59:52,947 INFO L290 TraceCheckUtils]: 38: Hoare triple {428#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {428#true} is VALID [2022-02-20 17:59:52,948 INFO L290 TraceCheckUtils]: 39: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:59:52,948 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {428#true} {428#true} #1289#return; {428#true} is VALID [2022-02-20 17:59:52,948 INFO L290 TraceCheckUtils]: 41: Hoare triple {428#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 8, 0;havoc setup_#t~nondet14#1; {428#true} is VALID [2022-02-20 17:59:52,948 INFO L290 TraceCheckUtils]: 42: Hoare triple {428#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_#t~nondet107#1, test_#t~nondet108#1, test_#t~nondet109#1, test_#t~nondet110#1, test_#t~nondet111#1, test_#t~nondet112#1, test_#t~nondet113#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~25#1, test_~tmp___0~10#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~25#1;havoc test_~tmp___0~10#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {428#true} is VALID [2022-02-20 17:59:52,949 INFO L290 TraceCheckUtils]: 43: Hoare triple {428#true} assume false; {429#false} is VALID [2022-02-20 17:59:52,949 INFO L290 TraceCheckUtils]: 44: Hoare triple {429#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_#t~ret10#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret7#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret7#1 && bobToRjh_#t~ret7#1 <= 2147483647;havoc bobToRjh_#t~ret7#1; {429#false} is VALID [2022-02-20 17:59:52,949 INFO L272 TraceCheckUtils]: 45: Hoare triple {429#false} call sendEmail(~bob~0, ~rjh~0); {429#false} is VALID [2022-02-20 17:59:52,949 INFO L290 TraceCheckUtils]: 46: Hoare triple {429#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {429#false} is VALID [2022-02-20 17:59:52,949 INFO L272 TraceCheckUtils]: 47: Hoare triple {429#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {429#false} is VALID [2022-02-20 17:59:52,950 INFO L290 TraceCheckUtils]: 48: Hoare triple {429#false} ~handle := #in~handle;~value := #in~value; {429#false} is VALID [2022-02-20 17:59:52,950 INFO L290 TraceCheckUtils]: 49: Hoare triple {429#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {429#false} is VALID [2022-02-20 17:59:52,950 INFO L290 TraceCheckUtils]: 50: Hoare triple {429#false} assume true; {429#false} is VALID [2022-02-20 17:59:52,950 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {429#false} {429#false} #1221#return; {429#false} is VALID [2022-02-20 17:59:52,950 INFO L272 TraceCheckUtils]: 52: Hoare triple {429#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {429#false} is VALID [2022-02-20 17:59:52,950 INFO L290 TraceCheckUtils]: 53: Hoare triple {429#false} ~handle := #in~handle;~value := #in~value; {429#false} is VALID [2022-02-20 17:59:52,951 INFO L290 TraceCheckUtils]: 54: Hoare triple {429#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {429#false} is VALID [2022-02-20 17:59:52,951 INFO L290 TraceCheckUtils]: 55: Hoare triple {429#false} assume true; {429#false} is VALID [2022-02-20 17:59:52,951 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {429#false} {429#false} #1223#return; {429#false} is VALID [2022-02-20 17:59:52,951 INFO L290 TraceCheckUtils]: 57: Hoare triple {429#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {429#false} is VALID [2022-02-20 17:59:52,951 INFO L290 TraceCheckUtils]: 58: Hoare triple {429#false} #t~ret65#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret65#1 && #t~ret65#1 <= 2147483647;~tmp~17#1 := #t~ret65#1;havoc #t~ret65#1;~email~0#1 := ~tmp~17#1; {429#false} is VALID [2022-02-20 17:59:52,951 INFO L272 TraceCheckUtils]: 59: Hoare triple {429#false} call outgoing(~sender#1, ~email~0#1); {429#false} is VALID [2022-02-20 17:59:52,952 INFO L290 TraceCheckUtils]: 60: Hoare triple {429#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret69#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~19#1; {429#false} is VALID [2022-02-20 17:59:52,952 INFO L272 TraceCheckUtils]: 61: Hoare triple {429#false} call sign_#t~ret69#1 := getClientPrivateKey(sign_~client#1); {429#false} is VALID [2022-02-20 17:59:52,952 INFO L290 TraceCheckUtils]: 62: Hoare triple {429#false} ~handle := #in~handle;havoc ~retValue_acc~11; {429#false} is VALID [2022-02-20 17:59:52,952 INFO L290 TraceCheckUtils]: 63: Hoare triple {429#false} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {429#false} is VALID [2022-02-20 17:59:52,952 INFO L290 TraceCheckUtils]: 64: Hoare triple {429#false} assume true; {429#false} is VALID [2022-02-20 17:59:52,953 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {429#false} {429#false} #1201#return; {429#false} is VALID [2022-02-20 17:59:52,953 INFO L290 TraceCheckUtils]: 66: Hoare triple {429#false} assume -2147483648 <= sign_#t~ret69#1 && sign_#t~ret69#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret69#1;havoc sign_#t~ret69#1;sign_~privkey~1#1 := sign_~tmp~19#1; {429#false} is VALID [2022-02-20 17:59:52,953 INFO L290 TraceCheckUtils]: 67: Hoare triple {429#false} assume 0 == sign_~privkey~1#1; {429#false} is VALID [2022-02-20 17:59:52,953 INFO L290 TraceCheckUtils]: 68: Hoare triple {429#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret52#1, outgoing__wrappee__AddressBook_#t~ret53#1, outgoing__wrappee__AddressBook_#t~ret54#1, outgoing__wrappee__AddressBook_#t~ret55#1, outgoing__wrappee__AddressBook_#t~ret56#1, outgoing__wrappee__AddressBook_#t~ret57#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~13#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~6#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~13#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~6#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {429#false} is VALID [2022-02-20 17:59:52,953 INFO L272 TraceCheckUtils]: 69: Hoare triple {429#false} call outgoing__wrappee__AddressBook_#t~ret52#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {429#false} is VALID [2022-02-20 17:59:52,954 INFO L290 TraceCheckUtils]: 70: Hoare triple {429#false} ~handle := #in~handle;havoc ~retValue_acc~5; {429#false} is VALID [2022-02-20 17:59:52,954 INFO L290 TraceCheckUtils]: 71: Hoare triple {429#false} assume 1 == ~handle;~retValue_acc~5 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~5; {429#false} is VALID [2022-02-20 17:59:52,954 INFO L290 TraceCheckUtils]: 72: Hoare triple {429#false} assume true; {429#false} is VALID [2022-02-20 17:59:52,954 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {429#false} {429#false} #1203#return; {429#false} is VALID [2022-02-20 17:59:52,954 INFO L290 TraceCheckUtils]: 74: Hoare triple {429#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret52#1 && outgoing__wrappee__AddressBook_#t~ret52#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~13#1 := outgoing__wrappee__AddressBook_#t~ret52#1;havoc outgoing__wrappee__AddressBook_#t~ret52#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~13#1; {429#false} is VALID [2022-02-20 17:59:52,954 INFO L290 TraceCheckUtils]: 75: Hoare triple {429#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {429#false} is VALID [2022-02-20 17:59:52,955 INFO L272 TraceCheckUtils]: 76: Hoare triple {429#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {429#false} is VALID [2022-02-20 17:59:52,955 INFO L290 TraceCheckUtils]: 77: Hoare triple {429#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~12#1;havoc ~pubkey~0#1;havoc ~tmp___0~5#1; {429#false} is VALID [2022-02-20 17:59:52,955 INFO L272 TraceCheckUtils]: 78: Hoare triple {429#false} call #t~ret50#1 := getEmailTo(~msg#1); {429#false} is VALID [2022-02-20 17:59:52,955 INFO L290 TraceCheckUtils]: 79: Hoare triple {429#false} ~handle := #in~handle;havoc ~retValue_acc~36; {429#false} is VALID [2022-02-20 17:59:52,955 INFO L290 TraceCheckUtils]: 80: Hoare triple {429#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {429#false} is VALID [2022-02-20 17:59:52,956 INFO L290 TraceCheckUtils]: 81: Hoare triple {429#false} assume true; {429#false} is VALID [2022-02-20 17:59:52,956 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {429#false} {429#false} #1235#return; {429#false} is VALID [2022-02-20 17:59:52,956 INFO L290 TraceCheckUtils]: 83: Hoare triple {429#false} assume -2147483648 <= #t~ret50#1 && #t~ret50#1 <= 2147483647;~tmp~12#1 := #t~ret50#1;havoc #t~ret50#1;~receiver~0#1 := ~tmp~12#1; {429#false} is VALID [2022-02-20 17:59:52,956 INFO L272 TraceCheckUtils]: 84: Hoare triple {429#false} call #t~ret51#1 := findPublicKey(~client#1, ~receiver~0#1); {429#false} is VALID [2022-02-20 17:59:52,956 INFO L290 TraceCheckUtils]: 85: Hoare triple {429#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~16; {429#false} is VALID [2022-02-20 17:59:52,956 INFO L290 TraceCheckUtils]: 86: Hoare triple {429#false} assume 1 == ~handle; {429#false} is VALID [2022-02-20 17:59:52,957 INFO L290 TraceCheckUtils]: 87: Hoare triple {429#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~16 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~16; {429#false} is VALID [2022-02-20 17:59:52,957 INFO L290 TraceCheckUtils]: 88: Hoare triple {429#false} assume true; {429#false} is VALID [2022-02-20 17:59:52,957 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {429#false} {429#false} #1237#return; {429#false} is VALID [2022-02-20 17:59:52,957 INFO L290 TraceCheckUtils]: 90: Hoare triple {429#false} assume -2147483648 <= #t~ret51#1 && #t~ret51#1 <= 2147483647;~tmp___0~5#1 := #t~ret51#1;havoc #t~ret51#1;~pubkey~0#1 := ~tmp___0~5#1; {429#false} is VALID [2022-02-20 17:59:52,957 INFO L290 TraceCheckUtils]: 91: Hoare triple {429#false} assume !(0 != ~pubkey~0#1); {429#false} is VALID [2022-02-20 17:59:52,958 INFO L290 TraceCheckUtils]: 92: Hoare triple {429#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret49#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~11#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~11#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~18#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~18#1; {429#false} is VALID [2022-02-20 17:59:52,958 INFO L290 TraceCheckUtils]: 93: Hoare triple {429#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~18#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~18#1; {429#false} is VALID [2022-02-20 17:59:52,958 INFO L290 TraceCheckUtils]: 94: Hoare triple {429#false} outgoing__wrappee__Keys_#t~ret49#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret49#1 && outgoing__wrappee__Keys_#t~ret49#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~11#1 := outgoing__wrappee__Keys_#t~ret49#1;havoc outgoing__wrappee__Keys_#t~ret49#1; {429#false} is VALID [2022-02-20 17:59:52,959 INFO L272 TraceCheckUtils]: 95: Hoare triple {429#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~11#1); {429#false} is VALID [2022-02-20 17:59:52,959 INFO L290 TraceCheckUtils]: 96: Hoare triple {429#false} ~handle := #in~handle;~value := #in~value; {429#false} is VALID [2022-02-20 17:59:52,959 INFO L290 TraceCheckUtils]: 97: Hoare triple {429#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {429#false} is VALID [2022-02-20 17:59:52,959 INFO L290 TraceCheckUtils]: 98: Hoare triple {429#false} assume true; {429#false} is VALID [2022-02-20 17:59:52,959 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {429#false} {429#false} #1243#return; {429#false} is VALID [2022-02-20 17:59:52,959 INFO L290 TraceCheckUtils]: 100: Hoare triple {429#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret47#1, mail_#t~ret48#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~10#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~10#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret76#1, __utac_acc__SignForward_spec__1_#t~ret77#1, __utac_acc__SignForward_spec__1_#t~ret78#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~21#1, __utac_acc__SignForward_spec__1_~tmp___0~9#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~21#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~9#1;call __utac_acc__SignForward_spec__1_#t~ret76#1 := puts(27, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret76#1 && __utac_acc__SignForward_spec__1_#t~ret76#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret76#1; {429#false} is VALID [2022-02-20 17:59:52,960 INFO L272 TraceCheckUtils]: 101: Hoare triple {429#false} call __utac_acc__SignForward_spec__1_#t~ret77#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {429#false} is VALID [2022-02-20 17:59:52,960 INFO L290 TraceCheckUtils]: 102: Hoare triple {429#false} ~handle := #in~handle;havoc ~retValue_acc~41; {429#false} is VALID [2022-02-20 17:59:52,960 INFO L290 TraceCheckUtils]: 103: Hoare triple {429#false} assume 1 == ~handle;~retValue_acc~41 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~41; {429#false} is VALID [2022-02-20 17:59:52,960 INFO L290 TraceCheckUtils]: 104: Hoare triple {429#false} assume true; {429#false} is VALID [2022-02-20 17:59:52,960 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {429#false} {429#false} #1245#return; {429#false} is VALID [2022-02-20 17:59:52,961 INFO L290 TraceCheckUtils]: 106: Hoare triple {429#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret77#1 && __utac_acc__SignForward_spec__1_#t~ret77#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~9#1 := __utac_acc__SignForward_spec__1_#t~ret77#1;havoc __utac_acc__SignForward_spec__1_#t~ret77#1; {429#false} is VALID [2022-02-20 17:59:52,961 INFO L290 TraceCheckUtils]: 107: Hoare triple {429#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~9#1; {429#false} is VALID [2022-02-20 17:59:52,961 INFO L272 TraceCheckUtils]: 108: Hoare triple {429#false} call __utac_acc__SignForward_spec__1_#t~ret78#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {429#false} is VALID [2022-02-20 17:59:52,961 INFO L290 TraceCheckUtils]: 109: Hoare triple {429#false} ~handle := #in~handle;havoc ~retValue_acc~11; {429#false} is VALID [2022-02-20 17:59:52,961 INFO L290 TraceCheckUtils]: 110: Hoare triple {429#false} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {429#false} is VALID [2022-02-20 17:59:52,961 INFO L290 TraceCheckUtils]: 111: Hoare triple {429#false} assume true; {429#false} is VALID [2022-02-20 17:59:52,962 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {429#false} {429#false} #1247#return; {429#false} is VALID [2022-02-20 17:59:52,962 INFO L290 TraceCheckUtils]: 113: Hoare triple {429#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret78#1 && __utac_acc__SignForward_spec__1_#t~ret78#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~21#1 := __utac_acc__SignForward_spec__1_#t~ret78#1;havoc __utac_acc__SignForward_spec__1_#t~ret78#1; {429#false} is VALID [2022-02-20 17:59:52,962 INFO L290 TraceCheckUtils]: 114: Hoare triple {429#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~21#1;assume { :begin_inline___automaton_fail } true; {429#false} is VALID [2022-02-20 17:59:52,962 INFO L290 TraceCheckUtils]: 115: Hoare triple {429#false} assume !false; {429#false} is VALID [2022-02-20 17:59:52,963 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 32 trivial. 0 not checked. [2022-02-20 17:59:52,975 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:59:52,976 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [2128607239] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:52,976 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:59:52,976 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [9] total 9 [2022-02-20 17:59:52,978 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [322149023] [2022-02-20 17:59:52,978 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:52,982 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 32.5) internal successors, (65), 2 states have internal predecessors, (65), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (15), 2 states have call predecessors, (15), 2 states have call successors, (15) Word has length 116 [2022-02-20 17:59:52,983 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:53,000 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 32.5) internal successors, (65), 2 states have internal predecessors, (65), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (15), 2 states have call predecessors, (15), 2 states have call successors, (15) [2022-02-20 17:59:53,058 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 98 edges. 98 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:53,058 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 17:59:53,059 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:53,077 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 17:59:53,078 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:59:53,086 INFO L87 Difference]: Start difference. First operand has 425 states, 330 states have (on average 1.5515151515151515) internal successors, (512), 335 states have internal predecessors, (512), 65 states have call successors, (65), 28 states have call predecessors, (65), 28 states have return successors, (65), 64 states have call predecessors, (65), 65 states have call successors, (65) Second operand has 2 states, 2 states have (on average 32.5) internal successors, (65), 2 states have internal predecessors, (65), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (15), 2 states have call predecessors, (15), 2 states have call successors, (15) [2022-02-20 17:59:53,514 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:53,515 INFO L93 Difference]: Finished difference Result 657 states and 974 transitions. [2022-02-20 17:59:53,515 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 17:59:53,515 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 32.5) internal successors, (65), 2 states have internal predecessors, (65), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (15), 2 states have call predecessors, (15), 2 states have call successors, (15) Word has length 116 [2022-02-20 17:59:53,516 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:53,517 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 32.5) internal successors, (65), 2 states have internal predecessors, (65), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (15), 2 states have call predecessors, (15), 2 states have call successors, (15) [2022-02-20 17:59:53,534 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 974 transitions. [2022-02-20 17:59:53,535 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 32.5) internal successors, (65), 2 states have internal predecessors, (65), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (15), 2 states have call predecessors, (15), 2 states have call successors, (15) [2022-02-20 17:59:53,546 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 974 transitions. [2022-02-20 17:59:53,546 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 974 transitions. [2022-02-20 17:59:54,242 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 974 edges. 974 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:54,270 INFO L225 Difference]: With dead ends: 657 [2022-02-20 17:59:54,271 INFO L226 Difference]: Without dead ends: 418 [2022-02-20 17:59:54,275 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 149 GetRequests, 142 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:59:54,277 INFO L933 BasicCegarLoop]: 638 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 638 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:54,278 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 638 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:59:54,291 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 418 states. [2022-02-20 17:59:54,342 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 418 to 418. [2022-02-20 17:59:54,343 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:54,350 INFO L82 GeneralOperation]: Start isEquivalent. First operand 418 states. Second operand has 418 states, 324 states have (on average 1.5462962962962963) internal successors, (501), 328 states have internal predecessors, (501), 65 states have call successors, (65), 28 states have call predecessors, (65), 28 states have return successors, (64), 63 states have call predecessors, (64), 64 states have call successors, (64) [2022-02-20 17:59:54,352 INFO L74 IsIncluded]: Start isIncluded. First operand 418 states. Second operand has 418 states, 324 states have (on average 1.5462962962962963) internal successors, (501), 328 states have internal predecessors, (501), 65 states have call successors, (65), 28 states have call predecessors, (65), 28 states have return successors, (64), 63 states have call predecessors, (64), 64 states have call successors, (64) [2022-02-20 17:59:54,355 INFO L87 Difference]: Start difference. First operand 418 states. Second operand has 418 states, 324 states have (on average 1.5462962962962963) internal successors, (501), 328 states have internal predecessors, (501), 65 states have call successors, (65), 28 states have call predecessors, (65), 28 states have return successors, (64), 63 states have call predecessors, (64), 64 states have call successors, (64) [2022-02-20 17:59:54,380 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:54,380 INFO L93 Difference]: Finished difference Result 418 states and 630 transitions. [2022-02-20 17:59:54,380 INFO L276 IsEmpty]: Start isEmpty. Operand 418 states and 630 transitions. [2022-02-20 17:59:54,385 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:54,385 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:54,387 INFO L74 IsIncluded]: Start isIncluded. First operand has 418 states, 324 states have (on average 1.5462962962962963) internal successors, (501), 328 states have internal predecessors, (501), 65 states have call successors, (65), 28 states have call predecessors, (65), 28 states have return successors, (64), 63 states have call predecessors, (64), 64 states have call successors, (64) Second operand 418 states. [2022-02-20 17:59:54,388 INFO L87 Difference]: Start difference. First operand has 418 states, 324 states have (on average 1.5462962962962963) internal successors, (501), 328 states have internal predecessors, (501), 65 states have call successors, (65), 28 states have call predecessors, (65), 28 states have return successors, (64), 63 states have call predecessors, (64), 64 states have call successors, (64) Second operand 418 states. [2022-02-20 17:59:54,410 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:54,410 INFO L93 Difference]: Finished difference Result 418 states and 630 transitions. [2022-02-20 17:59:54,410 INFO L276 IsEmpty]: Start isEmpty. Operand 418 states and 630 transitions. [2022-02-20 17:59:54,412 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:54,412 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:54,412 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:54,412 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:54,414 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 418 states, 324 states have (on average 1.5462962962962963) internal successors, (501), 328 states have internal predecessors, (501), 65 states have call successors, (65), 28 states have call predecessors, (65), 28 states have return successors, (64), 63 states have call predecessors, (64), 64 states have call successors, (64) [2022-02-20 17:59:54,436 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 418 states to 418 states and 630 transitions. [2022-02-20 17:59:54,438 INFO L78 Accepts]: Start accepts. Automaton has 418 states and 630 transitions. Word has length 116 [2022-02-20 17:59:54,439 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:54,440 INFO L470 AbstractCegarLoop]: Abstraction has 418 states and 630 transitions. [2022-02-20 17:59:54,440 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 32.5) internal successors, (65), 2 states have internal predecessors, (65), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (15), 2 states have call predecessors, (15), 2 states have call successors, (15) [2022-02-20 17:59:54,440 INFO L276 IsEmpty]: Start isEmpty. Operand 418 states and 630 transitions. [2022-02-20 17:59:54,446 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 118 [2022-02-20 17:59:54,446 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:54,446 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:54,467 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-02-20 17:59:54,659 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable0 [2022-02-20 17:59:54,659 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:54,660 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:54,660 INFO L85 PathProgramCache]: Analyzing trace with hash -825151926, now seen corresponding path program 1 times [2022-02-20 17:59:54,660 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:54,660 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1576813677] [2022-02-20 17:59:54,660 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:54,660 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:54,709 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:54,753 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:59:54,755 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:54,757 INFO L290 TraceCheckUtils]: 0: Hoare triple {3213#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3149#true} is VALID [2022-02-20 17:59:54,757 INFO L290 TraceCheckUtils]: 1: Hoare triple {3149#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3149#true} is VALID [2022-02-20 17:59:54,758 INFO L290 TraceCheckUtils]: 2: Hoare triple {3149#true} assume true; {3149#true} is VALID [2022-02-20 17:59:54,758 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3149#true} {3149#true} #1279#return; {3149#true} is VALID [2022-02-20 17:59:54,763 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:59:54,764 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:54,766 INFO L290 TraceCheckUtils]: 0: Hoare triple {3214#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3149#true} is VALID [2022-02-20 17:59:54,767 INFO L290 TraceCheckUtils]: 1: Hoare triple {3149#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3149#true} is VALID [2022-02-20 17:59:54,767 INFO L290 TraceCheckUtils]: 2: Hoare triple {3149#true} assume true; {3149#true} is VALID [2022-02-20 17:59:54,767 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3149#true} {3149#true} #1281#return; {3149#true} is VALID [2022-02-20 17:59:54,767 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:54,769 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:54,781 INFO L290 TraceCheckUtils]: 0: Hoare triple {3213#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3215#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:54,781 INFO L290 TraceCheckUtils]: 1: Hoare triple {3215#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3216#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:54,781 INFO L290 TraceCheckUtils]: 2: Hoare triple {3216#(= |setClientId_#in~handle| 1)} assume true; {3216#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:54,782 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3216#(= |setClientId_#in~handle| 1)} {3159#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1283#return; {3150#false} is VALID [2022-02-20 17:59:54,782 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:59:54,784 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:54,786 INFO L290 TraceCheckUtils]: 0: Hoare triple {3214#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3149#true} is VALID [2022-02-20 17:59:54,786 INFO L290 TraceCheckUtils]: 1: Hoare triple {3149#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3149#true} is VALID [2022-02-20 17:59:54,787 INFO L290 TraceCheckUtils]: 2: Hoare triple {3149#true} assume true; {3149#true} is VALID [2022-02-20 17:59:54,787 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3149#true} {3150#false} #1285#return; {3150#false} is VALID [2022-02-20 17:59:54,787 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:59:54,789 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:54,791 INFO L290 TraceCheckUtils]: 0: Hoare triple {3213#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3149#true} is VALID [2022-02-20 17:59:54,792 INFO L290 TraceCheckUtils]: 1: Hoare triple {3149#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3149#true} is VALID [2022-02-20 17:59:54,792 INFO L290 TraceCheckUtils]: 2: Hoare triple {3149#true} assume true; {3149#true} is VALID [2022-02-20 17:59:54,792 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3149#true} {3150#false} #1287#return; {3150#false} is VALID [2022-02-20 17:59:54,792 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:59:54,794 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:54,796 INFO L290 TraceCheckUtils]: 0: Hoare triple {3214#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3149#true} is VALID [2022-02-20 17:59:54,796 INFO L290 TraceCheckUtils]: 1: Hoare triple {3149#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3149#true} is VALID [2022-02-20 17:59:54,797 INFO L290 TraceCheckUtils]: 2: Hoare triple {3149#true} assume true; {3149#true} is VALID [2022-02-20 17:59:54,797 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3149#true} {3150#false} #1289#return; {3150#false} is VALID [2022-02-20 17:59:54,820 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-02-20 17:59:54,821 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:54,827 INFO L290 TraceCheckUtils]: 0: Hoare triple {3217#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3149#true} is VALID [2022-02-20 17:59:54,827 INFO L290 TraceCheckUtils]: 1: Hoare triple {3149#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3149#true} is VALID [2022-02-20 17:59:54,827 INFO L290 TraceCheckUtils]: 2: Hoare triple {3149#true} assume true; {3149#true} is VALID [2022-02-20 17:59:54,827 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3149#true} {3150#false} #1221#return; {3150#false} is VALID [2022-02-20 17:59:54,840 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 53 [2022-02-20 17:59:54,841 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:54,843 INFO L290 TraceCheckUtils]: 0: Hoare triple {3218#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {3149#true} is VALID [2022-02-20 17:59:54,843 INFO L290 TraceCheckUtils]: 1: Hoare triple {3149#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {3149#true} is VALID [2022-02-20 17:59:54,843 INFO L290 TraceCheckUtils]: 2: Hoare triple {3149#true} assume true; {3149#true} is VALID [2022-02-20 17:59:54,843 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3149#true} {3150#false} #1223#return; {3150#false} is VALID [2022-02-20 17:59:54,844 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 17:59:54,845 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:54,847 INFO L290 TraceCheckUtils]: 0: Hoare triple {3149#true} ~handle := #in~handle;havoc ~retValue_acc~11; {3149#true} is VALID [2022-02-20 17:59:54,847 INFO L290 TraceCheckUtils]: 1: Hoare triple {3149#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {3149#true} is VALID [2022-02-20 17:59:54,847 INFO L290 TraceCheckUtils]: 2: Hoare triple {3149#true} assume true; {3149#true} is VALID [2022-02-20 17:59:54,847 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3149#true} {3150#false} #1201#return; {3150#false} is VALID [2022-02-20 17:59:54,848 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-02-20 17:59:54,849 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:54,850 INFO L290 TraceCheckUtils]: 0: Hoare triple {3149#true} ~handle := #in~handle;havoc ~retValue_acc~5; {3149#true} is VALID [2022-02-20 17:59:54,851 INFO L290 TraceCheckUtils]: 1: Hoare triple {3149#true} assume 1 == ~handle;~retValue_acc~5 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~5; {3149#true} is VALID [2022-02-20 17:59:54,851 INFO L290 TraceCheckUtils]: 2: Hoare triple {3149#true} assume true; {3149#true} is VALID [2022-02-20 17:59:54,851 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3149#true} {3150#false} #1203#return; {3150#false} is VALID [2022-02-20 17:59:54,851 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 17:59:54,852 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:54,854 INFO L290 TraceCheckUtils]: 0: Hoare triple {3149#true} ~handle := #in~handle;havoc ~retValue_acc~36; {3149#true} is VALID [2022-02-20 17:59:54,854 INFO L290 TraceCheckUtils]: 1: Hoare triple {3149#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {3149#true} is VALID [2022-02-20 17:59:54,854 INFO L290 TraceCheckUtils]: 2: Hoare triple {3149#true} assume true; {3149#true} is VALID [2022-02-20 17:59:54,855 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3149#true} {3150#false} #1235#return; {3150#false} is VALID [2022-02-20 17:59:54,855 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 17:59:54,856 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:54,858 INFO L290 TraceCheckUtils]: 0: Hoare triple {3149#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~16; {3149#true} is VALID [2022-02-20 17:59:54,858 INFO L290 TraceCheckUtils]: 1: Hoare triple {3149#true} assume 1 == ~handle; {3149#true} is VALID [2022-02-20 17:59:54,858 INFO L290 TraceCheckUtils]: 2: Hoare triple {3149#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~16 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~16; {3149#true} is VALID [2022-02-20 17:59:54,858 INFO L290 TraceCheckUtils]: 3: Hoare triple {3149#true} assume true; {3149#true} is VALID [2022-02-20 17:59:54,859 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {3149#true} {3150#false} #1237#return; {3150#false} is VALID [2022-02-20 17:59:54,859 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 17:59:54,860 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:54,862 INFO L290 TraceCheckUtils]: 0: Hoare triple {3217#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3149#true} is VALID [2022-02-20 17:59:54,862 INFO L290 TraceCheckUtils]: 1: Hoare triple {3149#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3149#true} is VALID [2022-02-20 17:59:54,862 INFO L290 TraceCheckUtils]: 2: Hoare triple {3149#true} assume true; {3149#true} is VALID [2022-02-20 17:59:54,862 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3149#true} {3150#false} #1243#return; {3150#false} is VALID [2022-02-20 17:59:54,862 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 17:59:54,863 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:54,865 INFO L290 TraceCheckUtils]: 0: Hoare triple {3149#true} ~handle := #in~handle;havoc ~retValue_acc~41; {3149#true} is VALID [2022-02-20 17:59:54,866 INFO L290 TraceCheckUtils]: 1: Hoare triple {3149#true} assume 1 == ~handle;~retValue_acc~41 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~41; {3149#true} is VALID [2022-02-20 17:59:54,866 INFO L290 TraceCheckUtils]: 2: Hoare triple {3149#true} assume true; {3149#true} is VALID [2022-02-20 17:59:54,866 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3149#true} {3150#false} #1245#return; {3150#false} is VALID [2022-02-20 17:59:54,866 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 109 [2022-02-20 17:59:54,867 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:54,869 INFO L290 TraceCheckUtils]: 0: Hoare triple {3149#true} ~handle := #in~handle;havoc ~retValue_acc~11; {3149#true} is VALID [2022-02-20 17:59:54,869 INFO L290 TraceCheckUtils]: 1: Hoare triple {3149#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {3149#true} is VALID [2022-02-20 17:59:54,869 INFO L290 TraceCheckUtils]: 2: Hoare triple {3149#true} assume true; {3149#true} is VALID [2022-02-20 17:59:54,870 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3149#true} {3150#false} #1247#return; {3150#false} is VALID [2022-02-20 17:59:54,870 INFO L290 TraceCheckUtils]: 0: Hoare triple {3149#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(13, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(34, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(20, 25);call #Ultimate.allocInit(22, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {3149#true} is VALID [2022-02-20 17:59:54,870 INFO L290 TraceCheckUtils]: 1: Hoare triple {3149#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret15#1, main_~retValue_acc~19#1, main_~tmp~3#1;havoc main_~retValue_acc~19#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {3149#true} is VALID [2022-02-20 17:59:54,870 INFO L290 TraceCheckUtils]: 2: Hoare triple {3149#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {3149#true} is VALID [2022-02-20 17:59:54,870 INFO L290 TraceCheckUtils]: 3: Hoare triple {3149#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {3149#true} is VALID [2022-02-20 17:59:54,870 INFO L290 TraceCheckUtils]: 4: Hoare triple {3149#true} main_#t~ret15#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret15#1 && main_#t~ret15#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret15#1;havoc main_#t~ret15#1; {3149#true} is VALID [2022-02-20 17:59:54,871 INFO L290 TraceCheckUtils]: 5: Hoare triple {3149#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet12#1, setup_#t~nondet13#1, setup_#t~nondet14#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {3149#true} is VALID [2022-02-20 17:59:54,871 INFO L272 TraceCheckUtils]: 6: Hoare triple {3149#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {3213#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:54,872 INFO L290 TraceCheckUtils]: 7: Hoare triple {3213#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3149#true} is VALID [2022-02-20 17:59:54,872 INFO L290 TraceCheckUtils]: 8: Hoare triple {3149#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3149#true} is VALID [2022-02-20 17:59:54,872 INFO L290 TraceCheckUtils]: 9: Hoare triple {3149#true} assume true; {3149#true} is VALID [2022-02-20 17:59:54,872 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {3149#true} {3149#true} #1279#return; {3149#true} is VALID [2022-02-20 17:59:54,872 INFO L290 TraceCheckUtils]: 11: Hoare triple {3149#true} assume { :end_inline_setup_bob__wrappee__Base } true; {3149#true} is VALID [2022-02-20 17:59:54,873 INFO L272 TraceCheckUtils]: 12: Hoare triple {3149#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {3214#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:54,873 INFO L290 TraceCheckUtils]: 13: Hoare triple {3214#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3149#true} is VALID [2022-02-20 17:59:54,873 INFO L290 TraceCheckUtils]: 14: Hoare triple {3149#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3149#true} is VALID [2022-02-20 17:59:54,873 INFO L290 TraceCheckUtils]: 15: Hoare triple {3149#true} assume true; {3149#true} is VALID [2022-02-20 17:59:54,873 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {3149#true} {3149#true} #1281#return; {3149#true} is VALID [2022-02-20 17:59:54,874 INFO L290 TraceCheckUtils]: 17: Hoare triple {3149#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet12#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {3159#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:59:54,875 INFO L272 TraceCheckUtils]: 18: Hoare triple {3159#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {3213#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:54,875 INFO L290 TraceCheckUtils]: 19: Hoare triple {3213#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3215#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:54,875 INFO L290 TraceCheckUtils]: 20: Hoare triple {3215#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3216#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:54,876 INFO L290 TraceCheckUtils]: 21: Hoare triple {3216#(= |setClientId_#in~handle| 1)} assume true; {3216#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:54,876 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {3216#(= |setClientId_#in~handle| 1)} {3159#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1283#return; {3150#false} is VALID [2022-02-20 17:59:54,876 INFO L290 TraceCheckUtils]: 23: Hoare triple {3150#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {3150#false} is VALID [2022-02-20 17:59:54,876 INFO L272 TraceCheckUtils]: 24: Hoare triple {3150#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {3214#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:54,877 INFO L290 TraceCheckUtils]: 25: Hoare triple {3214#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3149#true} is VALID [2022-02-20 17:59:54,877 INFO L290 TraceCheckUtils]: 26: Hoare triple {3149#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3149#true} is VALID [2022-02-20 17:59:54,877 INFO L290 TraceCheckUtils]: 27: Hoare triple {3149#true} assume true; {3149#true} is VALID [2022-02-20 17:59:54,877 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {3149#true} {3150#false} #1285#return; {3150#false} is VALID [2022-02-20 17:59:54,877 INFO L290 TraceCheckUtils]: 29: Hoare triple {3150#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet13#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {3150#false} is VALID [2022-02-20 17:59:54,877 INFO L272 TraceCheckUtils]: 30: Hoare triple {3150#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {3213#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:54,878 INFO L290 TraceCheckUtils]: 31: Hoare triple {3213#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3149#true} is VALID [2022-02-20 17:59:54,878 INFO L290 TraceCheckUtils]: 32: Hoare triple {3149#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3149#true} is VALID [2022-02-20 17:59:54,878 INFO L290 TraceCheckUtils]: 33: Hoare triple {3149#true} assume true; {3149#true} is VALID [2022-02-20 17:59:54,878 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {3149#true} {3150#false} #1287#return; {3150#false} is VALID [2022-02-20 17:59:54,878 INFO L290 TraceCheckUtils]: 35: Hoare triple {3150#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {3150#false} is VALID [2022-02-20 17:59:54,878 INFO L272 TraceCheckUtils]: 36: Hoare triple {3150#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {3214#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:54,878 INFO L290 TraceCheckUtils]: 37: Hoare triple {3214#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3149#true} is VALID [2022-02-20 17:59:54,879 INFO L290 TraceCheckUtils]: 38: Hoare triple {3149#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3149#true} is VALID [2022-02-20 17:59:54,879 INFO L290 TraceCheckUtils]: 39: Hoare triple {3149#true} assume true; {3149#true} is VALID [2022-02-20 17:59:54,879 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {3149#true} {3150#false} #1289#return; {3150#false} is VALID [2022-02-20 17:59:54,879 INFO L290 TraceCheckUtils]: 41: Hoare triple {3150#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 8, 0;havoc setup_#t~nondet14#1; {3150#false} is VALID [2022-02-20 17:59:54,879 INFO L290 TraceCheckUtils]: 42: Hoare triple {3150#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_#t~nondet107#1, test_#t~nondet108#1, test_#t~nondet109#1, test_#t~nondet110#1, test_#t~nondet111#1, test_#t~nondet112#1, test_#t~nondet113#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~25#1, test_~tmp___0~10#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~25#1;havoc test_~tmp___0~10#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {3150#false} is VALID [2022-02-20 17:59:54,879 INFO L290 TraceCheckUtils]: 43: Hoare triple {3150#false} assume !false; {3150#false} is VALID [2022-02-20 17:59:54,880 INFO L290 TraceCheckUtils]: 44: Hoare triple {3150#false} assume !(test_~splverifierCounter~0#1 < 4); {3150#false} is VALID [2022-02-20 17:59:54,880 INFO L290 TraceCheckUtils]: 45: Hoare triple {3150#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_#t~ret10#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret7#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret7#1 && bobToRjh_#t~ret7#1 <= 2147483647;havoc bobToRjh_#t~ret7#1; {3150#false} is VALID [2022-02-20 17:59:54,880 INFO L272 TraceCheckUtils]: 46: Hoare triple {3150#false} call sendEmail(~bob~0, ~rjh~0); {3150#false} is VALID [2022-02-20 17:59:54,880 INFO L290 TraceCheckUtils]: 47: Hoare triple {3150#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {3150#false} is VALID [2022-02-20 17:59:54,880 INFO L272 TraceCheckUtils]: 48: Hoare triple {3150#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {3217#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:54,880 INFO L290 TraceCheckUtils]: 49: Hoare triple {3217#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3149#true} is VALID [2022-02-20 17:59:54,880 INFO L290 TraceCheckUtils]: 50: Hoare triple {3149#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3149#true} is VALID [2022-02-20 17:59:54,881 INFO L290 TraceCheckUtils]: 51: Hoare triple {3149#true} assume true; {3149#true} is VALID [2022-02-20 17:59:54,881 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {3149#true} {3150#false} #1221#return; {3150#false} is VALID [2022-02-20 17:59:54,881 INFO L272 TraceCheckUtils]: 53: Hoare triple {3150#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {3218#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:54,881 INFO L290 TraceCheckUtils]: 54: Hoare triple {3218#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {3149#true} is VALID [2022-02-20 17:59:54,881 INFO L290 TraceCheckUtils]: 55: Hoare triple {3149#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {3149#true} is VALID [2022-02-20 17:59:54,881 INFO L290 TraceCheckUtils]: 56: Hoare triple {3149#true} assume true; {3149#true} is VALID [2022-02-20 17:59:54,882 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {3149#true} {3150#false} #1223#return; {3150#false} is VALID [2022-02-20 17:59:54,882 INFO L290 TraceCheckUtils]: 58: Hoare triple {3150#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {3150#false} is VALID [2022-02-20 17:59:54,882 INFO L290 TraceCheckUtils]: 59: Hoare triple {3150#false} #t~ret65#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret65#1 && #t~ret65#1 <= 2147483647;~tmp~17#1 := #t~ret65#1;havoc #t~ret65#1;~email~0#1 := ~tmp~17#1; {3150#false} is VALID [2022-02-20 17:59:54,882 INFO L272 TraceCheckUtils]: 60: Hoare triple {3150#false} call outgoing(~sender#1, ~email~0#1); {3150#false} is VALID [2022-02-20 17:59:54,882 INFO L290 TraceCheckUtils]: 61: Hoare triple {3150#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret69#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~19#1; {3150#false} is VALID [2022-02-20 17:59:54,882 INFO L272 TraceCheckUtils]: 62: Hoare triple {3150#false} call sign_#t~ret69#1 := getClientPrivateKey(sign_~client#1); {3149#true} is VALID [2022-02-20 17:59:54,882 INFO L290 TraceCheckUtils]: 63: Hoare triple {3149#true} ~handle := #in~handle;havoc ~retValue_acc~11; {3149#true} is VALID [2022-02-20 17:59:54,883 INFO L290 TraceCheckUtils]: 64: Hoare triple {3149#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {3149#true} is VALID [2022-02-20 17:59:54,883 INFO L290 TraceCheckUtils]: 65: Hoare triple {3149#true} assume true; {3149#true} is VALID [2022-02-20 17:59:54,883 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {3149#true} {3150#false} #1201#return; {3150#false} is VALID [2022-02-20 17:59:54,883 INFO L290 TraceCheckUtils]: 67: Hoare triple {3150#false} assume -2147483648 <= sign_#t~ret69#1 && sign_#t~ret69#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret69#1;havoc sign_#t~ret69#1;sign_~privkey~1#1 := sign_~tmp~19#1; {3150#false} is VALID [2022-02-20 17:59:54,883 INFO L290 TraceCheckUtils]: 68: Hoare triple {3150#false} assume 0 == sign_~privkey~1#1; {3150#false} is VALID [2022-02-20 17:59:54,883 INFO L290 TraceCheckUtils]: 69: Hoare triple {3150#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret52#1, outgoing__wrappee__AddressBook_#t~ret53#1, outgoing__wrappee__AddressBook_#t~ret54#1, outgoing__wrappee__AddressBook_#t~ret55#1, outgoing__wrappee__AddressBook_#t~ret56#1, outgoing__wrappee__AddressBook_#t~ret57#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~13#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~6#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~13#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~6#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {3150#false} is VALID [2022-02-20 17:59:54,883 INFO L272 TraceCheckUtils]: 70: Hoare triple {3150#false} call outgoing__wrappee__AddressBook_#t~ret52#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {3149#true} is VALID [2022-02-20 17:59:54,884 INFO L290 TraceCheckUtils]: 71: Hoare triple {3149#true} ~handle := #in~handle;havoc ~retValue_acc~5; {3149#true} is VALID [2022-02-20 17:59:54,884 INFO L290 TraceCheckUtils]: 72: Hoare triple {3149#true} assume 1 == ~handle;~retValue_acc~5 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~5; {3149#true} is VALID [2022-02-20 17:59:54,884 INFO L290 TraceCheckUtils]: 73: Hoare triple {3149#true} assume true; {3149#true} is VALID [2022-02-20 17:59:54,884 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {3149#true} {3150#false} #1203#return; {3150#false} is VALID [2022-02-20 17:59:54,884 INFO L290 TraceCheckUtils]: 75: Hoare triple {3150#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret52#1 && outgoing__wrappee__AddressBook_#t~ret52#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~13#1 := outgoing__wrappee__AddressBook_#t~ret52#1;havoc outgoing__wrappee__AddressBook_#t~ret52#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~13#1; {3150#false} is VALID [2022-02-20 17:59:54,884 INFO L290 TraceCheckUtils]: 76: Hoare triple {3150#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {3150#false} is VALID [2022-02-20 17:59:54,885 INFO L272 TraceCheckUtils]: 77: Hoare triple {3150#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {3150#false} is VALID [2022-02-20 17:59:54,885 INFO L290 TraceCheckUtils]: 78: Hoare triple {3150#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~12#1;havoc ~pubkey~0#1;havoc ~tmp___0~5#1; {3150#false} is VALID [2022-02-20 17:59:54,885 INFO L272 TraceCheckUtils]: 79: Hoare triple {3150#false} call #t~ret50#1 := getEmailTo(~msg#1); {3149#true} is VALID [2022-02-20 17:59:54,885 INFO L290 TraceCheckUtils]: 80: Hoare triple {3149#true} ~handle := #in~handle;havoc ~retValue_acc~36; {3149#true} is VALID [2022-02-20 17:59:54,885 INFO L290 TraceCheckUtils]: 81: Hoare triple {3149#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {3149#true} is VALID [2022-02-20 17:59:54,885 INFO L290 TraceCheckUtils]: 82: Hoare triple {3149#true} assume true; {3149#true} is VALID [2022-02-20 17:59:54,885 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {3149#true} {3150#false} #1235#return; {3150#false} is VALID [2022-02-20 17:59:54,886 INFO L290 TraceCheckUtils]: 84: Hoare triple {3150#false} assume -2147483648 <= #t~ret50#1 && #t~ret50#1 <= 2147483647;~tmp~12#1 := #t~ret50#1;havoc #t~ret50#1;~receiver~0#1 := ~tmp~12#1; {3150#false} is VALID [2022-02-20 17:59:54,886 INFO L272 TraceCheckUtils]: 85: Hoare triple {3150#false} call #t~ret51#1 := findPublicKey(~client#1, ~receiver~0#1); {3149#true} is VALID [2022-02-20 17:59:54,886 INFO L290 TraceCheckUtils]: 86: Hoare triple {3149#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~16; {3149#true} is VALID [2022-02-20 17:59:54,886 INFO L290 TraceCheckUtils]: 87: Hoare triple {3149#true} assume 1 == ~handle; {3149#true} is VALID [2022-02-20 17:59:54,886 INFO L290 TraceCheckUtils]: 88: Hoare triple {3149#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~16 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~16; {3149#true} is VALID [2022-02-20 17:59:54,886 INFO L290 TraceCheckUtils]: 89: Hoare triple {3149#true} assume true; {3149#true} is VALID [2022-02-20 17:59:54,886 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {3149#true} {3150#false} #1237#return; {3150#false} is VALID [2022-02-20 17:59:54,887 INFO L290 TraceCheckUtils]: 91: Hoare triple {3150#false} assume -2147483648 <= #t~ret51#1 && #t~ret51#1 <= 2147483647;~tmp___0~5#1 := #t~ret51#1;havoc #t~ret51#1;~pubkey~0#1 := ~tmp___0~5#1; {3150#false} is VALID [2022-02-20 17:59:54,887 INFO L290 TraceCheckUtils]: 92: Hoare triple {3150#false} assume !(0 != ~pubkey~0#1); {3150#false} is VALID [2022-02-20 17:59:54,887 INFO L290 TraceCheckUtils]: 93: Hoare triple {3150#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret49#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~11#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~11#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~18#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~18#1; {3150#false} is VALID [2022-02-20 17:59:54,887 INFO L290 TraceCheckUtils]: 94: Hoare triple {3150#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~18#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~18#1; {3150#false} is VALID [2022-02-20 17:59:54,887 INFO L290 TraceCheckUtils]: 95: Hoare triple {3150#false} outgoing__wrappee__Keys_#t~ret49#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret49#1 && outgoing__wrappee__Keys_#t~ret49#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~11#1 := outgoing__wrappee__Keys_#t~ret49#1;havoc outgoing__wrappee__Keys_#t~ret49#1; {3150#false} is VALID [2022-02-20 17:59:54,887 INFO L272 TraceCheckUtils]: 96: Hoare triple {3150#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~11#1); {3217#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:54,887 INFO L290 TraceCheckUtils]: 97: Hoare triple {3217#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3149#true} is VALID [2022-02-20 17:59:54,888 INFO L290 TraceCheckUtils]: 98: Hoare triple {3149#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3149#true} is VALID [2022-02-20 17:59:54,888 INFO L290 TraceCheckUtils]: 99: Hoare triple {3149#true} assume true; {3149#true} is VALID [2022-02-20 17:59:54,888 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {3149#true} {3150#false} #1243#return; {3150#false} is VALID [2022-02-20 17:59:54,888 INFO L290 TraceCheckUtils]: 101: Hoare triple {3150#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret47#1, mail_#t~ret48#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~10#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~10#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret76#1, __utac_acc__SignForward_spec__1_#t~ret77#1, __utac_acc__SignForward_spec__1_#t~ret78#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~21#1, __utac_acc__SignForward_spec__1_~tmp___0~9#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~21#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~9#1;call __utac_acc__SignForward_spec__1_#t~ret76#1 := puts(27, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret76#1 && __utac_acc__SignForward_spec__1_#t~ret76#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret76#1; {3150#false} is VALID [2022-02-20 17:59:54,888 INFO L272 TraceCheckUtils]: 102: Hoare triple {3150#false} call __utac_acc__SignForward_spec__1_#t~ret77#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {3149#true} is VALID [2022-02-20 17:59:54,888 INFO L290 TraceCheckUtils]: 103: Hoare triple {3149#true} ~handle := #in~handle;havoc ~retValue_acc~41; {3149#true} is VALID [2022-02-20 17:59:54,889 INFO L290 TraceCheckUtils]: 104: Hoare triple {3149#true} assume 1 == ~handle;~retValue_acc~41 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~41; {3149#true} is VALID [2022-02-20 17:59:54,889 INFO L290 TraceCheckUtils]: 105: Hoare triple {3149#true} assume true; {3149#true} is VALID [2022-02-20 17:59:54,889 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {3149#true} {3150#false} #1245#return; {3150#false} is VALID [2022-02-20 17:59:54,889 INFO L290 TraceCheckUtils]: 107: Hoare triple {3150#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret77#1 && __utac_acc__SignForward_spec__1_#t~ret77#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~9#1 := __utac_acc__SignForward_spec__1_#t~ret77#1;havoc __utac_acc__SignForward_spec__1_#t~ret77#1; {3150#false} is VALID [2022-02-20 17:59:54,889 INFO L290 TraceCheckUtils]: 108: Hoare triple {3150#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~9#1; {3150#false} is VALID [2022-02-20 17:59:54,889 INFO L272 TraceCheckUtils]: 109: Hoare triple {3150#false} call __utac_acc__SignForward_spec__1_#t~ret78#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {3149#true} is VALID [2022-02-20 17:59:54,889 INFO L290 TraceCheckUtils]: 110: Hoare triple {3149#true} ~handle := #in~handle;havoc ~retValue_acc~11; {3149#true} is VALID [2022-02-20 17:59:54,890 INFO L290 TraceCheckUtils]: 111: Hoare triple {3149#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {3149#true} is VALID [2022-02-20 17:59:54,890 INFO L290 TraceCheckUtils]: 112: Hoare triple {3149#true} assume true; {3149#true} is VALID [2022-02-20 17:59:54,890 INFO L284 TraceCheckUtils]: 113: Hoare quadruple {3149#true} {3150#false} #1247#return; {3150#false} is VALID [2022-02-20 17:59:54,890 INFO L290 TraceCheckUtils]: 114: Hoare triple {3150#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret78#1 && __utac_acc__SignForward_spec__1_#t~ret78#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~21#1 := __utac_acc__SignForward_spec__1_#t~ret78#1;havoc __utac_acc__SignForward_spec__1_#t~ret78#1; {3150#false} is VALID [2022-02-20 17:59:54,890 INFO L290 TraceCheckUtils]: 115: Hoare triple {3150#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~21#1;assume { :begin_inline___automaton_fail } true; {3150#false} is VALID [2022-02-20 17:59:54,890 INFO L290 TraceCheckUtils]: 116: Hoare triple {3150#false} assume !false; {3150#false} is VALID [2022-02-20 17:59:54,891 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 26 trivial. 0 not checked. [2022-02-20 17:59:54,891 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:54,891 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1576813677] [2022-02-20 17:59:54,891 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1576813677] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:59:54,891 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1284744437] [2022-02-20 17:59:54,892 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:54,892 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:54,892 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:59:54,893 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:59:54,923 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 17:59:55,110 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:55,114 INFO L263 TraceCheckSpWp]: Trace formula consists of 1153 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 17:59:55,158 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:55,160 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:59:55,401 INFO L290 TraceCheckUtils]: 0: Hoare triple {3149#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(13, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(34, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(20, 25);call #Ultimate.allocInit(22, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {3149#true} is VALID [2022-02-20 17:59:55,401 INFO L290 TraceCheckUtils]: 1: Hoare triple {3149#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret15#1, main_~retValue_acc~19#1, main_~tmp~3#1;havoc main_~retValue_acc~19#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {3149#true} is VALID [2022-02-20 17:59:55,401 INFO L290 TraceCheckUtils]: 2: Hoare triple {3149#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {3149#true} is VALID [2022-02-20 17:59:55,401 INFO L290 TraceCheckUtils]: 3: Hoare triple {3149#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {3149#true} is VALID [2022-02-20 17:59:55,401 INFO L290 TraceCheckUtils]: 4: Hoare triple {3149#true} main_#t~ret15#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret15#1 && main_#t~ret15#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret15#1;havoc main_#t~ret15#1; {3149#true} is VALID [2022-02-20 17:59:55,402 INFO L290 TraceCheckUtils]: 5: Hoare triple {3149#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet12#1, setup_#t~nondet13#1, setup_#t~nondet14#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {3149#true} is VALID [2022-02-20 17:59:55,402 INFO L272 TraceCheckUtils]: 6: Hoare triple {3149#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {3149#true} is VALID [2022-02-20 17:59:55,402 INFO L290 TraceCheckUtils]: 7: Hoare triple {3149#true} ~handle := #in~handle;~value := #in~value; {3149#true} is VALID [2022-02-20 17:59:55,402 INFO L290 TraceCheckUtils]: 8: Hoare triple {3149#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3149#true} is VALID [2022-02-20 17:59:55,402 INFO L290 TraceCheckUtils]: 9: Hoare triple {3149#true} assume true; {3149#true} is VALID [2022-02-20 17:59:55,402 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {3149#true} {3149#true} #1279#return; {3149#true} is VALID [2022-02-20 17:59:55,402 INFO L290 TraceCheckUtils]: 11: Hoare triple {3149#true} assume { :end_inline_setup_bob__wrappee__Base } true; {3149#true} is VALID [2022-02-20 17:59:55,402 INFO L272 TraceCheckUtils]: 12: Hoare triple {3149#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {3149#true} is VALID [2022-02-20 17:59:55,402 INFO L290 TraceCheckUtils]: 13: Hoare triple {3149#true} ~handle := #in~handle;~value := #in~value; {3149#true} is VALID [2022-02-20 17:59:55,402 INFO L290 TraceCheckUtils]: 14: Hoare triple {3149#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3149#true} is VALID [2022-02-20 17:59:55,402 INFO L290 TraceCheckUtils]: 15: Hoare triple {3149#true} assume true; {3149#true} is VALID [2022-02-20 17:59:55,403 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {3149#true} {3149#true} #1281#return; {3149#true} is VALID [2022-02-20 17:59:55,403 INFO L290 TraceCheckUtils]: 17: Hoare triple {3149#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet12#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {3149#true} is VALID [2022-02-20 17:59:55,403 INFO L272 TraceCheckUtils]: 18: Hoare triple {3149#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {3149#true} is VALID [2022-02-20 17:59:55,403 INFO L290 TraceCheckUtils]: 19: Hoare triple {3149#true} ~handle := #in~handle;~value := #in~value; {3149#true} is VALID [2022-02-20 17:59:55,403 INFO L290 TraceCheckUtils]: 20: Hoare triple {3149#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3149#true} is VALID [2022-02-20 17:59:55,403 INFO L290 TraceCheckUtils]: 21: Hoare triple {3149#true} assume true; {3149#true} is VALID [2022-02-20 17:59:55,403 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {3149#true} {3149#true} #1283#return; {3149#true} is VALID [2022-02-20 17:59:55,403 INFO L290 TraceCheckUtils]: 23: Hoare triple {3149#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {3149#true} is VALID [2022-02-20 17:59:55,403 INFO L272 TraceCheckUtils]: 24: Hoare triple {3149#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {3149#true} is VALID [2022-02-20 17:59:55,403 INFO L290 TraceCheckUtils]: 25: Hoare triple {3149#true} ~handle := #in~handle;~value := #in~value; {3149#true} is VALID [2022-02-20 17:59:55,403 INFO L290 TraceCheckUtils]: 26: Hoare triple {3149#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3149#true} is VALID [2022-02-20 17:59:55,403 INFO L290 TraceCheckUtils]: 27: Hoare triple {3149#true} assume true; {3149#true} is VALID [2022-02-20 17:59:55,404 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {3149#true} {3149#true} #1285#return; {3149#true} is VALID [2022-02-20 17:59:55,404 INFO L290 TraceCheckUtils]: 29: Hoare triple {3149#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet13#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {3149#true} is VALID [2022-02-20 17:59:55,415 INFO L272 TraceCheckUtils]: 30: Hoare triple {3149#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {3149#true} is VALID [2022-02-20 17:59:55,415 INFO L290 TraceCheckUtils]: 31: Hoare triple {3149#true} ~handle := #in~handle;~value := #in~value; {3149#true} is VALID [2022-02-20 17:59:55,415 INFO L290 TraceCheckUtils]: 32: Hoare triple {3149#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3149#true} is VALID [2022-02-20 17:59:55,415 INFO L290 TraceCheckUtils]: 33: Hoare triple {3149#true} assume true; {3149#true} is VALID [2022-02-20 17:59:55,416 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {3149#true} {3149#true} #1287#return; {3149#true} is VALID [2022-02-20 17:59:55,416 INFO L290 TraceCheckUtils]: 35: Hoare triple {3149#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {3149#true} is VALID [2022-02-20 17:59:55,416 INFO L272 TraceCheckUtils]: 36: Hoare triple {3149#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {3149#true} is VALID [2022-02-20 17:59:55,416 INFO L290 TraceCheckUtils]: 37: Hoare triple {3149#true} ~handle := #in~handle;~value := #in~value; {3149#true} is VALID [2022-02-20 17:59:55,416 INFO L290 TraceCheckUtils]: 38: Hoare triple {3149#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3149#true} is VALID [2022-02-20 17:59:55,416 INFO L290 TraceCheckUtils]: 39: Hoare triple {3149#true} assume true; {3149#true} is VALID [2022-02-20 17:59:55,416 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {3149#true} {3149#true} #1289#return; {3149#true} is VALID [2022-02-20 17:59:55,416 INFO L290 TraceCheckUtils]: 41: Hoare triple {3149#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 8, 0;havoc setup_#t~nondet14#1; {3149#true} is VALID [2022-02-20 17:59:55,419 INFO L290 TraceCheckUtils]: 42: Hoare triple {3149#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_#t~nondet107#1, test_#t~nondet108#1, test_#t~nondet109#1, test_#t~nondet110#1, test_#t~nondet111#1, test_#t~nondet112#1, test_#t~nondet113#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~25#1, test_~tmp___0~10#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~25#1;havoc test_~tmp___0~10#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {3348#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:59:55,420 INFO L290 TraceCheckUtils]: 43: Hoare triple {3348#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {3348#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:59:55,420 INFO L290 TraceCheckUtils]: 44: Hoare triple {3348#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {3150#false} is VALID [2022-02-20 17:59:55,420 INFO L290 TraceCheckUtils]: 45: Hoare triple {3150#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_#t~ret10#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret7#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret7#1 && bobToRjh_#t~ret7#1 <= 2147483647;havoc bobToRjh_#t~ret7#1; {3150#false} is VALID [2022-02-20 17:59:55,420 INFO L272 TraceCheckUtils]: 46: Hoare triple {3150#false} call sendEmail(~bob~0, ~rjh~0); {3150#false} is VALID [2022-02-20 17:59:55,421 INFO L290 TraceCheckUtils]: 47: Hoare triple {3150#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {3150#false} is VALID [2022-02-20 17:59:55,421 INFO L272 TraceCheckUtils]: 48: Hoare triple {3150#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {3150#false} is VALID [2022-02-20 17:59:55,421 INFO L290 TraceCheckUtils]: 49: Hoare triple {3150#false} ~handle := #in~handle;~value := #in~value; {3150#false} is VALID [2022-02-20 17:59:55,421 INFO L290 TraceCheckUtils]: 50: Hoare triple {3150#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3150#false} is VALID [2022-02-20 17:59:55,421 INFO L290 TraceCheckUtils]: 51: Hoare triple {3150#false} assume true; {3150#false} is VALID [2022-02-20 17:59:55,421 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {3150#false} {3150#false} #1221#return; {3150#false} is VALID [2022-02-20 17:59:55,421 INFO L272 TraceCheckUtils]: 53: Hoare triple {3150#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {3150#false} is VALID [2022-02-20 17:59:55,421 INFO L290 TraceCheckUtils]: 54: Hoare triple {3150#false} ~handle := #in~handle;~value := #in~value; {3150#false} is VALID [2022-02-20 17:59:55,421 INFO L290 TraceCheckUtils]: 55: Hoare triple {3150#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {3150#false} is VALID [2022-02-20 17:59:55,421 INFO L290 TraceCheckUtils]: 56: Hoare triple {3150#false} assume true; {3150#false} is VALID [2022-02-20 17:59:55,421 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {3150#false} {3150#false} #1223#return; {3150#false} is VALID [2022-02-20 17:59:55,421 INFO L290 TraceCheckUtils]: 58: Hoare triple {3150#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {3150#false} is VALID [2022-02-20 17:59:55,422 INFO L290 TraceCheckUtils]: 59: Hoare triple {3150#false} #t~ret65#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret65#1 && #t~ret65#1 <= 2147483647;~tmp~17#1 := #t~ret65#1;havoc #t~ret65#1;~email~0#1 := ~tmp~17#1; {3150#false} is VALID [2022-02-20 17:59:55,422 INFO L272 TraceCheckUtils]: 60: Hoare triple {3150#false} call outgoing(~sender#1, ~email~0#1); {3150#false} is VALID [2022-02-20 17:59:55,422 INFO L290 TraceCheckUtils]: 61: Hoare triple {3150#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret69#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~19#1; {3150#false} is VALID [2022-02-20 17:59:55,422 INFO L272 TraceCheckUtils]: 62: Hoare triple {3150#false} call sign_#t~ret69#1 := getClientPrivateKey(sign_~client#1); {3150#false} is VALID [2022-02-20 17:59:55,422 INFO L290 TraceCheckUtils]: 63: Hoare triple {3150#false} ~handle := #in~handle;havoc ~retValue_acc~11; {3150#false} is VALID [2022-02-20 17:59:55,422 INFO L290 TraceCheckUtils]: 64: Hoare triple {3150#false} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {3150#false} is VALID [2022-02-20 17:59:55,422 INFO L290 TraceCheckUtils]: 65: Hoare triple {3150#false} assume true; {3150#false} is VALID [2022-02-20 17:59:55,422 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {3150#false} {3150#false} #1201#return; {3150#false} is VALID [2022-02-20 17:59:55,422 INFO L290 TraceCheckUtils]: 67: Hoare triple {3150#false} assume -2147483648 <= sign_#t~ret69#1 && sign_#t~ret69#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret69#1;havoc sign_#t~ret69#1;sign_~privkey~1#1 := sign_~tmp~19#1; {3150#false} is VALID [2022-02-20 17:59:55,422 INFO L290 TraceCheckUtils]: 68: Hoare triple {3150#false} assume 0 == sign_~privkey~1#1; {3150#false} is VALID [2022-02-20 17:59:55,422 INFO L290 TraceCheckUtils]: 69: Hoare triple {3150#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret52#1, outgoing__wrappee__AddressBook_#t~ret53#1, outgoing__wrappee__AddressBook_#t~ret54#1, outgoing__wrappee__AddressBook_#t~ret55#1, outgoing__wrappee__AddressBook_#t~ret56#1, outgoing__wrappee__AddressBook_#t~ret57#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~13#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~6#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~13#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~6#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {3150#false} is VALID [2022-02-20 17:59:55,422 INFO L272 TraceCheckUtils]: 70: Hoare triple {3150#false} call outgoing__wrappee__AddressBook_#t~ret52#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {3150#false} is VALID [2022-02-20 17:59:55,423 INFO L290 TraceCheckUtils]: 71: Hoare triple {3150#false} ~handle := #in~handle;havoc ~retValue_acc~5; {3150#false} is VALID [2022-02-20 17:59:55,423 INFO L290 TraceCheckUtils]: 72: Hoare triple {3150#false} assume 1 == ~handle;~retValue_acc~5 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~5; {3150#false} is VALID [2022-02-20 17:59:55,423 INFO L290 TraceCheckUtils]: 73: Hoare triple {3150#false} assume true; {3150#false} is VALID [2022-02-20 17:59:55,423 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {3150#false} {3150#false} #1203#return; {3150#false} is VALID [2022-02-20 17:59:55,423 INFO L290 TraceCheckUtils]: 75: Hoare triple {3150#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret52#1 && outgoing__wrappee__AddressBook_#t~ret52#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~13#1 := outgoing__wrappee__AddressBook_#t~ret52#1;havoc outgoing__wrappee__AddressBook_#t~ret52#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~13#1; {3150#false} is VALID [2022-02-20 17:59:55,423 INFO L290 TraceCheckUtils]: 76: Hoare triple {3150#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {3150#false} is VALID [2022-02-20 17:59:55,423 INFO L272 TraceCheckUtils]: 77: Hoare triple {3150#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {3150#false} is VALID [2022-02-20 17:59:55,423 INFO L290 TraceCheckUtils]: 78: Hoare triple {3150#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~12#1;havoc ~pubkey~0#1;havoc ~tmp___0~5#1; {3150#false} is VALID [2022-02-20 17:59:55,423 INFO L272 TraceCheckUtils]: 79: Hoare triple {3150#false} call #t~ret50#1 := getEmailTo(~msg#1); {3150#false} is VALID [2022-02-20 17:59:55,423 INFO L290 TraceCheckUtils]: 80: Hoare triple {3150#false} ~handle := #in~handle;havoc ~retValue_acc~36; {3150#false} is VALID [2022-02-20 17:59:55,423 INFO L290 TraceCheckUtils]: 81: Hoare triple {3150#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {3150#false} is VALID [2022-02-20 17:59:55,423 INFO L290 TraceCheckUtils]: 82: Hoare triple {3150#false} assume true; {3150#false} is VALID [2022-02-20 17:59:55,424 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {3150#false} {3150#false} #1235#return; {3150#false} is VALID [2022-02-20 17:59:55,424 INFO L290 TraceCheckUtils]: 84: Hoare triple {3150#false} assume -2147483648 <= #t~ret50#1 && #t~ret50#1 <= 2147483647;~tmp~12#1 := #t~ret50#1;havoc #t~ret50#1;~receiver~0#1 := ~tmp~12#1; {3150#false} is VALID [2022-02-20 17:59:55,424 INFO L272 TraceCheckUtils]: 85: Hoare triple {3150#false} call #t~ret51#1 := findPublicKey(~client#1, ~receiver~0#1); {3150#false} is VALID [2022-02-20 17:59:55,424 INFO L290 TraceCheckUtils]: 86: Hoare triple {3150#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~16; {3150#false} is VALID [2022-02-20 17:59:55,424 INFO L290 TraceCheckUtils]: 87: Hoare triple {3150#false} assume 1 == ~handle; {3150#false} is VALID [2022-02-20 17:59:55,424 INFO L290 TraceCheckUtils]: 88: Hoare triple {3150#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~16 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~16; {3150#false} is VALID [2022-02-20 17:59:55,424 INFO L290 TraceCheckUtils]: 89: Hoare triple {3150#false} assume true; {3150#false} is VALID [2022-02-20 17:59:55,424 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {3150#false} {3150#false} #1237#return; {3150#false} is VALID [2022-02-20 17:59:55,424 INFO L290 TraceCheckUtils]: 91: Hoare triple {3150#false} assume -2147483648 <= #t~ret51#1 && #t~ret51#1 <= 2147483647;~tmp___0~5#1 := #t~ret51#1;havoc #t~ret51#1;~pubkey~0#1 := ~tmp___0~5#1; {3150#false} is VALID [2022-02-20 17:59:55,424 INFO L290 TraceCheckUtils]: 92: Hoare triple {3150#false} assume !(0 != ~pubkey~0#1); {3150#false} is VALID [2022-02-20 17:59:55,424 INFO L290 TraceCheckUtils]: 93: Hoare triple {3150#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret49#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~11#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~11#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~18#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~18#1; {3150#false} is VALID [2022-02-20 17:59:55,424 INFO L290 TraceCheckUtils]: 94: Hoare triple {3150#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~18#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~18#1; {3150#false} is VALID [2022-02-20 17:59:55,425 INFO L290 TraceCheckUtils]: 95: Hoare triple {3150#false} outgoing__wrappee__Keys_#t~ret49#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret49#1 && outgoing__wrappee__Keys_#t~ret49#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~11#1 := outgoing__wrappee__Keys_#t~ret49#1;havoc outgoing__wrappee__Keys_#t~ret49#1; {3150#false} is VALID [2022-02-20 17:59:55,425 INFO L272 TraceCheckUtils]: 96: Hoare triple {3150#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~11#1); {3150#false} is VALID [2022-02-20 17:59:55,425 INFO L290 TraceCheckUtils]: 97: Hoare triple {3150#false} ~handle := #in~handle;~value := #in~value; {3150#false} is VALID [2022-02-20 17:59:55,425 INFO L290 TraceCheckUtils]: 98: Hoare triple {3150#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3150#false} is VALID [2022-02-20 17:59:55,425 INFO L290 TraceCheckUtils]: 99: Hoare triple {3150#false} assume true; {3150#false} is VALID [2022-02-20 17:59:55,425 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {3150#false} {3150#false} #1243#return; {3150#false} is VALID [2022-02-20 17:59:55,425 INFO L290 TraceCheckUtils]: 101: Hoare triple {3150#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret47#1, mail_#t~ret48#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~10#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~10#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret76#1, __utac_acc__SignForward_spec__1_#t~ret77#1, __utac_acc__SignForward_spec__1_#t~ret78#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~21#1, __utac_acc__SignForward_spec__1_~tmp___0~9#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~21#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~9#1;call __utac_acc__SignForward_spec__1_#t~ret76#1 := puts(27, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret76#1 && __utac_acc__SignForward_spec__1_#t~ret76#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret76#1; {3150#false} is VALID [2022-02-20 17:59:55,425 INFO L272 TraceCheckUtils]: 102: Hoare triple {3150#false} call __utac_acc__SignForward_spec__1_#t~ret77#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {3150#false} is VALID [2022-02-20 17:59:55,425 INFO L290 TraceCheckUtils]: 103: Hoare triple {3150#false} ~handle := #in~handle;havoc ~retValue_acc~41; {3150#false} is VALID [2022-02-20 17:59:55,425 INFO L290 TraceCheckUtils]: 104: Hoare triple {3150#false} assume 1 == ~handle;~retValue_acc~41 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~41; {3150#false} is VALID [2022-02-20 17:59:55,425 INFO L290 TraceCheckUtils]: 105: Hoare triple {3150#false} assume true; {3150#false} is VALID [2022-02-20 17:59:55,425 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {3150#false} {3150#false} #1245#return; {3150#false} is VALID [2022-02-20 17:59:55,426 INFO L290 TraceCheckUtils]: 107: Hoare triple {3150#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret77#1 && __utac_acc__SignForward_spec__1_#t~ret77#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~9#1 := __utac_acc__SignForward_spec__1_#t~ret77#1;havoc __utac_acc__SignForward_spec__1_#t~ret77#1; {3150#false} is VALID [2022-02-20 17:59:55,426 INFO L290 TraceCheckUtils]: 108: Hoare triple {3150#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~9#1; {3150#false} is VALID [2022-02-20 17:59:55,426 INFO L272 TraceCheckUtils]: 109: Hoare triple {3150#false} call __utac_acc__SignForward_spec__1_#t~ret78#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {3150#false} is VALID [2022-02-20 17:59:55,426 INFO L290 TraceCheckUtils]: 110: Hoare triple {3150#false} ~handle := #in~handle;havoc ~retValue_acc~11; {3150#false} is VALID [2022-02-20 17:59:55,426 INFO L290 TraceCheckUtils]: 111: Hoare triple {3150#false} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {3150#false} is VALID [2022-02-20 17:59:55,426 INFO L290 TraceCheckUtils]: 112: Hoare triple {3150#false} assume true; {3150#false} is VALID [2022-02-20 17:59:55,426 INFO L284 TraceCheckUtils]: 113: Hoare quadruple {3150#false} {3150#false} #1247#return; {3150#false} is VALID [2022-02-20 17:59:55,426 INFO L290 TraceCheckUtils]: 114: Hoare triple {3150#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret78#1 && __utac_acc__SignForward_spec__1_#t~ret78#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~21#1 := __utac_acc__SignForward_spec__1_#t~ret78#1;havoc __utac_acc__SignForward_spec__1_#t~ret78#1; {3150#false} is VALID [2022-02-20 17:59:55,426 INFO L290 TraceCheckUtils]: 115: Hoare triple {3150#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~21#1;assume { :begin_inline___automaton_fail } true; {3150#false} is VALID [2022-02-20 17:59:55,426 INFO L290 TraceCheckUtils]: 116: Hoare triple {3150#false} assume !false; {3150#false} is VALID [2022-02-20 17:59:55,427 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 32 trivial. 0 not checked. [2022-02-20 17:59:55,427 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:59:55,427 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1284744437] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:55,427 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:59:55,427 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 17:59:55,427 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [806844467] [2022-02-20 17:59:55,427 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:55,428 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 22.0) internal successors, (66), 3 states have internal predecessors, (66), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (15), 2 states have call predecessors, (15), 2 states have call successors, (15) Word has length 117 [2022-02-20 17:59:55,428 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:55,429 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 22.0) internal successors, (66), 3 states have internal predecessors, (66), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (15), 2 states have call predecessors, (15), 2 states have call successors, (15) [2022-02-20 17:59:55,488 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 99 edges. 99 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:55,488 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 17:59:55,488 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:55,489 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 17:59:55,489 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:59:55,489 INFO L87 Difference]: Start difference. First operand 418 states and 630 transitions. Second operand has 3 states, 3 states have (on average 22.0) internal successors, (66), 3 states have internal predecessors, (66), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (15), 2 states have call predecessors, (15), 2 states have call successors, (15) [2022-02-20 17:59:55,987 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:55,988 INFO L93 Difference]: Finished difference Result 647 states and 952 transitions. [2022-02-20 17:59:55,988 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 17:59:55,988 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 22.0) internal successors, (66), 3 states have internal predecessors, (66), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (15), 2 states have call predecessors, (15), 2 states have call successors, (15) Word has length 117 [2022-02-20 17:59:55,988 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:55,989 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 22.0) internal successors, (66), 3 states have internal predecessors, (66), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (15), 2 states have call predecessors, (15), 2 states have call successors, (15) [2022-02-20 17:59:56,000 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 952 transitions. [2022-02-20 17:59:56,001 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 22.0) internal successors, (66), 3 states have internal predecessors, (66), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (15), 2 states have call predecessors, (15), 2 states have call successors, (15) [2022-02-20 17:59:56,012 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 952 transitions. [2022-02-20 17:59:56,012 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 952 transitions. [2022-02-20 17:59:56,629 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 952 edges. 952 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:56,641 INFO L225 Difference]: With dead ends: 647 [2022-02-20 17:59:56,641 INFO L226 Difference]: Without dead ends: 421 [2022-02-20 17:59:56,642 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 150 GetRequests, 142 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:59:56,643 INFO L933 BasicCegarLoop]: 628 mSDtfsCounter, 1 mSDsluCounter, 626 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 1254 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:56,643 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 1254 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:59:56,644 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 421 states. [2022-02-20 17:59:56,653 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 421 to 420. [2022-02-20 17:59:56,653 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:56,654 INFO L82 GeneralOperation]: Start isEquivalent. First operand 421 states. Second operand has 420 states, 326 states have (on average 1.5429447852760736) internal successors, (503), 330 states have internal predecessors, (503), 65 states have call successors, (65), 28 states have call predecessors, (65), 28 states have return successors, (64), 63 states have call predecessors, (64), 64 states have call successors, (64) [2022-02-20 17:59:56,655 INFO L74 IsIncluded]: Start isIncluded. First operand 421 states. Second operand has 420 states, 326 states have (on average 1.5429447852760736) internal successors, (503), 330 states have internal predecessors, (503), 65 states have call successors, (65), 28 states have call predecessors, (65), 28 states have return successors, (64), 63 states have call predecessors, (64), 64 states have call successors, (64) [2022-02-20 17:59:56,656 INFO L87 Difference]: Start difference. First operand 421 states. Second operand has 420 states, 326 states have (on average 1.5429447852760736) internal successors, (503), 330 states have internal predecessors, (503), 65 states have call successors, (65), 28 states have call predecessors, (65), 28 states have return successors, (64), 63 states have call predecessors, (64), 64 states have call successors, (64) [2022-02-20 17:59:56,673 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:56,674 INFO L93 Difference]: Finished difference Result 421 states and 633 transitions. [2022-02-20 17:59:56,674 INFO L276 IsEmpty]: Start isEmpty. Operand 421 states and 633 transitions. [2022-02-20 17:59:56,676 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:56,677 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:56,678 INFO L74 IsIncluded]: Start isIncluded. First operand has 420 states, 326 states have (on average 1.5429447852760736) internal successors, (503), 330 states have internal predecessors, (503), 65 states have call successors, (65), 28 states have call predecessors, (65), 28 states have return successors, (64), 63 states have call predecessors, (64), 64 states have call successors, (64) Second operand 421 states. [2022-02-20 17:59:56,678 INFO L87 Difference]: Start difference. First operand has 420 states, 326 states have (on average 1.5429447852760736) internal successors, (503), 330 states have internal predecessors, (503), 65 states have call successors, (65), 28 states have call predecessors, (65), 28 states have return successors, (64), 63 states have call predecessors, (64), 64 states have call successors, (64) Second operand 421 states. [2022-02-20 17:59:56,697 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:56,697 INFO L93 Difference]: Finished difference Result 421 states and 633 transitions. [2022-02-20 17:59:56,697 INFO L276 IsEmpty]: Start isEmpty. Operand 421 states and 633 transitions. [2022-02-20 17:59:56,699 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:56,699 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:56,699 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:56,699 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:56,701 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 420 states, 326 states have (on average 1.5429447852760736) internal successors, (503), 330 states have internal predecessors, (503), 65 states have call successors, (65), 28 states have call predecessors, (65), 28 states have return successors, (64), 63 states have call predecessors, (64), 64 states have call successors, (64) [2022-02-20 17:59:56,726 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 420 states to 420 states and 632 transitions. [2022-02-20 17:59:56,726 INFO L78 Accepts]: Start accepts. Automaton has 420 states and 632 transitions. Word has length 117 [2022-02-20 17:59:56,726 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:56,726 INFO L470 AbstractCegarLoop]: Abstraction has 420 states and 632 transitions. [2022-02-20 17:59:56,727 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 22.0) internal successors, (66), 3 states have internal predecessors, (66), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (15), 2 states have call predecessors, (15), 2 states have call successors, (15) [2022-02-20 17:59:56,727 INFO L276 IsEmpty]: Start isEmpty. Operand 420 states and 632 transitions. [2022-02-20 17:59:56,728 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 127 [2022-02-20 17:59:56,728 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:56,728 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:56,748 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-02-20 17:59:56,946 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable1 [2022-02-20 17:59:56,946 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:56,947 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:56,947 INFO L85 PathProgramCache]: Analyzing trace with hash -1143586185, now seen corresponding path program 1 times [2022-02-20 17:59:56,947 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:56,947 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1732494344] [2022-02-20 17:59:56,947 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:56,947 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:56,980 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:57,003 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:59:57,004 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:57,007 INFO L290 TraceCheckUtils]: 0: Hoare triple {5931#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5867#true} is VALID [2022-02-20 17:59:57,007 INFO L290 TraceCheckUtils]: 1: Hoare triple {5867#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5867#true} is VALID [2022-02-20 17:59:57,007 INFO L290 TraceCheckUtils]: 2: Hoare triple {5867#true} assume true; {5867#true} is VALID [2022-02-20 17:59:57,007 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5867#true} {5867#true} #1279#return; {5867#true} is VALID [2022-02-20 17:59:57,011 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:59:57,013 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:57,015 INFO L290 TraceCheckUtils]: 0: Hoare triple {5932#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5867#true} is VALID [2022-02-20 17:59:57,015 INFO L290 TraceCheckUtils]: 1: Hoare triple {5867#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5867#true} is VALID [2022-02-20 17:59:57,015 INFO L290 TraceCheckUtils]: 2: Hoare triple {5867#true} assume true; {5867#true} is VALID [2022-02-20 17:59:57,015 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5867#true} {5867#true} #1281#return; {5867#true} is VALID [2022-02-20 17:59:57,015 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:57,017 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:57,029 INFO L290 TraceCheckUtils]: 0: Hoare triple {5931#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5933#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:57,029 INFO L290 TraceCheckUtils]: 1: Hoare triple {5933#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5934#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:57,030 INFO L290 TraceCheckUtils]: 2: Hoare triple {5934#(= |setClientId_#in~handle| 1)} assume true; {5934#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:57,030 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5934#(= |setClientId_#in~handle| 1)} {5877#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1283#return; {5868#false} is VALID [2022-02-20 17:59:57,030 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:59:57,032 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:57,035 INFO L290 TraceCheckUtils]: 0: Hoare triple {5932#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5867#true} is VALID [2022-02-20 17:59:57,035 INFO L290 TraceCheckUtils]: 1: Hoare triple {5867#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5867#true} is VALID [2022-02-20 17:59:57,035 INFO L290 TraceCheckUtils]: 2: Hoare triple {5867#true} assume true; {5867#true} is VALID [2022-02-20 17:59:57,035 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5867#true} {5868#false} #1285#return; {5868#false} is VALID [2022-02-20 17:59:57,035 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:59:57,037 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:57,040 INFO L290 TraceCheckUtils]: 0: Hoare triple {5931#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5867#true} is VALID [2022-02-20 17:59:57,040 INFO L290 TraceCheckUtils]: 1: Hoare triple {5867#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5867#true} is VALID [2022-02-20 17:59:57,040 INFO L290 TraceCheckUtils]: 2: Hoare triple {5867#true} assume true; {5867#true} is VALID [2022-02-20 17:59:57,040 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5867#true} {5868#false} #1287#return; {5868#false} is VALID [2022-02-20 17:59:57,040 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:59:57,042 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:57,044 INFO L290 TraceCheckUtils]: 0: Hoare triple {5932#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5867#true} is VALID [2022-02-20 17:59:57,044 INFO L290 TraceCheckUtils]: 1: Hoare triple {5867#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5867#true} is VALID [2022-02-20 17:59:57,044 INFO L290 TraceCheckUtils]: 2: Hoare triple {5867#true} assume true; {5867#true} is VALID [2022-02-20 17:59:57,044 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5867#true} {5868#false} #1289#return; {5868#false} is VALID [2022-02-20 17:59:57,049 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 17:59:57,050 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:57,052 INFO L290 TraceCheckUtils]: 0: Hoare triple {5935#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5867#true} is VALID [2022-02-20 17:59:57,052 INFO L290 TraceCheckUtils]: 1: Hoare triple {5867#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5867#true} is VALID [2022-02-20 17:59:57,052 INFO L290 TraceCheckUtils]: 2: Hoare triple {5867#true} assume true; {5867#true} is VALID [2022-02-20 17:59:57,052 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5867#true} {5868#false} #1221#return; {5868#false} is VALID [2022-02-20 17:59:57,058 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 17:59:57,060 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:57,061 INFO L290 TraceCheckUtils]: 0: Hoare triple {5936#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {5867#true} is VALID [2022-02-20 17:59:57,061 INFO L290 TraceCheckUtils]: 1: Hoare triple {5867#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5867#true} is VALID [2022-02-20 17:59:57,062 INFO L290 TraceCheckUtils]: 2: Hoare triple {5867#true} assume true; {5867#true} is VALID [2022-02-20 17:59:57,062 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5867#true} {5868#false} #1223#return; {5868#false} is VALID [2022-02-20 17:59:57,062 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 71 [2022-02-20 17:59:57,062 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:57,064 INFO L290 TraceCheckUtils]: 0: Hoare triple {5867#true} ~handle := #in~handle;havoc ~retValue_acc~11; {5867#true} is VALID [2022-02-20 17:59:57,064 INFO L290 TraceCheckUtils]: 1: Hoare triple {5867#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {5867#true} is VALID [2022-02-20 17:59:57,064 INFO L290 TraceCheckUtils]: 2: Hoare triple {5867#true} assume true; {5867#true} is VALID [2022-02-20 17:59:57,064 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5867#true} {5868#false} #1201#return; {5868#false} is VALID [2022-02-20 17:59:57,064 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 17:59:57,065 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:57,068 INFO L290 TraceCheckUtils]: 0: Hoare triple {5867#true} ~handle := #in~handle;havoc ~retValue_acc~5; {5867#true} is VALID [2022-02-20 17:59:57,068 INFO L290 TraceCheckUtils]: 1: Hoare triple {5867#true} assume 1 == ~handle;~retValue_acc~5 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~5; {5867#true} is VALID [2022-02-20 17:59:57,068 INFO L290 TraceCheckUtils]: 2: Hoare triple {5867#true} assume true; {5867#true} is VALID [2022-02-20 17:59:57,068 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5867#true} {5868#false} #1203#return; {5868#false} is VALID [2022-02-20 17:59:57,068 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 17:59:57,069 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:57,072 INFO L290 TraceCheckUtils]: 0: Hoare triple {5867#true} ~handle := #in~handle;havoc ~retValue_acc~36; {5867#true} is VALID [2022-02-20 17:59:57,072 INFO L290 TraceCheckUtils]: 1: Hoare triple {5867#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {5867#true} is VALID [2022-02-20 17:59:57,072 INFO L290 TraceCheckUtils]: 2: Hoare triple {5867#true} assume true; {5867#true} is VALID [2022-02-20 17:59:57,072 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5867#true} {5868#false} #1235#return; {5868#false} is VALID [2022-02-20 17:59:57,072 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 17:59:57,073 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:57,077 INFO L290 TraceCheckUtils]: 0: Hoare triple {5867#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~16; {5867#true} is VALID [2022-02-20 17:59:57,077 INFO L290 TraceCheckUtils]: 1: Hoare triple {5867#true} assume 1 == ~handle; {5867#true} is VALID [2022-02-20 17:59:57,077 INFO L290 TraceCheckUtils]: 2: Hoare triple {5867#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~16 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~16; {5867#true} is VALID [2022-02-20 17:59:57,077 INFO L290 TraceCheckUtils]: 3: Hoare triple {5867#true} assume true; {5867#true} is VALID [2022-02-20 17:59:57,077 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {5867#true} {5868#false} #1237#return; {5868#false} is VALID [2022-02-20 17:59:57,077 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 105 [2022-02-20 17:59:57,078 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:57,080 INFO L290 TraceCheckUtils]: 0: Hoare triple {5935#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5867#true} is VALID [2022-02-20 17:59:57,080 INFO L290 TraceCheckUtils]: 1: Hoare triple {5867#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5867#true} is VALID [2022-02-20 17:59:57,080 INFO L290 TraceCheckUtils]: 2: Hoare triple {5867#true} assume true; {5867#true} is VALID [2022-02-20 17:59:57,080 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5867#true} {5868#false} #1243#return; {5868#false} is VALID [2022-02-20 17:59:57,081 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 111 [2022-02-20 17:59:57,081 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:57,083 INFO L290 TraceCheckUtils]: 0: Hoare triple {5867#true} ~handle := #in~handle;havoc ~retValue_acc~41; {5867#true} is VALID [2022-02-20 17:59:57,083 INFO L290 TraceCheckUtils]: 1: Hoare triple {5867#true} assume 1 == ~handle;~retValue_acc~41 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~41; {5867#true} is VALID [2022-02-20 17:59:57,083 INFO L290 TraceCheckUtils]: 2: Hoare triple {5867#true} assume true; {5867#true} is VALID [2022-02-20 17:59:57,083 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5867#true} {5868#false} #1245#return; {5868#false} is VALID [2022-02-20 17:59:57,083 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 118 [2022-02-20 17:59:57,084 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:57,086 INFO L290 TraceCheckUtils]: 0: Hoare triple {5867#true} ~handle := #in~handle;havoc ~retValue_acc~11; {5867#true} is VALID [2022-02-20 17:59:57,086 INFO L290 TraceCheckUtils]: 1: Hoare triple {5867#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {5867#true} is VALID [2022-02-20 17:59:57,086 INFO L290 TraceCheckUtils]: 2: Hoare triple {5867#true} assume true; {5867#true} is VALID [2022-02-20 17:59:57,086 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5867#true} {5868#false} #1247#return; {5868#false} is VALID [2022-02-20 17:59:57,086 INFO L290 TraceCheckUtils]: 0: Hoare triple {5867#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(13, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(34, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(20, 25);call #Ultimate.allocInit(22, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {5867#true} is VALID [2022-02-20 17:59:57,086 INFO L290 TraceCheckUtils]: 1: Hoare triple {5867#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret15#1, main_~retValue_acc~19#1, main_~tmp~3#1;havoc main_~retValue_acc~19#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {5867#true} is VALID [2022-02-20 17:59:57,086 INFO L290 TraceCheckUtils]: 2: Hoare triple {5867#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5867#true} is VALID [2022-02-20 17:59:57,086 INFO L290 TraceCheckUtils]: 3: Hoare triple {5867#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {5867#true} is VALID [2022-02-20 17:59:57,086 INFO L290 TraceCheckUtils]: 4: Hoare triple {5867#true} main_#t~ret15#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret15#1 && main_#t~ret15#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret15#1;havoc main_#t~ret15#1; {5867#true} is VALID [2022-02-20 17:59:57,086 INFO L290 TraceCheckUtils]: 5: Hoare triple {5867#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet12#1, setup_#t~nondet13#1, setup_#t~nondet14#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {5867#true} is VALID [2022-02-20 17:59:57,087 INFO L272 TraceCheckUtils]: 6: Hoare triple {5867#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {5931#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:57,087 INFO L290 TraceCheckUtils]: 7: Hoare triple {5931#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5867#true} is VALID [2022-02-20 17:59:57,087 INFO L290 TraceCheckUtils]: 8: Hoare triple {5867#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5867#true} is VALID [2022-02-20 17:59:57,087 INFO L290 TraceCheckUtils]: 9: Hoare triple {5867#true} assume true; {5867#true} is VALID [2022-02-20 17:59:57,087 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {5867#true} {5867#true} #1279#return; {5867#true} is VALID [2022-02-20 17:59:57,087 INFO L290 TraceCheckUtils]: 11: Hoare triple {5867#true} assume { :end_inline_setup_bob__wrappee__Base } true; {5867#true} is VALID [2022-02-20 17:59:57,088 INFO L272 TraceCheckUtils]: 12: Hoare triple {5867#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {5932#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:57,088 INFO L290 TraceCheckUtils]: 13: Hoare triple {5932#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5867#true} is VALID [2022-02-20 17:59:57,088 INFO L290 TraceCheckUtils]: 14: Hoare triple {5867#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5867#true} is VALID [2022-02-20 17:59:57,088 INFO L290 TraceCheckUtils]: 15: Hoare triple {5867#true} assume true; {5867#true} is VALID [2022-02-20 17:59:57,088 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {5867#true} {5867#true} #1281#return; {5867#true} is VALID [2022-02-20 17:59:57,088 INFO L290 TraceCheckUtils]: 17: Hoare triple {5867#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet12#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {5877#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:59:57,089 INFO L272 TraceCheckUtils]: 18: Hoare triple {5877#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {5931#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:57,089 INFO L290 TraceCheckUtils]: 19: Hoare triple {5931#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5933#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:57,090 INFO L290 TraceCheckUtils]: 20: Hoare triple {5933#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5934#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:57,090 INFO L290 TraceCheckUtils]: 21: Hoare triple {5934#(= |setClientId_#in~handle| 1)} assume true; {5934#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:57,090 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {5934#(= |setClientId_#in~handle| 1)} {5877#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1283#return; {5868#false} is VALID [2022-02-20 17:59:57,090 INFO L290 TraceCheckUtils]: 23: Hoare triple {5868#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {5868#false} is VALID [2022-02-20 17:59:57,090 INFO L272 TraceCheckUtils]: 24: Hoare triple {5868#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {5932#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:57,090 INFO L290 TraceCheckUtils]: 25: Hoare triple {5932#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5867#true} is VALID [2022-02-20 17:59:57,091 INFO L290 TraceCheckUtils]: 26: Hoare triple {5867#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5867#true} is VALID [2022-02-20 17:59:57,091 INFO L290 TraceCheckUtils]: 27: Hoare triple {5867#true} assume true; {5867#true} is VALID [2022-02-20 17:59:57,091 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {5867#true} {5868#false} #1285#return; {5868#false} is VALID [2022-02-20 17:59:57,091 INFO L290 TraceCheckUtils]: 29: Hoare triple {5868#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet13#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {5868#false} is VALID [2022-02-20 17:59:57,091 INFO L272 TraceCheckUtils]: 30: Hoare triple {5868#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {5931#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:57,091 INFO L290 TraceCheckUtils]: 31: Hoare triple {5931#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5867#true} is VALID [2022-02-20 17:59:57,091 INFO L290 TraceCheckUtils]: 32: Hoare triple {5867#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5867#true} is VALID [2022-02-20 17:59:57,091 INFO L290 TraceCheckUtils]: 33: Hoare triple {5867#true} assume true; {5867#true} is VALID [2022-02-20 17:59:57,091 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {5867#true} {5868#false} #1287#return; {5868#false} is VALID [2022-02-20 17:59:57,091 INFO L290 TraceCheckUtils]: 35: Hoare triple {5868#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {5868#false} is VALID [2022-02-20 17:59:57,091 INFO L272 TraceCheckUtils]: 36: Hoare triple {5868#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {5932#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:57,091 INFO L290 TraceCheckUtils]: 37: Hoare triple {5932#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5867#true} is VALID [2022-02-20 17:59:57,091 INFO L290 TraceCheckUtils]: 38: Hoare triple {5867#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5867#true} is VALID [2022-02-20 17:59:57,091 INFO L290 TraceCheckUtils]: 39: Hoare triple {5867#true} assume true; {5867#true} is VALID [2022-02-20 17:59:57,092 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {5867#true} {5868#false} #1289#return; {5868#false} is VALID [2022-02-20 17:59:57,092 INFO L290 TraceCheckUtils]: 41: Hoare triple {5868#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 8, 0;havoc setup_#t~nondet14#1; {5868#false} is VALID [2022-02-20 17:59:57,092 INFO L290 TraceCheckUtils]: 42: Hoare triple {5868#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_#t~nondet107#1, test_#t~nondet108#1, test_#t~nondet109#1, test_#t~nondet110#1, test_#t~nondet111#1, test_#t~nondet112#1, test_#t~nondet113#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~25#1, test_~tmp___0~10#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~25#1;havoc test_~tmp___0~10#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {5868#false} is VALID [2022-02-20 17:59:57,092 INFO L290 TraceCheckUtils]: 43: Hoare triple {5868#false} assume !false; {5868#false} is VALID [2022-02-20 17:59:57,092 INFO L290 TraceCheckUtils]: 44: Hoare triple {5868#false} assume test_~splverifierCounter~0#1 < 4; {5868#false} is VALID [2022-02-20 17:59:57,092 INFO L290 TraceCheckUtils]: 45: Hoare triple {5868#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {5868#false} is VALID [2022-02-20 17:59:57,092 INFO L290 TraceCheckUtils]: 46: Hoare triple {5868#false} assume !(0 == test_~op1~0#1); {5868#false} is VALID [2022-02-20 17:59:57,092 INFO L290 TraceCheckUtils]: 47: Hoare triple {5868#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet104#1 && test_#t~nondet104#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet104#1;havoc test_#t~nondet104#1; {5868#false} is VALID [2022-02-20 17:59:57,092 INFO L290 TraceCheckUtils]: 48: Hoare triple {5868#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {5868#false} is VALID [2022-02-20 17:59:57,092 INFO L290 TraceCheckUtils]: 49: Hoare triple {5868#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {5868#false} is VALID [2022-02-20 17:59:57,092 INFO L290 TraceCheckUtils]: 50: Hoare triple {5868#false} assume { :end_inline_setClientAutoResponse } true; {5868#false} is VALID [2022-02-20 17:59:57,092 INFO L290 TraceCheckUtils]: 51: Hoare triple {5868#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {5868#false} is VALID [2022-02-20 17:59:57,092 INFO L290 TraceCheckUtils]: 52: Hoare triple {5868#false} assume !false; {5868#false} is VALID [2022-02-20 17:59:57,093 INFO L290 TraceCheckUtils]: 53: Hoare triple {5868#false} assume !(test_~splverifierCounter~0#1 < 4); {5868#false} is VALID [2022-02-20 17:59:57,093 INFO L290 TraceCheckUtils]: 54: Hoare triple {5868#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_#t~ret10#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret7#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret7#1 && bobToRjh_#t~ret7#1 <= 2147483647;havoc bobToRjh_#t~ret7#1; {5868#false} is VALID [2022-02-20 17:59:57,093 INFO L272 TraceCheckUtils]: 55: Hoare triple {5868#false} call sendEmail(~bob~0, ~rjh~0); {5868#false} is VALID [2022-02-20 17:59:57,093 INFO L290 TraceCheckUtils]: 56: Hoare triple {5868#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {5868#false} is VALID [2022-02-20 17:59:57,093 INFO L272 TraceCheckUtils]: 57: Hoare triple {5868#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {5935#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:57,093 INFO L290 TraceCheckUtils]: 58: Hoare triple {5935#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5867#true} is VALID [2022-02-20 17:59:57,093 INFO L290 TraceCheckUtils]: 59: Hoare triple {5867#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5867#true} is VALID [2022-02-20 17:59:57,093 INFO L290 TraceCheckUtils]: 60: Hoare triple {5867#true} assume true; {5867#true} is VALID [2022-02-20 17:59:57,093 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {5867#true} {5868#false} #1221#return; {5868#false} is VALID [2022-02-20 17:59:57,093 INFO L272 TraceCheckUtils]: 62: Hoare triple {5868#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {5936#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:57,093 INFO L290 TraceCheckUtils]: 63: Hoare triple {5936#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {5867#true} is VALID [2022-02-20 17:59:57,093 INFO L290 TraceCheckUtils]: 64: Hoare triple {5867#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5867#true} is VALID [2022-02-20 17:59:57,093 INFO L290 TraceCheckUtils]: 65: Hoare triple {5867#true} assume true; {5867#true} is VALID [2022-02-20 17:59:57,093 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {5867#true} {5868#false} #1223#return; {5868#false} is VALID [2022-02-20 17:59:57,093 INFO L290 TraceCheckUtils]: 67: Hoare triple {5868#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {5868#false} is VALID [2022-02-20 17:59:57,094 INFO L290 TraceCheckUtils]: 68: Hoare triple {5868#false} #t~ret65#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret65#1 && #t~ret65#1 <= 2147483647;~tmp~17#1 := #t~ret65#1;havoc #t~ret65#1;~email~0#1 := ~tmp~17#1; {5868#false} is VALID [2022-02-20 17:59:57,094 INFO L272 TraceCheckUtils]: 69: Hoare triple {5868#false} call outgoing(~sender#1, ~email~0#1); {5868#false} is VALID [2022-02-20 17:59:57,094 INFO L290 TraceCheckUtils]: 70: Hoare triple {5868#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret69#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~19#1; {5868#false} is VALID [2022-02-20 17:59:57,094 INFO L272 TraceCheckUtils]: 71: Hoare triple {5868#false} call sign_#t~ret69#1 := getClientPrivateKey(sign_~client#1); {5867#true} is VALID [2022-02-20 17:59:57,094 INFO L290 TraceCheckUtils]: 72: Hoare triple {5867#true} ~handle := #in~handle;havoc ~retValue_acc~11; {5867#true} is VALID [2022-02-20 17:59:57,094 INFO L290 TraceCheckUtils]: 73: Hoare triple {5867#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {5867#true} is VALID [2022-02-20 17:59:57,094 INFO L290 TraceCheckUtils]: 74: Hoare triple {5867#true} assume true; {5867#true} is VALID [2022-02-20 17:59:57,094 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {5867#true} {5868#false} #1201#return; {5868#false} is VALID [2022-02-20 17:59:57,094 INFO L290 TraceCheckUtils]: 76: Hoare triple {5868#false} assume -2147483648 <= sign_#t~ret69#1 && sign_#t~ret69#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret69#1;havoc sign_#t~ret69#1;sign_~privkey~1#1 := sign_~tmp~19#1; {5868#false} is VALID [2022-02-20 17:59:57,094 INFO L290 TraceCheckUtils]: 77: Hoare triple {5868#false} assume 0 == sign_~privkey~1#1; {5868#false} is VALID [2022-02-20 17:59:57,094 INFO L290 TraceCheckUtils]: 78: Hoare triple {5868#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret52#1, outgoing__wrappee__AddressBook_#t~ret53#1, outgoing__wrappee__AddressBook_#t~ret54#1, outgoing__wrappee__AddressBook_#t~ret55#1, outgoing__wrappee__AddressBook_#t~ret56#1, outgoing__wrappee__AddressBook_#t~ret57#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~13#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~6#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~13#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~6#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {5868#false} is VALID [2022-02-20 17:59:57,094 INFO L272 TraceCheckUtils]: 79: Hoare triple {5868#false} call outgoing__wrappee__AddressBook_#t~ret52#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {5867#true} is VALID [2022-02-20 17:59:57,094 INFO L290 TraceCheckUtils]: 80: Hoare triple {5867#true} ~handle := #in~handle;havoc ~retValue_acc~5; {5867#true} is VALID [2022-02-20 17:59:57,094 INFO L290 TraceCheckUtils]: 81: Hoare triple {5867#true} assume 1 == ~handle;~retValue_acc~5 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~5; {5867#true} is VALID [2022-02-20 17:59:57,095 INFO L290 TraceCheckUtils]: 82: Hoare triple {5867#true} assume true; {5867#true} is VALID [2022-02-20 17:59:57,095 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {5867#true} {5868#false} #1203#return; {5868#false} is VALID [2022-02-20 17:59:57,095 INFO L290 TraceCheckUtils]: 84: Hoare triple {5868#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret52#1 && outgoing__wrappee__AddressBook_#t~ret52#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~13#1 := outgoing__wrappee__AddressBook_#t~ret52#1;havoc outgoing__wrappee__AddressBook_#t~ret52#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~13#1; {5868#false} is VALID [2022-02-20 17:59:57,095 INFO L290 TraceCheckUtils]: 85: Hoare triple {5868#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {5868#false} is VALID [2022-02-20 17:59:57,095 INFO L272 TraceCheckUtils]: 86: Hoare triple {5868#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {5868#false} is VALID [2022-02-20 17:59:57,095 INFO L290 TraceCheckUtils]: 87: Hoare triple {5868#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~12#1;havoc ~pubkey~0#1;havoc ~tmp___0~5#1; {5868#false} is VALID [2022-02-20 17:59:57,095 INFO L272 TraceCheckUtils]: 88: Hoare triple {5868#false} call #t~ret50#1 := getEmailTo(~msg#1); {5867#true} is VALID [2022-02-20 17:59:57,095 INFO L290 TraceCheckUtils]: 89: Hoare triple {5867#true} ~handle := #in~handle;havoc ~retValue_acc~36; {5867#true} is VALID [2022-02-20 17:59:57,095 INFO L290 TraceCheckUtils]: 90: Hoare triple {5867#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {5867#true} is VALID [2022-02-20 17:59:57,095 INFO L290 TraceCheckUtils]: 91: Hoare triple {5867#true} assume true; {5867#true} is VALID [2022-02-20 17:59:57,095 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {5867#true} {5868#false} #1235#return; {5868#false} is VALID [2022-02-20 17:59:57,095 INFO L290 TraceCheckUtils]: 93: Hoare triple {5868#false} assume -2147483648 <= #t~ret50#1 && #t~ret50#1 <= 2147483647;~tmp~12#1 := #t~ret50#1;havoc #t~ret50#1;~receiver~0#1 := ~tmp~12#1; {5868#false} is VALID [2022-02-20 17:59:57,095 INFO L272 TraceCheckUtils]: 94: Hoare triple {5868#false} call #t~ret51#1 := findPublicKey(~client#1, ~receiver~0#1); {5867#true} is VALID [2022-02-20 17:59:57,095 INFO L290 TraceCheckUtils]: 95: Hoare triple {5867#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~16; {5867#true} is VALID [2022-02-20 17:59:57,095 INFO L290 TraceCheckUtils]: 96: Hoare triple {5867#true} assume 1 == ~handle; {5867#true} is VALID [2022-02-20 17:59:57,096 INFO L290 TraceCheckUtils]: 97: Hoare triple {5867#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~16 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~16; {5867#true} is VALID [2022-02-20 17:59:57,096 INFO L290 TraceCheckUtils]: 98: Hoare triple {5867#true} assume true; {5867#true} is VALID [2022-02-20 17:59:57,096 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {5867#true} {5868#false} #1237#return; {5868#false} is VALID [2022-02-20 17:59:57,096 INFO L290 TraceCheckUtils]: 100: Hoare triple {5868#false} assume -2147483648 <= #t~ret51#1 && #t~ret51#1 <= 2147483647;~tmp___0~5#1 := #t~ret51#1;havoc #t~ret51#1;~pubkey~0#1 := ~tmp___0~5#1; {5868#false} is VALID [2022-02-20 17:59:57,096 INFO L290 TraceCheckUtils]: 101: Hoare triple {5868#false} assume !(0 != ~pubkey~0#1); {5868#false} is VALID [2022-02-20 17:59:57,096 INFO L290 TraceCheckUtils]: 102: Hoare triple {5868#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret49#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~11#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~11#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~18#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~18#1; {5868#false} is VALID [2022-02-20 17:59:57,096 INFO L290 TraceCheckUtils]: 103: Hoare triple {5868#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~18#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~18#1; {5868#false} is VALID [2022-02-20 17:59:57,096 INFO L290 TraceCheckUtils]: 104: Hoare triple {5868#false} outgoing__wrappee__Keys_#t~ret49#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret49#1 && outgoing__wrappee__Keys_#t~ret49#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~11#1 := outgoing__wrappee__Keys_#t~ret49#1;havoc outgoing__wrappee__Keys_#t~ret49#1; {5868#false} is VALID [2022-02-20 17:59:57,096 INFO L272 TraceCheckUtils]: 105: Hoare triple {5868#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~11#1); {5935#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:57,096 INFO L290 TraceCheckUtils]: 106: Hoare triple {5935#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5867#true} is VALID [2022-02-20 17:59:57,096 INFO L290 TraceCheckUtils]: 107: Hoare triple {5867#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5867#true} is VALID [2022-02-20 17:59:57,096 INFO L290 TraceCheckUtils]: 108: Hoare triple {5867#true} assume true; {5867#true} is VALID [2022-02-20 17:59:57,096 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {5867#true} {5868#false} #1243#return; {5868#false} is VALID [2022-02-20 17:59:57,096 INFO L290 TraceCheckUtils]: 110: Hoare triple {5868#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret47#1, mail_#t~ret48#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~10#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~10#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret76#1, __utac_acc__SignForward_spec__1_#t~ret77#1, __utac_acc__SignForward_spec__1_#t~ret78#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~21#1, __utac_acc__SignForward_spec__1_~tmp___0~9#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~21#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~9#1;call __utac_acc__SignForward_spec__1_#t~ret76#1 := puts(27, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret76#1 && __utac_acc__SignForward_spec__1_#t~ret76#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret76#1; {5868#false} is VALID [2022-02-20 17:59:57,097 INFO L272 TraceCheckUtils]: 111: Hoare triple {5868#false} call __utac_acc__SignForward_spec__1_#t~ret77#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {5867#true} is VALID [2022-02-20 17:59:57,097 INFO L290 TraceCheckUtils]: 112: Hoare triple {5867#true} ~handle := #in~handle;havoc ~retValue_acc~41; {5867#true} is VALID [2022-02-20 17:59:57,097 INFO L290 TraceCheckUtils]: 113: Hoare triple {5867#true} assume 1 == ~handle;~retValue_acc~41 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~41; {5867#true} is VALID [2022-02-20 17:59:57,097 INFO L290 TraceCheckUtils]: 114: Hoare triple {5867#true} assume true; {5867#true} is VALID [2022-02-20 17:59:57,097 INFO L284 TraceCheckUtils]: 115: Hoare quadruple {5867#true} {5868#false} #1245#return; {5868#false} is VALID [2022-02-20 17:59:57,097 INFO L290 TraceCheckUtils]: 116: Hoare triple {5868#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret77#1 && __utac_acc__SignForward_spec__1_#t~ret77#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~9#1 := __utac_acc__SignForward_spec__1_#t~ret77#1;havoc __utac_acc__SignForward_spec__1_#t~ret77#1; {5868#false} is VALID [2022-02-20 17:59:57,097 INFO L290 TraceCheckUtils]: 117: Hoare triple {5868#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~9#1; {5868#false} is VALID [2022-02-20 17:59:57,097 INFO L272 TraceCheckUtils]: 118: Hoare triple {5868#false} call __utac_acc__SignForward_spec__1_#t~ret78#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {5867#true} is VALID [2022-02-20 17:59:57,097 INFO L290 TraceCheckUtils]: 119: Hoare triple {5867#true} ~handle := #in~handle;havoc ~retValue_acc~11; {5867#true} is VALID [2022-02-20 17:59:57,097 INFO L290 TraceCheckUtils]: 120: Hoare triple {5867#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {5867#true} is VALID [2022-02-20 17:59:57,097 INFO L290 TraceCheckUtils]: 121: Hoare triple {5867#true} assume true; {5867#true} is VALID [2022-02-20 17:59:57,097 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {5867#true} {5868#false} #1247#return; {5868#false} is VALID [2022-02-20 17:59:57,097 INFO L290 TraceCheckUtils]: 123: Hoare triple {5868#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret78#1 && __utac_acc__SignForward_spec__1_#t~ret78#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~21#1 := __utac_acc__SignForward_spec__1_#t~ret78#1;havoc __utac_acc__SignForward_spec__1_#t~ret78#1; {5868#false} is VALID [2022-02-20 17:59:57,097 INFO L290 TraceCheckUtils]: 124: Hoare triple {5868#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~21#1;assume { :begin_inline___automaton_fail } true; {5868#false} is VALID [2022-02-20 17:59:57,097 INFO L290 TraceCheckUtils]: 125: Hoare triple {5868#false} assume !false; {5868#false} is VALID [2022-02-20 17:59:57,098 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 17:59:57,098 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:57,098 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1732494344] [2022-02-20 17:59:57,098 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1732494344] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:59:57,098 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1247091098] [2022-02-20 17:59:57,098 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:57,098 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:57,099 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:59:57,100 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:59:57,101 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-02-20 17:59:57,299 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:57,303 INFO L263 TraceCheckSpWp]: Trace formula consists of 1180 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 17:59:57,352 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:57,354 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:59:57,594 INFO L290 TraceCheckUtils]: 0: Hoare triple {5867#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(13, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(34, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(20, 25);call #Ultimate.allocInit(22, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {5867#true} is VALID [2022-02-20 17:59:57,595 INFO L290 TraceCheckUtils]: 1: Hoare triple {5867#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret15#1, main_~retValue_acc~19#1, main_~tmp~3#1;havoc main_~retValue_acc~19#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {5867#true} is VALID [2022-02-20 17:59:57,595 INFO L290 TraceCheckUtils]: 2: Hoare triple {5867#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5867#true} is VALID [2022-02-20 17:59:57,595 INFO L290 TraceCheckUtils]: 3: Hoare triple {5867#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {5867#true} is VALID [2022-02-20 17:59:57,595 INFO L290 TraceCheckUtils]: 4: Hoare triple {5867#true} main_#t~ret15#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret15#1 && main_#t~ret15#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret15#1;havoc main_#t~ret15#1; {5867#true} is VALID [2022-02-20 17:59:57,595 INFO L290 TraceCheckUtils]: 5: Hoare triple {5867#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet12#1, setup_#t~nondet13#1, setup_#t~nondet14#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {5867#true} is VALID [2022-02-20 17:59:57,595 INFO L272 TraceCheckUtils]: 6: Hoare triple {5867#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {5867#true} is VALID [2022-02-20 17:59:57,595 INFO L290 TraceCheckUtils]: 7: Hoare triple {5867#true} ~handle := #in~handle;~value := #in~value; {5867#true} is VALID [2022-02-20 17:59:57,595 INFO L290 TraceCheckUtils]: 8: Hoare triple {5867#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5867#true} is VALID [2022-02-20 17:59:57,595 INFO L290 TraceCheckUtils]: 9: Hoare triple {5867#true} assume true; {5867#true} is VALID [2022-02-20 17:59:57,595 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {5867#true} {5867#true} #1279#return; {5867#true} is VALID [2022-02-20 17:59:57,595 INFO L290 TraceCheckUtils]: 11: Hoare triple {5867#true} assume { :end_inline_setup_bob__wrappee__Base } true; {5867#true} is VALID [2022-02-20 17:59:57,595 INFO L272 TraceCheckUtils]: 12: Hoare triple {5867#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {5867#true} is VALID [2022-02-20 17:59:57,595 INFO L290 TraceCheckUtils]: 13: Hoare triple {5867#true} ~handle := #in~handle;~value := #in~value; {5867#true} is VALID [2022-02-20 17:59:57,595 INFO L290 TraceCheckUtils]: 14: Hoare triple {5867#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5867#true} is VALID [2022-02-20 17:59:57,596 INFO L290 TraceCheckUtils]: 15: Hoare triple {5867#true} assume true; {5867#true} is VALID [2022-02-20 17:59:57,596 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {5867#true} {5867#true} #1281#return; {5867#true} is VALID [2022-02-20 17:59:57,596 INFO L290 TraceCheckUtils]: 17: Hoare triple {5867#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet12#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {5867#true} is VALID [2022-02-20 17:59:57,596 INFO L272 TraceCheckUtils]: 18: Hoare triple {5867#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {5867#true} is VALID [2022-02-20 17:59:57,596 INFO L290 TraceCheckUtils]: 19: Hoare triple {5867#true} ~handle := #in~handle;~value := #in~value; {5867#true} is VALID [2022-02-20 17:59:57,596 INFO L290 TraceCheckUtils]: 20: Hoare triple {5867#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5867#true} is VALID [2022-02-20 17:59:57,596 INFO L290 TraceCheckUtils]: 21: Hoare triple {5867#true} assume true; {5867#true} is VALID [2022-02-20 17:59:57,596 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {5867#true} {5867#true} #1283#return; {5867#true} is VALID [2022-02-20 17:59:57,596 INFO L290 TraceCheckUtils]: 23: Hoare triple {5867#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {5867#true} is VALID [2022-02-20 17:59:57,596 INFO L272 TraceCheckUtils]: 24: Hoare triple {5867#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {5867#true} is VALID [2022-02-20 17:59:57,596 INFO L290 TraceCheckUtils]: 25: Hoare triple {5867#true} ~handle := #in~handle;~value := #in~value; {5867#true} is VALID [2022-02-20 17:59:57,596 INFO L290 TraceCheckUtils]: 26: Hoare triple {5867#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5867#true} is VALID [2022-02-20 17:59:57,596 INFO L290 TraceCheckUtils]: 27: Hoare triple {5867#true} assume true; {5867#true} is VALID [2022-02-20 17:59:57,596 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {5867#true} {5867#true} #1285#return; {5867#true} is VALID [2022-02-20 17:59:57,597 INFO L290 TraceCheckUtils]: 29: Hoare triple {5867#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet13#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {5867#true} is VALID [2022-02-20 17:59:57,597 INFO L272 TraceCheckUtils]: 30: Hoare triple {5867#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {5867#true} is VALID [2022-02-20 17:59:57,597 INFO L290 TraceCheckUtils]: 31: Hoare triple {5867#true} ~handle := #in~handle;~value := #in~value; {5867#true} is VALID [2022-02-20 17:59:57,597 INFO L290 TraceCheckUtils]: 32: Hoare triple {5867#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5867#true} is VALID [2022-02-20 17:59:57,597 INFO L290 TraceCheckUtils]: 33: Hoare triple {5867#true} assume true; {5867#true} is VALID [2022-02-20 17:59:57,597 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {5867#true} {5867#true} #1287#return; {5867#true} is VALID [2022-02-20 17:59:57,597 INFO L290 TraceCheckUtils]: 35: Hoare triple {5867#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {5867#true} is VALID [2022-02-20 17:59:57,597 INFO L272 TraceCheckUtils]: 36: Hoare triple {5867#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {5867#true} is VALID [2022-02-20 17:59:57,597 INFO L290 TraceCheckUtils]: 37: Hoare triple {5867#true} ~handle := #in~handle;~value := #in~value; {5867#true} is VALID [2022-02-20 17:59:57,597 INFO L290 TraceCheckUtils]: 38: Hoare triple {5867#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5867#true} is VALID [2022-02-20 17:59:57,597 INFO L290 TraceCheckUtils]: 39: Hoare triple {5867#true} assume true; {5867#true} is VALID [2022-02-20 17:59:57,597 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {5867#true} {5867#true} #1289#return; {5867#true} is VALID [2022-02-20 17:59:57,597 INFO L290 TraceCheckUtils]: 41: Hoare triple {5867#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 8, 0;havoc setup_#t~nondet14#1; {5867#true} is VALID [2022-02-20 17:59:57,598 INFO L290 TraceCheckUtils]: 42: Hoare triple {5867#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_#t~nondet107#1, test_#t~nondet108#1, test_#t~nondet109#1, test_#t~nondet110#1, test_#t~nondet111#1, test_#t~nondet112#1, test_#t~nondet113#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~25#1, test_~tmp___0~10#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~25#1;havoc test_~tmp___0~10#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {6066#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:59:57,611 INFO L290 TraceCheckUtils]: 43: Hoare triple {6066#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !false; {6066#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:59:57,612 INFO L290 TraceCheckUtils]: 44: Hoare triple {6066#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {6066#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:59:57,612 INFO L290 TraceCheckUtils]: 45: Hoare triple {6066#(= |ULTIMATE.start_test_~op1~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {6066#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:59:57,612 INFO L290 TraceCheckUtils]: 46: Hoare triple {6066#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !(0 == test_~op1~0#1); {5868#false} is VALID [2022-02-20 17:59:57,612 INFO L290 TraceCheckUtils]: 47: Hoare triple {5868#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet104#1 && test_#t~nondet104#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet104#1;havoc test_#t~nondet104#1; {5868#false} is VALID [2022-02-20 17:59:57,613 INFO L290 TraceCheckUtils]: 48: Hoare triple {5868#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {5868#false} is VALID [2022-02-20 17:59:57,613 INFO L290 TraceCheckUtils]: 49: Hoare triple {5868#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {5868#false} is VALID [2022-02-20 17:59:57,613 INFO L290 TraceCheckUtils]: 50: Hoare triple {5868#false} assume { :end_inline_setClientAutoResponse } true; {5868#false} is VALID [2022-02-20 17:59:57,613 INFO L290 TraceCheckUtils]: 51: Hoare triple {5868#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {5868#false} is VALID [2022-02-20 17:59:57,613 INFO L290 TraceCheckUtils]: 52: Hoare triple {5868#false} assume !false; {5868#false} is VALID [2022-02-20 17:59:57,613 INFO L290 TraceCheckUtils]: 53: Hoare triple {5868#false} assume !(test_~splverifierCounter~0#1 < 4); {5868#false} is VALID [2022-02-20 17:59:57,613 INFO L290 TraceCheckUtils]: 54: Hoare triple {5868#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_#t~ret10#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret7#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret7#1 && bobToRjh_#t~ret7#1 <= 2147483647;havoc bobToRjh_#t~ret7#1; {5868#false} is VALID [2022-02-20 17:59:57,613 INFO L272 TraceCheckUtils]: 55: Hoare triple {5868#false} call sendEmail(~bob~0, ~rjh~0); {5868#false} is VALID [2022-02-20 17:59:57,613 INFO L290 TraceCheckUtils]: 56: Hoare triple {5868#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {5868#false} is VALID [2022-02-20 17:59:57,613 INFO L272 TraceCheckUtils]: 57: Hoare triple {5868#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {5868#false} is VALID [2022-02-20 17:59:57,613 INFO L290 TraceCheckUtils]: 58: Hoare triple {5868#false} ~handle := #in~handle;~value := #in~value; {5868#false} is VALID [2022-02-20 17:59:57,613 INFO L290 TraceCheckUtils]: 59: Hoare triple {5868#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5868#false} is VALID [2022-02-20 17:59:57,613 INFO L290 TraceCheckUtils]: 60: Hoare triple {5868#false} assume true; {5868#false} is VALID [2022-02-20 17:59:57,613 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {5868#false} {5868#false} #1221#return; {5868#false} is VALID [2022-02-20 17:59:57,614 INFO L272 TraceCheckUtils]: 62: Hoare triple {5868#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {5868#false} is VALID [2022-02-20 17:59:57,614 INFO L290 TraceCheckUtils]: 63: Hoare triple {5868#false} ~handle := #in~handle;~value := #in~value; {5868#false} is VALID [2022-02-20 17:59:57,614 INFO L290 TraceCheckUtils]: 64: Hoare triple {5868#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5868#false} is VALID [2022-02-20 17:59:57,614 INFO L290 TraceCheckUtils]: 65: Hoare triple {5868#false} assume true; {5868#false} is VALID [2022-02-20 17:59:57,614 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {5868#false} {5868#false} #1223#return; {5868#false} is VALID [2022-02-20 17:59:57,614 INFO L290 TraceCheckUtils]: 67: Hoare triple {5868#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {5868#false} is VALID [2022-02-20 17:59:57,614 INFO L290 TraceCheckUtils]: 68: Hoare triple {5868#false} #t~ret65#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret65#1 && #t~ret65#1 <= 2147483647;~tmp~17#1 := #t~ret65#1;havoc #t~ret65#1;~email~0#1 := ~tmp~17#1; {5868#false} is VALID [2022-02-20 17:59:57,614 INFO L272 TraceCheckUtils]: 69: Hoare triple {5868#false} call outgoing(~sender#1, ~email~0#1); {5868#false} is VALID [2022-02-20 17:59:57,614 INFO L290 TraceCheckUtils]: 70: Hoare triple {5868#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret69#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~19#1; {5868#false} is VALID [2022-02-20 17:59:57,614 INFO L272 TraceCheckUtils]: 71: Hoare triple {5868#false} call sign_#t~ret69#1 := getClientPrivateKey(sign_~client#1); {5868#false} is VALID [2022-02-20 17:59:57,614 INFO L290 TraceCheckUtils]: 72: Hoare triple {5868#false} ~handle := #in~handle;havoc ~retValue_acc~11; {5868#false} is VALID [2022-02-20 17:59:57,614 INFO L290 TraceCheckUtils]: 73: Hoare triple {5868#false} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {5868#false} is VALID [2022-02-20 17:59:57,614 INFO L290 TraceCheckUtils]: 74: Hoare triple {5868#false} assume true; {5868#false} is VALID [2022-02-20 17:59:57,614 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {5868#false} {5868#false} #1201#return; {5868#false} is VALID [2022-02-20 17:59:57,615 INFO L290 TraceCheckUtils]: 76: Hoare triple {5868#false} assume -2147483648 <= sign_#t~ret69#1 && sign_#t~ret69#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret69#1;havoc sign_#t~ret69#1;sign_~privkey~1#1 := sign_~tmp~19#1; {5868#false} is VALID [2022-02-20 17:59:57,615 INFO L290 TraceCheckUtils]: 77: Hoare triple {5868#false} assume 0 == sign_~privkey~1#1; {5868#false} is VALID [2022-02-20 17:59:57,615 INFO L290 TraceCheckUtils]: 78: Hoare triple {5868#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret52#1, outgoing__wrappee__AddressBook_#t~ret53#1, outgoing__wrappee__AddressBook_#t~ret54#1, outgoing__wrappee__AddressBook_#t~ret55#1, outgoing__wrappee__AddressBook_#t~ret56#1, outgoing__wrappee__AddressBook_#t~ret57#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~13#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~6#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~13#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~6#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {5868#false} is VALID [2022-02-20 17:59:57,615 INFO L272 TraceCheckUtils]: 79: Hoare triple {5868#false} call outgoing__wrappee__AddressBook_#t~ret52#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {5868#false} is VALID [2022-02-20 17:59:57,615 INFO L290 TraceCheckUtils]: 80: Hoare triple {5868#false} ~handle := #in~handle;havoc ~retValue_acc~5; {5868#false} is VALID [2022-02-20 17:59:57,615 INFO L290 TraceCheckUtils]: 81: Hoare triple {5868#false} assume 1 == ~handle;~retValue_acc~5 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~5; {5868#false} is VALID [2022-02-20 17:59:57,615 INFO L290 TraceCheckUtils]: 82: Hoare triple {5868#false} assume true; {5868#false} is VALID [2022-02-20 17:59:57,615 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {5868#false} {5868#false} #1203#return; {5868#false} is VALID [2022-02-20 17:59:57,615 INFO L290 TraceCheckUtils]: 84: Hoare triple {5868#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret52#1 && outgoing__wrappee__AddressBook_#t~ret52#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~13#1 := outgoing__wrappee__AddressBook_#t~ret52#1;havoc outgoing__wrappee__AddressBook_#t~ret52#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~13#1; {5868#false} is VALID [2022-02-20 17:59:57,615 INFO L290 TraceCheckUtils]: 85: Hoare triple {5868#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {5868#false} is VALID [2022-02-20 17:59:57,615 INFO L272 TraceCheckUtils]: 86: Hoare triple {5868#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {5868#false} is VALID [2022-02-20 17:59:57,615 INFO L290 TraceCheckUtils]: 87: Hoare triple {5868#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~12#1;havoc ~pubkey~0#1;havoc ~tmp___0~5#1; {5868#false} is VALID [2022-02-20 17:59:57,615 INFO L272 TraceCheckUtils]: 88: Hoare triple {5868#false} call #t~ret50#1 := getEmailTo(~msg#1); {5868#false} is VALID [2022-02-20 17:59:57,615 INFO L290 TraceCheckUtils]: 89: Hoare triple {5868#false} ~handle := #in~handle;havoc ~retValue_acc~36; {5868#false} is VALID [2022-02-20 17:59:57,616 INFO L290 TraceCheckUtils]: 90: Hoare triple {5868#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {5868#false} is VALID [2022-02-20 17:59:57,616 INFO L290 TraceCheckUtils]: 91: Hoare triple {5868#false} assume true; {5868#false} is VALID [2022-02-20 17:59:57,616 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {5868#false} {5868#false} #1235#return; {5868#false} is VALID [2022-02-20 17:59:57,616 INFO L290 TraceCheckUtils]: 93: Hoare triple {5868#false} assume -2147483648 <= #t~ret50#1 && #t~ret50#1 <= 2147483647;~tmp~12#1 := #t~ret50#1;havoc #t~ret50#1;~receiver~0#1 := ~tmp~12#1; {5868#false} is VALID [2022-02-20 17:59:57,616 INFO L272 TraceCheckUtils]: 94: Hoare triple {5868#false} call #t~ret51#1 := findPublicKey(~client#1, ~receiver~0#1); {5868#false} is VALID [2022-02-20 17:59:57,616 INFO L290 TraceCheckUtils]: 95: Hoare triple {5868#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~16; {5868#false} is VALID [2022-02-20 17:59:57,616 INFO L290 TraceCheckUtils]: 96: Hoare triple {5868#false} assume 1 == ~handle; {5868#false} is VALID [2022-02-20 17:59:57,616 INFO L290 TraceCheckUtils]: 97: Hoare triple {5868#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~16 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~16; {5868#false} is VALID [2022-02-20 17:59:57,616 INFO L290 TraceCheckUtils]: 98: Hoare triple {5868#false} assume true; {5868#false} is VALID [2022-02-20 17:59:57,616 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {5868#false} {5868#false} #1237#return; {5868#false} is VALID [2022-02-20 17:59:57,616 INFO L290 TraceCheckUtils]: 100: Hoare triple {5868#false} assume -2147483648 <= #t~ret51#1 && #t~ret51#1 <= 2147483647;~tmp___0~5#1 := #t~ret51#1;havoc #t~ret51#1;~pubkey~0#1 := ~tmp___0~5#1; {5868#false} is VALID [2022-02-20 17:59:57,616 INFO L290 TraceCheckUtils]: 101: Hoare triple {5868#false} assume !(0 != ~pubkey~0#1); {5868#false} is VALID [2022-02-20 17:59:57,616 INFO L290 TraceCheckUtils]: 102: Hoare triple {5868#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret49#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~11#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~11#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~18#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~18#1; {5868#false} is VALID [2022-02-20 17:59:57,616 INFO L290 TraceCheckUtils]: 103: Hoare triple {5868#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~18#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~18#1; {5868#false} is VALID [2022-02-20 17:59:57,617 INFO L290 TraceCheckUtils]: 104: Hoare triple {5868#false} outgoing__wrappee__Keys_#t~ret49#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret49#1 && outgoing__wrappee__Keys_#t~ret49#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~11#1 := outgoing__wrappee__Keys_#t~ret49#1;havoc outgoing__wrappee__Keys_#t~ret49#1; {5868#false} is VALID [2022-02-20 17:59:57,617 INFO L272 TraceCheckUtils]: 105: Hoare triple {5868#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~11#1); {5868#false} is VALID [2022-02-20 17:59:57,617 INFO L290 TraceCheckUtils]: 106: Hoare triple {5868#false} ~handle := #in~handle;~value := #in~value; {5868#false} is VALID [2022-02-20 17:59:57,617 INFO L290 TraceCheckUtils]: 107: Hoare triple {5868#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5868#false} is VALID [2022-02-20 17:59:57,617 INFO L290 TraceCheckUtils]: 108: Hoare triple {5868#false} assume true; {5868#false} is VALID [2022-02-20 17:59:57,617 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {5868#false} {5868#false} #1243#return; {5868#false} is VALID [2022-02-20 17:59:57,617 INFO L290 TraceCheckUtils]: 110: Hoare triple {5868#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret47#1, mail_#t~ret48#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~10#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~10#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret76#1, __utac_acc__SignForward_spec__1_#t~ret77#1, __utac_acc__SignForward_spec__1_#t~ret78#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~21#1, __utac_acc__SignForward_spec__1_~tmp___0~9#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~21#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~9#1;call __utac_acc__SignForward_spec__1_#t~ret76#1 := puts(27, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret76#1 && __utac_acc__SignForward_spec__1_#t~ret76#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret76#1; {5868#false} is VALID [2022-02-20 17:59:57,617 INFO L272 TraceCheckUtils]: 111: Hoare triple {5868#false} call __utac_acc__SignForward_spec__1_#t~ret77#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {5868#false} is VALID [2022-02-20 17:59:57,617 INFO L290 TraceCheckUtils]: 112: Hoare triple {5868#false} ~handle := #in~handle;havoc ~retValue_acc~41; {5868#false} is VALID [2022-02-20 17:59:57,617 INFO L290 TraceCheckUtils]: 113: Hoare triple {5868#false} assume 1 == ~handle;~retValue_acc~41 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~41; {5868#false} is VALID [2022-02-20 17:59:57,617 INFO L290 TraceCheckUtils]: 114: Hoare triple {5868#false} assume true; {5868#false} is VALID [2022-02-20 17:59:57,617 INFO L284 TraceCheckUtils]: 115: Hoare quadruple {5868#false} {5868#false} #1245#return; {5868#false} is VALID [2022-02-20 17:59:57,617 INFO L290 TraceCheckUtils]: 116: Hoare triple {5868#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret77#1 && __utac_acc__SignForward_spec__1_#t~ret77#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~9#1 := __utac_acc__SignForward_spec__1_#t~ret77#1;havoc __utac_acc__SignForward_spec__1_#t~ret77#1; {5868#false} is VALID [2022-02-20 17:59:57,617 INFO L290 TraceCheckUtils]: 117: Hoare triple {5868#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~9#1; {5868#false} is VALID [2022-02-20 17:59:57,618 INFO L272 TraceCheckUtils]: 118: Hoare triple {5868#false} call __utac_acc__SignForward_spec__1_#t~ret78#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {5868#false} is VALID [2022-02-20 17:59:57,618 INFO L290 TraceCheckUtils]: 119: Hoare triple {5868#false} ~handle := #in~handle;havoc ~retValue_acc~11; {5868#false} is VALID [2022-02-20 17:59:57,618 INFO L290 TraceCheckUtils]: 120: Hoare triple {5868#false} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {5868#false} is VALID [2022-02-20 17:59:57,618 INFO L290 TraceCheckUtils]: 121: Hoare triple {5868#false} assume true; {5868#false} is VALID [2022-02-20 17:59:57,618 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {5868#false} {5868#false} #1247#return; {5868#false} is VALID [2022-02-20 17:59:57,618 INFO L290 TraceCheckUtils]: 123: Hoare triple {5868#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret78#1 && __utac_acc__SignForward_spec__1_#t~ret78#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~21#1 := __utac_acc__SignForward_spec__1_#t~ret78#1;havoc __utac_acc__SignForward_spec__1_#t~ret78#1; {5868#false} is VALID [2022-02-20 17:59:57,618 INFO L290 TraceCheckUtils]: 124: Hoare triple {5868#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~21#1;assume { :begin_inline___automaton_fail } true; {5868#false} is VALID [2022-02-20 17:59:57,618 INFO L290 TraceCheckUtils]: 125: Hoare triple {5868#false} assume !false; {5868#false} is VALID [2022-02-20 17:59:57,618 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 32 trivial. 0 not checked. [2022-02-20 17:59:57,618 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:59:57,619 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1247091098] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:57,619 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:59:57,619 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 17:59:57,619 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [209228071] [2022-02-20 17:59:57,619 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:57,620 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 25.0) internal successors, (75), 3 states have internal predecessors, (75), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (15), 2 states have call predecessors, (15), 2 states have call successors, (15) Word has length 126 [2022-02-20 17:59:57,620 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:57,620 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 25.0) internal successors, (75), 3 states have internal predecessors, (75), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (15), 2 states have call predecessors, (15), 2 states have call successors, (15) [2022-02-20 17:59:57,708 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 108 edges. 108 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:57,709 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 17:59:57,709 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:57,709 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 17:59:57,709 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:59:57,709 INFO L87 Difference]: Start difference. First operand 420 states and 632 transitions. Second operand has 3 states, 3 states have (on average 25.0) internal successors, (75), 3 states have internal predecessors, (75), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (15), 2 states have call predecessors, (15), 2 states have call successors, (15) [2022-02-20 17:59:58,243 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:58,243 INFO L93 Difference]: Finished difference Result 888 states and 1356 transitions. [2022-02-20 17:59:58,243 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 17:59:58,244 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 25.0) internal successors, (75), 3 states have internal predecessors, (75), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (15), 2 states have call predecessors, (15), 2 states have call successors, (15) Word has length 126 [2022-02-20 17:59:58,244 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:58,244 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 25.0) internal successors, (75), 3 states have internal predecessors, (75), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (15), 2 states have call predecessors, (15), 2 states have call successors, (15) [2022-02-20 17:59:58,256 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1354 transitions. [2022-02-20 17:59:58,257 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 25.0) internal successors, (75), 3 states have internal predecessors, (75), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (15), 2 states have call predecessors, (15), 2 states have call successors, (15) [2022-02-20 17:59:58,268 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1354 transitions. [2022-02-20 17:59:58,269 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1354 transitions. [2022-02-20 17:59:59,051 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1354 edges. 1354 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:59,065 INFO L225 Difference]: With dead ends: 888 [2022-02-20 17:59:59,065 INFO L226 Difference]: Without dead ends: 495 [2022-02-20 17:59:59,066 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 159 GetRequests, 151 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:59:59,069 INFO L933 BasicCegarLoop]: 649 mSDtfsCounter, 134 mSDsluCounter, 581 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 152 SdHoareTripleChecker+Valid, 1230 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:59,071 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [152 Valid, 1230 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:59:59,073 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 495 states. [2022-02-20 17:59:59,094 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 495 to 487. [2022-02-20 17:59:59,094 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:59,095 INFO L82 GeneralOperation]: Start isEquivalent. First operand 495 states. Second operand has 487 states, 379 states have (on average 1.562005277044855) internal successors, (592), 383 states have internal predecessors, (592), 79 states have call successors, (79), 28 states have call predecessors, (79), 28 states have return successors, (78), 77 states have call predecessors, (78), 78 states have call successors, (78) [2022-02-20 17:59:59,096 INFO L74 IsIncluded]: Start isIncluded. First operand 495 states. Second operand has 487 states, 379 states have (on average 1.562005277044855) internal successors, (592), 383 states have internal predecessors, (592), 79 states have call successors, (79), 28 states have call predecessors, (79), 28 states have return successors, (78), 77 states have call predecessors, (78), 78 states have call successors, (78) [2022-02-20 17:59:59,097 INFO L87 Difference]: Start difference. First operand 495 states. Second operand has 487 states, 379 states have (on average 1.562005277044855) internal successors, (592), 383 states have internal predecessors, (592), 79 states have call successors, (79), 28 states have call predecessors, (79), 28 states have return successors, (78), 77 states have call predecessors, (78), 78 states have call successors, (78) [2022-02-20 17:59:59,115 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:59,115 INFO L93 Difference]: Finished difference Result 495 states and 758 transitions. [2022-02-20 17:59:59,115 INFO L276 IsEmpty]: Start isEmpty. Operand 495 states and 758 transitions. [2022-02-20 17:59:59,116 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:59,116 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:59,117 INFO L74 IsIncluded]: Start isIncluded. First operand has 487 states, 379 states have (on average 1.562005277044855) internal successors, (592), 383 states have internal predecessors, (592), 79 states have call successors, (79), 28 states have call predecessors, (79), 28 states have return successors, (78), 77 states have call predecessors, (78), 78 states have call successors, (78) Second operand 495 states. [2022-02-20 17:59:59,118 INFO L87 Difference]: Start difference. First operand has 487 states, 379 states have (on average 1.562005277044855) internal successors, (592), 383 states have internal predecessors, (592), 79 states have call successors, (79), 28 states have call predecessors, (79), 28 states have return successors, (78), 77 states have call predecessors, (78), 78 states have call successors, (78) Second operand 495 states. [2022-02-20 17:59:59,138 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:59,138 INFO L93 Difference]: Finished difference Result 495 states and 758 transitions. [2022-02-20 17:59:59,138 INFO L276 IsEmpty]: Start isEmpty. Operand 495 states and 758 transitions. [2022-02-20 17:59:59,139 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:59,140 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:59,140 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:59,140 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:59,141 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 487 states, 379 states have (on average 1.562005277044855) internal successors, (592), 383 states have internal predecessors, (592), 79 states have call successors, (79), 28 states have call predecessors, (79), 28 states have return successors, (78), 77 states have call predecessors, (78), 78 states have call successors, (78) [2022-02-20 17:59:59,156 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 487 states to 487 states and 749 transitions. [2022-02-20 17:59:59,156 INFO L78 Accepts]: Start accepts. Automaton has 487 states and 749 transitions. Word has length 126 [2022-02-20 17:59:59,156 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:59,157 INFO L470 AbstractCegarLoop]: Abstraction has 487 states and 749 transitions. [2022-02-20 17:59:59,158 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 25.0) internal successors, (75), 3 states have internal predecessors, (75), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (15), 2 states have call predecessors, (15), 2 states have call successors, (15) [2022-02-20 17:59:59,159 INFO L276 IsEmpty]: Start isEmpty. Operand 487 states and 749 transitions. [2022-02-20 17:59:59,160 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 147 [2022-02-20 17:59:59,160 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:59,161 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:59,180 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-02-20 17:59:59,371 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:59,371 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:59,372 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:59,372 INFO L85 PathProgramCache]: Analyzing trace with hash -1538733946, now seen corresponding path program 1 times [2022-02-20 17:59:59,372 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:59,372 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1699035926] [2022-02-20 17:59:59,372 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:59,372 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:59,405 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:59,427 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:59:59,428 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:59,430 INFO L290 TraceCheckUtils]: 0: Hoare triple {9272#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9195#true} is VALID [2022-02-20 17:59:59,430 INFO L290 TraceCheckUtils]: 1: Hoare triple {9195#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9195#true} is VALID [2022-02-20 17:59:59,430 INFO L290 TraceCheckUtils]: 2: Hoare triple {9195#true} assume true; {9195#true} is VALID [2022-02-20 17:59:59,431 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9195#true} {9195#true} #1279#return; {9195#true} is VALID [2022-02-20 17:59:59,435 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:59:59,436 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:59,438 INFO L290 TraceCheckUtils]: 0: Hoare triple {9273#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9195#true} is VALID [2022-02-20 17:59:59,439 INFO L290 TraceCheckUtils]: 1: Hoare triple {9195#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9195#true} is VALID [2022-02-20 17:59:59,439 INFO L290 TraceCheckUtils]: 2: Hoare triple {9195#true} assume true; {9195#true} is VALID [2022-02-20 17:59:59,439 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9195#true} {9195#true} #1281#return; {9195#true} is VALID [2022-02-20 17:59:59,439 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:59,440 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:59,451 INFO L290 TraceCheckUtils]: 0: Hoare triple {9272#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9274#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:59,451 INFO L290 TraceCheckUtils]: 1: Hoare triple {9274#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9275#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:59,452 INFO L290 TraceCheckUtils]: 2: Hoare triple {9275#(= |setClientId_#in~handle| 1)} assume true; {9275#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:59,452 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9275#(= |setClientId_#in~handle| 1)} {9205#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1283#return; {9196#false} is VALID [2022-02-20 17:59:59,452 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:59:59,454 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:59,456 INFO L290 TraceCheckUtils]: 0: Hoare triple {9273#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9195#true} is VALID [2022-02-20 17:59:59,456 INFO L290 TraceCheckUtils]: 1: Hoare triple {9195#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9195#true} is VALID [2022-02-20 17:59:59,456 INFO L290 TraceCheckUtils]: 2: Hoare triple {9195#true} assume true; {9195#true} is VALID [2022-02-20 17:59:59,456 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9195#true} {9196#false} #1285#return; {9196#false} is VALID [2022-02-20 17:59:59,457 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:59:59,458 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:59,460 INFO L290 TraceCheckUtils]: 0: Hoare triple {9272#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9195#true} is VALID [2022-02-20 17:59:59,460 INFO L290 TraceCheckUtils]: 1: Hoare triple {9195#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9195#true} is VALID [2022-02-20 17:59:59,460 INFO L290 TraceCheckUtils]: 2: Hoare triple {9195#true} assume true; {9195#true} is VALID [2022-02-20 17:59:59,460 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9195#true} {9196#false} #1287#return; {9196#false} is VALID [2022-02-20 17:59:59,460 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:59:59,461 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:59,463 INFO L290 TraceCheckUtils]: 0: Hoare triple {9273#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9195#true} is VALID [2022-02-20 17:59:59,463 INFO L290 TraceCheckUtils]: 1: Hoare triple {9195#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9195#true} is VALID [2022-02-20 17:59:59,463 INFO L290 TraceCheckUtils]: 2: Hoare triple {9195#true} assume true; {9195#true} is VALID [2022-02-20 17:59:59,463 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9195#true} {9196#false} #1289#return; {9196#false} is VALID [2022-02-20 17:59:59,469 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 17:59:59,469 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:59,480 INFO L290 TraceCheckUtils]: 0: Hoare triple {9276#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {9195#true} is VALID [2022-02-20 17:59:59,480 INFO L290 TraceCheckUtils]: 1: Hoare triple {9195#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9195#true} is VALID [2022-02-20 17:59:59,480 INFO L290 TraceCheckUtils]: 2: Hoare triple {9195#true} assume true; {9195#true} is VALID [2022-02-20 17:59:59,480 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9195#true} {9196#false} #1221#return; {9196#false} is VALID [2022-02-20 17:59:59,487 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63 [2022-02-20 17:59:59,488 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:59,490 INFO L290 TraceCheckUtils]: 0: Hoare triple {9277#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {9195#true} is VALID [2022-02-20 17:59:59,490 INFO L290 TraceCheckUtils]: 1: Hoare triple {9195#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {9195#true} is VALID [2022-02-20 17:59:59,490 INFO L290 TraceCheckUtils]: 2: Hoare triple {9195#true} assume true; {9195#true} is VALID [2022-02-20 17:59:59,490 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9195#true} {9196#false} #1223#return; {9196#false} is VALID [2022-02-20 17:59:59,490 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 17:59:59,491 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:59,492 INFO L290 TraceCheckUtils]: 0: Hoare triple {9195#true} ~handle := #in~handle;havoc ~retValue_acc~11; {9195#true} is VALID [2022-02-20 17:59:59,492 INFO L290 TraceCheckUtils]: 1: Hoare triple {9195#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {9195#true} is VALID [2022-02-20 17:59:59,492 INFO L290 TraceCheckUtils]: 2: Hoare triple {9195#true} assume true; {9195#true} is VALID [2022-02-20 17:59:59,492 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9195#true} {9196#false} #1201#return; {9196#false} is VALID [2022-02-20 17:59:59,493 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2022-02-20 17:59:59,493 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:59,495 INFO L290 TraceCheckUtils]: 0: Hoare triple {9195#true} ~handle := #in~handle;havoc ~retValue_acc~5; {9195#true} is VALID [2022-02-20 17:59:59,495 INFO L290 TraceCheckUtils]: 1: Hoare triple {9195#true} assume 1 == ~handle;~retValue_acc~5 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~5; {9195#true} is VALID [2022-02-20 17:59:59,495 INFO L290 TraceCheckUtils]: 2: Hoare triple {9195#true} assume true; {9195#true} is VALID [2022-02-20 17:59:59,495 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9195#true} {9196#false} #1203#return; {9196#false} is VALID [2022-02-20 17:59:59,495 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 17:59:59,496 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:59,497 INFO L290 TraceCheckUtils]: 0: Hoare triple {9195#true} ~handle := #in~handle;havoc ~retValue_acc~36; {9195#true} is VALID [2022-02-20 17:59:59,497 INFO L290 TraceCheckUtils]: 1: Hoare triple {9195#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {9195#true} is VALID [2022-02-20 17:59:59,497 INFO L290 TraceCheckUtils]: 2: Hoare triple {9195#true} assume true; {9195#true} is VALID [2022-02-20 17:59:59,497 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9195#true} {9196#false} #1205#return; {9196#false} is VALID [2022-02-20 17:59:59,498 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 17:59:59,498 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:59,500 INFO L290 TraceCheckUtils]: 0: Hoare triple {9195#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~9; {9195#true} is VALID [2022-02-20 17:59:59,500 INFO L290 TraceCheckUtils]: 1: Hoare triple {9195#true} assume 1 == ~handle; {9195#true} is VALID [2022-02-20 17:59:59,500 INFO L290 TraceCheckUtils]: 2: Hoare triple {9195#true} assume 0 == ~index;~retValue_acc~9 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~9; {9195#true} is VALID [2022-02-20 17:59:59,500 INFO L290 TraceCheckUtils]: 3: Hoare triple {9195#true} assume true; {9195#true} is VALID [2022-02-20 17:59:59,500 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {9195#true} {9196#false} #1207#return; {9196#false} is VALID [2022-02-20 17:59:59,500 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 17:59:59,501 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:59,503 INFO L290 TraceCheckUtils]: 0: Hoare triple {9277#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {9195#true} is VALID [2022-02-20 17:59:59,503 INFO L290 TraceCheckUtils]: 1: Hoare triple {9195#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {9195#true} is VALID [2022-02-20 17:59:59,503 INFO L290 TraceCheckUtils]: 2: Hoare triple {9195#true} assume true; {9195#true} is VALID [2022-02-20 17:59:59,503 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9195#true} {9196#false} #1209#return; {9196#false} is VALID [2022-02-20 17:59:59,503 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 108 [2022-02-20 17:59:59,504 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:59,505 INFO L290 TraceCheckUtils]: 0: Hoare triple {9195#true} ~handle := #in~handle;havoc ~retValue_acc~36; {9195#true} is VALID [2022-02-20 17:59:59,505 INFO L290 TraceCheckUtils]: 1: Hoare triple {9195#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {9195#true} is VALID [2022-02-20 17:59:59,505 INFO L290 TraceCheckUtils]: 2: Hoare triple {9195#true} assume true; {9195#true} is VALID [2022-02-20 17:59:59,505 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9195#true} {9196#false} #1235#return; {9196#false} is VALID [2022-02-20 17:59:59,505 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 114 [2022-02-20 17:59:59,506 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:59,508 INFO L290 TraceCheckUtils]: 0: Hoare triple {9195#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~16; {9195#true} is VALID [2022-02-20 17:59:59,508 INFO L290 TraceCheckUtils]: 1: Hoare triple {9195#true} assume 1 == ~handle; {9195#true} is VALID [2022-02-20 17:59:59,508 INFO L290 TraceCheckUtils]: 2: Hoare triple {9195#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~16 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~16; {9195#true} is VALID [2022-02-20 17:59:59,508 INFO L290 TraceCheckUtils]: 3: Hoare triple {9195#true} assume true; {9195#true} is VALID [2022-02-20 17:59:59,508 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {9195#true} {9196#false} #1237#return; {9196#false} is VALID [2022-02-20 17:59:59,508 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 125 [2022-02-20 17:59:59,509 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:59,510 INFO L290 TraceCheckUtils]: 0: Hoare triple {9276#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {9195#true} is VALID [2022-02-20 17:59:59,510 INFO L290 TraceCheckUtils]: 1: Hoare triple {9195#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9195#true} is VALID [2022-02-20 17:59:59,511 INFO L290 TraceCheckUtils]: 2: Hoare triple {9195#true} assume true; {9195#true} is VALID [2022-02-20 17:59:59,511 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9195#true} {9196#false} #1243#return; {9196#false} is VALID [2022-02-20 17:59:59,511 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 131 [2022-02-20 17:59:59,511 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:59,513 INFO L290 TraceCheckUtils]: 0: Hoare triple {9195#true} ~handle := #in~handle;havoc ~retValue_acc~41; {9195#true} is VALID [2022-02-20 17:59:59,513 INFO L290 TraceCheckUtils]: 1: Hoare triple {9195#true} assume 1 == ~handle;~retValue_acc~41 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~41; {9195#true} is VALID [2022-02-20 17:59:59,513 INFO L290 TraceCheckUtils]: 2: Hoare triple {9195#true} assume true; {9195#true} is VALID [2022-02-20 17:59:59,513 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9195#true} {9196#false} #1245#return; {9196#false} is VALID [2022-02-20 17:59:59,513 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 138 [2022-02-20 17:59:59,514 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:59,515 INFO L290 TraceCheckUtils]: 0: Hoare triple {9195#true} ~handle := #in~handle;havoc ~retValue_acc~11; {9195#true} is VALID [2022-02-20 17:59:59,515 INFO L290 TraceCheckUtils]: 1: Hoare triple {9195#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {9195#true} is VALID [2022-02-20 17:59:59,516 INFO L290 TraceCheckUtils]: 2: Hoare triple {9195#true} assume true; {9195#true} is VALID [2022-02-20 17:59:59,516 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9195#true} {9196#false} #1247#return; {9196#false} is VALID [2022-02-20 17:59:59,516 INFO L290 TraceCheckUtils]: 0: Hoare triple {9195#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(13, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(34, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(20, 25);call #Ultimate.allocInit(22, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {9195#true} is VALID [2022-02-20 17:59:59,516 INFO L290 TraceCheckUtils]: 1: Hoare triple {9195#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret15#1, main_~retValue_acc~19#1, main_~tmp~3#1;havoc main_~retValue_acc~19#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {9195#true} is VALID [2022-02-20 17:59:59,516 INFO L290 TraceCheckUtils]: 2: Hoare triple {9195#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {9195#true} is VALID [2022-02-20 17:59:59,516 INFO L290 TraceCheckUtils]: 3: Hoare triple {9195#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {9195#true} is VALID [2022-02-20 17:59:59,516 INFO L290 TraceCheckUtils]: 4: Hoare triple {9195#true} main_#t~ret15#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret15#1 && main_#t~ret15#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret15#1;havoc main_#t~ret15#1; {9195#true} is VALID [2022-02-20 17:59:59,516 INFO L290 TraceCheckUtils]: 5: Hoare triple {9195#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet12#1, setup_#t~nondet13#1, setup_#t~nondet14#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {9195#true} is VALID [2022-02-20 17:59:59,517 INFO L272 TraceCheckUtils]: 6: Hoare triple {9195#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {9272#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:59,517 INFO L290 TraceCheckUtils]: 7: Hoare triple {9272#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9195#true} is VALID [2022-02-20 17:59:59,517 INFO L290 TraceCheckUtils]: 8: Hoare triple {9195#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9195#true} is VALID [2022-02-20 17:59:59,517 INFO L290 TraceCheckUtils]: 9: Hoare triple {9195#true} assume true; {9195#true} is VALID [2022-02-20 17:59:59,517 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {9195#true} {9195#true} #1279#return; {9195#true} is VALID [2022-02-20 17:59:59,517 INFO L290 TraceCheckUtils]: 11: Hoare triple {9195#true} assume { :end_inline_setup_bob__wrappee__Base } true; {9195#true} is VALID [2022-02-20 17:59:59,517 INFO L272 TraceCheckUtils]: 12: Hoare triple {9195#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {9273#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:59,518 INFO L290 TraceCheckUtils]: 13: Hoare triple {9273#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9195#true} is VALID [2022-02-20 17:59:59,518 INFO L290 TraceCheckUtils]: 14: Hoare triple {9195#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9195#true} is VALID [2022-02-20 17:59:59,518 INFO L290 TraceCheckUtils]: 15: Hoare triple {9195#true} assume true; {9195#true} is VALID [2022-02-20 17:59:59,518 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {9195#true} {9195#true} #1281#return; {9195#true} is VALID [2022-02-20 17:59:59,518 INFO L290 TraceCheckUtils]: 17: Hoare triple {9195#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet12#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {9205#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:59:59,519 INFO L272 TraceCheckUtils]: 18: Hoare triple {9205#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {9272#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:59,519 INFO L290 TraceCheckUtils]: 19: Hoare triple {9272#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9274#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:59,519 INFO L290 TraceCheckUtils]: 20: Hoare triple {9274#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9275#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:59,519 INFO L290 TraceCheckUtils]: 21: Hoare triple {9275#(= |setClientId_#in~handle| 1)} assume true; {9275#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:59,520 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {9275#(= |setClientId_#in~handle| 1)} {9205#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1283#return; {9196#false} is VALID [2022-02-20 17:59:59,520 INFO L290 TraceCheckUtils]: 23: Hoare triple {9196#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {9196#false} is VALID [2022-02-20 17:59:59,520 INFO L272 TraceCheckUtils]: 24: Hoare triple {9196#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {9273#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:59,520 INFO L290 TraceCheckUtils]: 25: Hoare triple {9273#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9195#true} is VALID [2022-02-20 17:59:59,520 INFO L290 TraceCheckUtils]: 26: Hoare triple {9195#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9195#true} is VALID [2022-02-20 17:59:59,520 INFO L290 TraceCheckUtils]: 27: Hoare triple {9195#true} assume true; {9195#true} is VALID [2022-02-20 17:59:59,520 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {9195#true} {9196#false} #1285#return; {9196#false} is VALID [2022-02-20 17:59:59,520 INFO L290 TraceCheckUtils]: 29: Hoare triple {9196#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet13#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {9196#false} is VALID [2022-02-20 17:59:59,520 INFO L272 TraceCheckUtils]: 30: Hoare triple {9196#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {9272#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:59,520 INFO L290 TraceCheckUtils]: 31: Hoare triple {9272#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9195#true} is VALID [2022-02-20 17:59:59,520 INFO L290 TraceCheckUtils]: 32: Hoare triple {9195#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9195#true} is VALID [2022-02-20 17:59:59,521 INFO L290 TraceCheckUtils]: 33: Hoare triple {9195#true} assume true; {9195#true} is VALID [2022-02-20 17:59:59,521 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {9195#true} {9196#false} #1287#return; {9196#false} is VALID [2022-02-20 17:59:59,521 INFO L290 TraceCheckUtils]: 35: Hoare triple {9196#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {9196#false} is VALID [2022-02-20 17:59:59,521 INFO L272 TraceCheckUtils]: 36: Hoare triple {9196#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {9273#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:59,521 INFO L290 TraceCheckUtils]: 37: Hoare triple {9273#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9195#true} is VALID [2022-02-20 17:59:59,521 INFO L290 TraceCheckUtils]: 38: Hoare triple {9195#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9195#true} is VALID [2022-02-20 17:59:59,521 INFO L290 TraceCheckUtils]: 39: Hoare triple {9195#true} assume true; {9195#true} is VALID [2022-02-20 17:59:59,521 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {9195#true} {9196#false} #1289#return; {9196#false} is VALID [2022-02-20 17:59:59,521 INFO L290 TraceCheckUtils]: 41: Hoare triple {9196#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 8, 0;havoc setup_#t~nondet14#1; {9196#false} is VALID [2022-02-20 17:59:59,521 INFO L290 TraceCheckUtils]: 42: Hoare triple {9196#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_#t~nondet107#1, test_#t~nondet108#1, test_#t~nondet109#1, test_#t~nondet110#1, test_#t~nondet111#1, test_#t~nondet112#1, test_#t~nondet113#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~25#1, test_~tmp___0~10#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~25#1;havoc test_~tmp___0~10#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {9196#false} is VALID [2022-02-20 17:59:59,521 INFO L290 TraceCheckUtils]: 43: Hoare triple {9196#false} assume !false; {9196#false} is VALID [2022-02-20 17:59:59,521 INFO L290 TraceCheckUtils]: 44: Hoare triple {9196#false} assume test_~splverifierCounter~0#1 < 4; {9196#false} is VALID [2022-02-20 17:59:59,521 INFO L290 TraceCheckUtils]: 45: Hoare triple {9196#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {9196#false} is VALID [2022-02-20 17:59:59,521 INFO L290 TraceCheckUtils]: 46: Hoare triple {9196#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet103#1 && test_#t~nondet103#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet103#1;havoc test_#t~nondet103#1; {9196#false} is VALID [2022-02-20 17:59:59,521 INFO L290 TraceCheckUtils]: 47: Hoare triple {9196#false} assume !(0 != test_~tmp___9~0#1); {9196#false} is VALID [2022-02-20 17:59:59,521 INFO L290 TraceCheckUtils]: 48: Hoare triple {9196#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet104#1 && test_#t~nondet104#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet104#1;havoc test_#t~nondet104#1; {9196#false} is VALID [2022-02-20 17:59:59,522 INFO L290 TraceCheckUtils]: 49: Hoare triple {9196#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {9196#false} is VALID [2022-02-20 17:59:59,522 INFO L290 TraceCheckUtils]: 50: Hoare triple {9196#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {9196#false} is VALID [2022-02-20 17:59:59,522 INFO L290 TraceCheckUtils]: 51: Hoare triple {9196#false} assume { :end_inline_setClientAutoResponse } true; {9196#false} is VALID [2022-02-20 17:59:59,522 INFO L290 TraceCheckUtils]: 52: Hoare triple {9196#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {9196#false} is VALID [2022-02-20 17:59:59,522 INFO L290 TraceCheckUtils]: 53: Hoare triple {9196#false} assume !false; {9196#false} is VALID [2022-02-20 17:59:59,522 INFO L290 TraceCheckUtils]: 54: Hoare triple {9196#false} assume !(test_~splverifierCounter~0#1 < 4); {9196#false} is VALID [2022-02-20 17:59:59,522 INFO L290 TraceCheckUtils]: 55: Hoare triple {9196#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_#t~ret10#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret7#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret7#1 && bobToRjh_#t~ret7#1 <= 2147483647;havoc bobToRjh_#t~ret7#1; {9196#false} is VALID [2022-02-20 17:59:59,522 INFO L272 TraceCheckUtils]: 56: Hoare triple {9196#false} call sendEmail(~bob~0, ~rjh~0); {9196#false} is VALID [2022-02-20 17:59:59,522 INFO L290 TraceCheckUtils]: 57: Hoare triple {9196#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {9196#false} is VALID [2022-02-20 17:59:59,522 INFO L272 TraceCheckUtils]: 58: Hoare triple {9196#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {9276#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:59,522 INFO L290 TraceCheckUtils]: 59: Hoare triple {9276#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {9195#true} is VALID [2022-02-20 17:59:59,522 INFO L290 TraceCheckUtils]: 60: Hoare triple {9195#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9195#true} is VALID [2022-02-20 17:59:59,522 INFO L290 TraceCheckUtils]: 61: Hoare triple {9195#true} assume true; {9195#true} is VALID [2022-02-20 17:59:59,522 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {9195#true} {9196#false} #1221#return; {9196#false} is VALID [2022-02-20 17:59:59,522 INFO L272 TraceCheckUtils]: 63: Hoare triple {9196#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {9277#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:59,522 INFO L290 TraceCheckUtils]: 64: Hoare triple {9277#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {9195#true} is VALID [2022-02-20 17:59:59,522 INFO L290 TraceCheckUtils]: 65: Hoare triple {9195#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {9195#true} is VALID [2022-02-20 17:59:59,523 INFO L290 TraceCheckUtils]: 66: Hoare triple {9195#true} assume true; {9195#true} is VALID [2022-02-20 17:59:59,523 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {9195#true} {9196#false} #1223#return; {9196#false} is VALID [2022-02-20 17:59:59,523 INFO L290 TraceCheckUtils]: 68: Hoare triple {9196#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {9196#false} is VALID [2022-02-20 17:59:59,523 INFO L290 TraceCheckUtils]: 69: Hoare triple {9196#false} #t~ret65#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret65#1 && #t~ret65#1 <= 2147483647;~tmp~17#1 := #t~ret65#1;havoc #t~ret65#1;~email~0#1 := ~tmp~17#1; {9196#false} is VALID [2022-02-20 17:59:59,523 INFO L272 TraceCheckUtils]: 70: Hoare triple {9196#false} call outgoing(~sender#1, ~email~0#1); {9196#false} is VALID [2022-02-20 17:59:59,523 INFO L290 TraceCheckUtils]: 71: Hoare triple {9196#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret69#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~19#1; {9196#false} is VALID [2022-02-20 17:59:59,523 INFO L272 TraceCheckUtils]: 72: Hoare triple {9196#false} call sign_#t~ret69#1 := getClientPrivateKey(sign_~client#1); {9195#true} is VALID [2022-02-20 17:59:59,523 INFO L290 TraceCheckUtils]: 73: Hoare triple {9195#true} ~handle := #in~handle;havoc ~retValue_acc~11; {9195#true} is VALID [2022-02-20 17:59:59,523 INFO L290 TraceCheckUtils]: 74: Hoare triple {9195#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {9195#true} is VALID [2022-02-20 17:59:59,523 INFO L290 TraceCheckUtils]: 75: Hoare triple {9195#true} assume true; {9195#true} is VALID [2022-02-20 17:59:59,523 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {9195#true} {9196#false} #1201#return; {9196#false} is VALID [2022-02-20 17:59:59,523 INFO L290 TraceCheckUtils]: 77: Hoare triple {9196#false} assume -2147483648 <= sign_#t~ret69#1 && sign_#t~ret69#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret69#1;havoc sign_#t~ret69#1;sign_~privkey~1#1 := sign_~tmp~19#1; {9196#false} is VALID [2022-02-20 17:59:59,523 INFO L290 TraceCheckUtils]: 78: Hoare triple {9196#false} assume 0 == sign_~privkey~1#1; {9196#false} is VALID [2022-02-20 17:59:59,523 INFO L290 TraceCheckUtils]: 79: Hoare triple {9196#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret52#1, outgoing__wrappee__AddressBook_#t~ret53#1, outgoing__wrappee__AddressBook_#t~ret54#1, outgoing__wrappee__AddressBook_#t~ret55#1, outgoing__wrappee__AddressBook_#t~ret56#1, outgoing__wrappee__AddressBook_#t~ret57#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~13#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~6#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~13#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~6#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {9196#false} is VALID [2022-02-20 17:59:59,523 INFO L272 TraceCheckUtils]: 80: Hoare triple {9196#false} call outgoing__wrappee__AddressBook_#t~ret52#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {9195#true} is VALID [2022-02-20 17:59:59,523 INFO L290 TraceCheckUtils]: 81: Hoare triple {9195#true} ~handle := #in~handle;havoc ~retValue_acc~5; {9195#true} is VALID [2022-02-20 17:59:59,524 INFO L290 TraceCheckUtils]: 82: Hoare triple {9195#true} assume 1 == ~handle;~retValue_acc~5 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~5; {9195#true} is VALID [2022-02-20 17:59:59,524 INFO L290 TraceCheckUtils]: 83: Hoare triple {9195#true} assume true; {9195#true} is VALID [2022-02-20 17:59:59,524 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {9195#true} {9196#false} #1203#return; {9196#false} is VALID [2022-02-20 17:59:59,524 INFO L290 TraceCheckUtils]: 85: Hoare triple {9196#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret52#1 && outgoing__wrappee__AddressBook_#t~ret52#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~13#1 := outgoing__wrappee__AddressBook_#t~ret52#1;havoc outgoing__wrappee__AddressBook_#t~ret52#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~13#1; {9196#false} is VALID [2022-02-20 17:59:59,524 INFO L290 TraceCheckUtils]: 86: Hoare triple {9196#false} assume 0 != outgoing__wrappee__AddressBook_~size~2#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {9196#false} is VALID [2022-02-20 17:59:59,524 INFO L290 TraceCheckUtils]: 87: Hoare triple {9196#false} assume { :end_inline_sendToAddressBook } true;call outgoing__wrappee__AddressBook_#t~ret53#1 := puts(22, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret53#1 && outgoing__wrappee__AddressBook_#t~ret53#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret53#1; {9196#false} is VALID [2022-02-20 17:59:59,524 INFO L272 TraceCheckUtils]: 88: Hoare triple {9196#false} call outgoing__wrappee__AddressBook_#t~ret54#1 := getEmailTo(outgoing__wrappee__AddressBook_~msg#1); {9195#true} is VALID [2022-02-20 17:59:59,524 INFO L290 TraceCheckUtils]: 89: Hoare triple {9195#true} ~handle := #in~handle;havoc ~retValue_acc~36; {9195#true} is VALID [2022-02-20 17:59:59,524 INFO L290 TraceCheckUtils]: 90: Hoare triple {9195#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {9195#true} is VALID [2022-02-20 17:59:59,524 INFO L290 TraceCheckUtils]: 91: Hoare triple {9195#true} assume true; {9195#true} is VALID [2022-02-20 17:59:59,524 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {9195#true} {9196#false} #1205#return; {9196#false} is VALID [2022-02-20 17:59:59,524 INFO L290 TraceCheckUtils]: 93: Hoare triple {9196#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret54#1 && outgoing__wrappee__AddressBook_#t~ret54#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___0~6#1 := outgoing__wrappee__AddressBook_#t~ret54#1;havoc outgoing__wrappee__AddressBook_#t~ret54#1;outgoing__wrappee__AddressBook_~receiver~1#1 := outgoing__wrappee__AddressBook_~tmp___0~6#1;call outgoing__wrappee__AddressBook_#t~ret55#1 := puts(23, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret55#1 && outgoing__wrappee__AddressBook_#t~ret55#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret55#1; {9196#false} is VALID [2022-02-20 17:59:59,524 INFO L272 TraceCheckUtils]: 94: Hoare triple {9196#false} call outgoing__wrappee__AddressBook_#t~ret56#1 := getClientAddressBookAddress(outgoing__wrappee__AddressBook_~client#1, 1); {9195#true} is VALID [2022-02-20 17:59:59,524 INFO L290 TraceCheckUtils]: 95: Hoare triple {9195#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~9; {9195#true} is VALID [2022-02-20 17:59:59,524 INFO L290 TraceCheckUtils]: 96: Hoare triple {9195#true} assume 1 == ~handle; {9195#true} is VALID [2022-02-20 17:59:59,524 INFO L290 TraceCheckUtils]: 97: Hoare triple {9195#true} assume 0 == ~index;~retValue_acc~9 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~9; {9195#true} is VALID [2022-02-20 17:59:59,525 INFO L290 TraceCheckUtils]: 98: Hoare triple {9195#true} assume true; {9195#true} is VALID [2022-02-20 17:59:59,525 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {9195#true} {9196#false} #1207#return; {9196#false} is VALID [2022-02-20 17:59:59,525 INFO L290 TraceCheckUtils]: 100: Hoare triple {9196#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret56#1 && outgoing__wrappee__AddressBook_#t~ret56#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___1~2#1 := outgoing__wrappee__AddressBook_#t~ret56#1;havoc outgoing__wrappee__AddressBook_#t~ret56#1;outgoing__wrappee__AddressBook_~second~0#1 := outgoing__wrappee__AddressBook_~tmp___1~2#1; {9196#false} is VALID [2022-02-20 17:59:59,525 INFO L272 TraceCheckUtils]: 101: Hoare triple {9196#false} call setEmailTo(outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~second~0#1); {9277#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:59,525 INFO L290 TraceCheckUtils]: 102: Hoare triple {9277#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {9195#true} is VALID [2022-02-20 17:59:59,525 INFO L290 TraceCheckUtils]: 103: Hoare triple {9195#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {9195#true} is VALID [2022-02-20 17:59:59,525 INFO L290 TraceCheckUtils]: 104: Hoare triple {9195#true} assume true; {9195#true} is VALID [2022-02-20 17:59:59,525 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {9195#true} {9196#false} #1209#return; {9196#false} is VALID [2022-02-20 17:59:59,525 INFO L272 TraceCheckUtils]: 106: Hoare triple {9196#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {9196#false} is VALID [2022-02-20 17:59:59,525 INFO L290 TraceCheckUtils]: 107: Hoare triple {9196#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~12#1;havoc ~pubkey~0#1;havoc ~tmp___0~5#1; {9196#false} is VALID [2022-02-20 17:59:59,525 INFO L272 TraceCheckUtils]: 108: Hoare triple {9196#false} call #t~ret50#1 := getEmailTo(~msg#1); {9195#true} is VALID [2022-02-20 17:59:59,525 INFO L290 TraceCheckUtils]: 109: Hoare triple {9195#true} ~handle := #in~handle;havoc ~retValue_acc~36; {9195#true} is VALID [2022-02-20 17:59:59,525 INFO L290 TraceCheckUtils]: 110: Hoare triple {9195#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {9195#true} is VALID [2022-02-20 17:59:59,525 INFO L290 TraceCheckUtils]: 111: Hoare triple {9195#true} assume true; {9195#true} is VALID [2022-02-20 17:59:59,525 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {9195#true} {9196#false} #1235#return; {9196#false} is VALID [2022-02-20 17:59:59,526 INFO L290 TraceCheckUtils]: 113: Hoare triple {9196#false} assume -2147483648 <= #t~ret50#1 && #t~ret50#1 <= 2147483647;~tmp~12#1 := #t~ret50#1;havoc #t~ret50#1;~receiver~0#1 := ~tmp~12#1; {9196#false} is VALID [2022-02-20 17:59:59,526 INFO L272 TraceCheckUtils]: 114: Hoare triple {9196#false} call #t~ret51#1 := findPublicKey(~client#1, ~receiver~0#1); {9195#true} is VALID [2022-02-20 17:59:59,526 INFO L290 TraceCheckUtils]: 115: Hoare triple {9195#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~16; {9195#true} is VALID [2022-02-20 17:59:59,526 INFO L290 TraceCheckUtils]: 116: Hoare triple {9195#true} assume 1 == ~handle; {9195#true} is VALID [2022-02-20 17:59:59,526 INFO L290 TraceCheckUtils]: 117: Hoare triple {9195#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~16 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~16; {9195#true} is VALID [2022-02-20 17:59:59,526 INFO L290 TraceCheckUtils]: 118: Hoare triple {9195#true} assume true; {9195#true} is VALID [2022-02-20 17:59:59,526 INFO L284 TraceCheckUtils]: 119: Hoare quadruple {9195#true} {9196#false} #1237#return; {9196#false} is VALID [2022-02-20 17:59:59,526 INFO L290 TraceCheckUtils]: 120: Hoare triple {9196#false} assume -2147483648 <= #t~ret51#1 && #t~ret51#1 <= 2147483647;~tmp___0~5#1 := #t~ret51#1;havoc #t~ret51#1;~pubkey~0#1 := ~tmp___0~5#1; {9196#false} is VALID [2022-02-20 17:59:59,526 INFO L290 TraceCheckUtils]: 121: Hoare triple {9196#false} assume !(0 != ~pubkey~0#1); {9196#false} is VALID [2022-02-20 17:59:59,526 INFO L290 TraceCheckUtils]: 122: Hoare triple {9196#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret49#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~11#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~11#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~18#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~18#1; {9196#false} is VALID [2022-02-20 17:59:59,526 INFO L290 TraceCheckUtils]: 123: Hoare triple {9196#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~18#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~18#1; {9196#false} is VALID [2022-02-20 17:59:59,526 INFO L290 TraceCheckUtils]: 124: Hoare triple {9196#false} outgoing__wrappee__Keys_#t~ret49#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret49#1 && outgoing__wrappee__Keys_#t~ret49#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~11#1 := outgoing__wrappee__Keys_#t~ret49#1;havoc outgoing__wrappee__Keys_#t~ret49#1; {9196#false} is VALID [2022-02-20 17:59:59,526 INFO L272 TraceCheckUtils]: 125: Hoare triple {9196#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~11#1); {9276#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:59,526 INFO L290 TraceCheckUtils]: 126: Hoare triple {9276#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {9195#true} is VALID [2022-02-20 17:59:59,526 INFO L290 TraceCheckUtils]: 127: Hoare triple {9195#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9195#true} is VALID [2022-02-20 17:59:59,526 INFO L290 TraceCheckUtils]: 128: Hoare triple {9195#true} assume true; {9195#true} is VALID [2022-02-20 17:59:59,526 INFO L284 TraceCheckUtils]: 129: Hoare quadruple {9195#true} {9196#false} #1243#return; {9196#false} is VALID [2022-02-20 17:59:59,527 INFO L290 TraceCheckUtils]: 130: Hoare triple {9196#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret47#1, mail_#t~ret48#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~10#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~10#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret76#1, __utac_acc__SignForward_spec__1_#t~ret77#1, __utac_acc__SignForward_spec__1_#t~ret78#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~21#1, __utac_acc__SignForward_spec__1_~tmp___0~9#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~21#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~9#1;call __utac_acc__SignForward_spec__1_#t~ret76#1 := puts(27, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret76#1 && __utac_acc__SignForward_spec__1_#t~ret76#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret76#1; {9196#false} is VALID [2022-02-20 17:59:59,527 INFO L272 TraceCheckUtils]: 131: Hoare triple {9196#false} call __utac_acc__SignForward_spec__1_#t~ret77#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {9195#true} is VALID [2022-02-20 17:59:59,527 INFO L290 TraceCheckUtils]: 132: Hoare triple {9195#true} ~handle := #in~handle;havoc ~retValue_acc~41; {9195#true} is VALID [2022-02-20 17:59:59,527 INFO L290 TraceCheckUtils]: 133: Hoare triple {9195#true} assume 1 == ~handle;~retValue_acc~41 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~41; {9195#true} is VALID [2022-02-20 17:59:59,527 INFO L290 TraceCheckUtils]: 134: Hoare triple {9195#true} assume true; {9195#true} is VALID [2022-02-20 17:59:59,527 INFO L284 TraceCheckUtils]: 135: Hoare quadruple {9195#true} {9196#false} #1245#return; {9196#false} is VALID [2022-02-20 17:59:59,527 INFO L290 TraceCheckUtils]: 136: Hoare triple {9196#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret77#1 && __utac_acc__SignForward_spec__1_#t~ret77#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~9#1 := __utac_acc__SignForward_spec__1_#t~ret77#1;havoc __utac_acc__SignForward_spec__1_#t~ret77#1; {9196#false} is VALID [2022-02-20 17:59:59,527 INFO L290 TraceCheckUtils]: 137: Hoare triple {9196#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~9#1; {9196#false} is VALID [2022-02-20 17:59:59,527 INFO L272 TraceCheckUtils]: 138: Hoare triple {9196#false} call __utac_acc__SignForward_spec__1_#t~ret78#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {9195#true} is VALID [2022-02-20 17:59:59,527 INFO L290 TraceCheckUtils]: 139: Hoare triple {9195#true} ~handle := #in~handle;havoc ~retValue_acc~11; {9195#true} is VALID [2022-02-20 17:59:59,527 INFO L290 TraceCheckUtils]: 140: Hoare triple {9195#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {9195#true} is VALID [2022-02-20 17:59:59,527 INFO L290 TraceCheckUtils]: 141: Hoare triple {9195#true} assume true; {9195#true} is VALID [2022-02-20 17:59:59,527 INFO L284 TraceCheckUtils]: 142: Hoare quadruple {9195#true} {9196#false} #1247#return; {9196#false} is VALID [2022-02-20 17:59:59,527 INFO L290 TraceCheckUtils]: 143: Hoare triple {9196#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret78#1 && __utac_acc__SignForward_spec__1_#t~ret78#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~21#1 := __utac_acc__SignForward_spec__1_#t~ret78#1;havoc __utac_acc__SignForward_spec__1_#t~ret78#1; {9196#false} is VALID [2022-02-20 17:59:59,527 INFO L290 TraceCheckUtils]: 144: Hoare triple {9196#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~21#1;assume { :begin_inline___automaton_fail } true; {9196#false} is VALID [2022-02-20 17:59:59,527 INFO L290 TraceCheckUtils]: 145: Hoare triple {9196#false} assume !false; {9196#false} is VALID [2022-02-20 17:59:59,528 INFO L134 CoverageAnalysis]: Checked inductivity of 42 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 36 trivial. 0 not checked. [2022-02-20 17:59:59,528 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:59,528 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1699035926] [2022-02-20 17:59:59,528 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1699035926] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:59:59,528 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1136966967] [2022-02-20 17:59:59,528 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:59,528 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:59,529 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:59:59,529 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:59:59,530 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2022-02-20 17:59:59,740 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:59,744 INFO L263 TraceCheckSpWp]: Trace formula consists of 1268 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 17:59:59,798 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:59,800 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:00:00,151 INFO L290 TraceCheckUtils]: 0: Hoare triple {9195#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(13, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(34, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(20, 25);call #Ultimate.allocInit(22, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {9195#true} is VALID [2022-02-20 18:00:00,151 INFO L290 TraceCheckUtils]: 1: Hoare triple {9195#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret15#1, main_~retValue_acc~19#1, main_~tmp~3#1;havoc main_~retValue_acc~19#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {9195#true} is VALID [2022-02-20 18:00:00,151 INFO L290 TraceCheckUtils]: 2: Hoare triple {9195#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {9195#true} is VALID [2022-02-20 18:00:00,152 INFO L290 TraceCheckUtils]: 3: Hoare triple {9195#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {9195#true} is VALID [2022-02-20 18:00:00,152 INFO L290 TraceCheckUtils]: 4: Hoare triple {9195#true} main_#t~ret15#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret15#1 && main_#t~ret15#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret15#1;havoc main_#t~ret15#1; {9195#true} is VALID [2022-02-20 18:00:00,152 INFO L290 TraceCheckUtils]: 5: Hoare triple {9195#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet12#1, setup_#t~nondet13#1, setup_#t~nondet14#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {9195#true} is VALID [2022-02-20 18:00:00,152 INFO L272 TraceCheckUtils]: 6: Hoare triple {9195#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {9195#true} is VALID [2022-02-20 18:00:00,152 INFO L290 TraceCheckUtils]: 7: Hoare triple {9195#true} ~handle := #in~handle;~value := #in~value; {9195#true} is VALID [2022-02-20 18:00:00,152 INFO L290 TraceCheckUtils]: 8: Hoare triple {9195#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9195#true} is VALID [2022-02-20 18:00:00,152 INFO L290 TraceCheckUtils]: 9: Hoare triple {9195#true} assume true; {9195#true} is VALID [2022-02-20 18:00:00,152 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {9195#true} {9195#true} #1279#return; {9195#true} is VALID [2022-02-20 18:00:00,152 INFO L290 TraceCheckUtils]: 11: Hoare triple {9195#true} assume { :end_inline_setup_bob__wrappee__Base } true; {9195#true} is VALID [2022-02-20 18:00:00,152 INFO L272 TraceCheckUtils]: 12: Hoare triple {9195#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {9195#true} is VALID [2022-02-20 18:00:00,152 INFO L290 TraceCheckUtils]: 13: Hoare triple {9195#true} ~handle := #in~handle;~value := #in~value; {9195#true} is VALID [2022-02-20 18:00:00,152 INFO L290 TraceCheckUtils]: 14: Hoare triple {9195#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9195#true} is VALID [2022-02-20 18:00:00,152 INFO L290 TraceCheckUtils]: 15: Hoare triple {9195#true} assume true; {9195#true} is VALID [2022-02-20 18:00:00,152 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {9195#true} {9195#true} #1281#return; {9195#true} is VALID [2022-02-20 18:00:00,153 INFO L290 TraceCheckUtils]: 17: Hoare triple {9195#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet12#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {9332#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 18:00:00,153 INFO L272 TraceCheckUtils]: 18: Hoare triple {9332#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {9195#true} is VALID [2022-02-20 18:00:00,153 INFO L290 TraceCheckUtils]: 19: Hoare triple {9195#true} ~handle := #in~handle;~value := #in~value; {9339#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID [2022-02-20 18:00:00,154 INFO L290 TraceCheckUtils]: 20: Hoare triple {9339#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9343#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:00,154 INFO L290 TraceCheckUtils]: 21: Hoare triple {9343#(<= |setClientId_#in~handle| 1)} assume true; {9343#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:00,154 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {9343#(<= |setClientId_#in~handle| 1)} {9332#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1283#return; {9196#false} is VALID [2022-02-20 18:00:00,155 INFO L290 TraceCheckUtils]: 23: Hoare triple {9196#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {9196#false} is VALID [2022-02-20 18:00:00,155 INFO L272 TraceCheckUtils]: 24: Hoare triple {9196#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {9196#false} is VALID [2022-02-20 18:00:00,155 INFO L290 TraceCheckUtils]: 25: Hoare triple {9196#false} ~handle := #in~handle;~value := #in~value; {9196#false} is VALID [2022-02-20 18:00:00,155 INFO L290 TraceCheckUtils]: 26: Hoare triple {9196#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9196#false} is VALID [2022-02-20 18:00:00,155 INFO L290 TraceCheckUtils]: 27: Hoare triple {9196#false} assume true; {9196#false} is VALID [2022-02-20 18:00:00,155 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {9196#false} {9196#false} #1285#return; {9196#false} is VALID [2022-02-20 18:00:00,155 INFO L290 TraceCheckUtils]: 29: Hoare triple {9196#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet13#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {9196#false} is VALID [2022-02-20 18:00:00,155 INFO L272 TraceCheckUtils]: 30: Hoare triple {9196#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {9196#false} is VALID [2022-02-20 18:00:00,155 INFO L290 TraceCheckUtils]: 31: Hoare triple {9196#false} ~handle := #in~handle;~value := #in~value; {9196#false} is VALID [2022-02-20 18:00:00,155 INFO L290 TraceCheckUtils]: 32: Hoare triple {9196#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9196#false} is VALID [2022-02-20 18:00:00,155 INFO L290 TraceCheckUtils]: 33: Hoare triple {9196#false} assume true; {9196#false} is VALID [2022-02-20 18:00:00,155 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {9196#false} {9196#false} #1287#return; {9196#false} is VALID [2022-02-20 18:00:00,155 INFO L290 TraceCheckUtils]: 35: Hoare triple {9196#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {9196#false} is VALID [2022-02-20 18:00:00,155 INFO L272 TraceCheckUtils]: 36: Hoare triple {9196#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {9196#false} is VALID [2022-02-20 18:00:00,155 INFO L290 TraceCheckUtils]: 37: Hoare triple {9196#false} ~handle := #in~handle;~value := #in~value; {9196#false} is VALID [2022-02-20 18:00:00,155 INFO L290 TraceCheckUtils]: 38: Hoare triple {9196#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9196#false} is VALID [2022-02-20 18:00:00,156 INFO L290 TraceCheckUtils]: 39: Hoare triple {9196#false} assume true; {9196#false} is VALID [2022-02-20 18:00:00,156 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {9196#false} {9196#false} #1289#return; {9196#false} is VALID [2022-02-20 18:00:00,156 INFO L290 TraceCheckUtils]: 41: Hoare triple {9196#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 8, 0;havoc setup_#t~nondet14#1; {9196#false} is VALID [2022-02-20 18:00:00,156 INFO L290 TraceCheckUtils]: 42: Hoare triple {9196#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_#t~nondet107#1, test_#t~nondet108#1, test_#t~nondet109#1, test_#t~nondet110#1, test_#t~nondet111#1, test_#t~nondet112#1, test_#t~nondet113#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~25#1, test_~tmp___0~10#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~25#1;havoc test_~tmp___0~10#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {9196#false} is VALID [2022-02-20 18:00:00,156 INFO L290 TraceCheckUtils]: 43: Hoare triple {9196#false} assume !false; {9196#false} is VALID [2022-02-20 18:00:00,156 INFO L290 TraceCheckUtils]: 44: Hoare triple {9196#false} assume test_~splverifierCounter~0#1 < 4; {9196#false} is VALID [2022-02-20 18:00:00,156 INFO L290 TraceCheckUtils]: 45: Hoare triple {9196#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {9196#false} is VALID [2022-02-20 18:00:00,156 INFO L290 TraceCheckUtils]: 46: Hoare triple {9196#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet103#1 && test_#t~nondet103#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet103#1;havoc test_#t~nondet103#1; {9196#false} is VALID [2022-02-20 18:00:00,156 INFO L290 TraceCheckUtils]: 47: Hoare triple {9196#false} assume !(0 != test_~tmp___9~0#1); {9196#false} is VALID [2022-02-20 18:00:00,156 INFO L290 TraceCheckUtils]: 48: Hoare triple {9196#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet104#1 && test_#t~nondet104#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet104#1;havoc test_#t~nondet104#1; {9196#false} is VALID [2022-02-20 18:00:00,156 INFO L290 TraceCheckUtils]: 49: Hoare triple {9196#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {9196#false} is VALID [2022-02-20 18:00:00,156 INFO L290 TraceCheckUtils]: 50: Hoare triple {9196#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {9196#false} is VALID [2022-02-20 18:00:00,156 INFO L290 TraceCheckUtils]: 51: Hoare triple {9196#false} assume { :end_inline_setClientAutoResponse } true; {9196#false} is VALID [2022-02-20 18:00:00,156 INFO L290 TraceCheckUtils]: 52: Hoare triple {9196#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {9196#false} is VALID [2022-02-20 18:00:00,156 INFO L290 TraceCheckUtils]: 53: Hoare triple {9196#false} assume !false; {9196#false} is VALID [2022-02-20 18:00:00,156 INFO L290 TraceCheckUtils]: 54: Hoare triple {9196#false} assume !(test_~splverifierCounter~0#1 < 4); {9196#false} is VALID [2022-02-20 18:00:00,157 INFO L290 TraceCheckUtils]: 55: Hoare triple {9196#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_#t~ret10#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret7#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret7#1 && bobToRjh_#t~ret7#1 <= 2147483647;havoc bobToRjh_#t~ret7#1; {9196#false} is VALID [2022-02-20 18:00:00,157 INFO L272 TraceCheckUtils]: 56: Hoare triple {9196#false} call sendEmail(~bob~0, ~rjh~0); {9196#false} is VALID [2022-02-20 18:00:00,157 INFO L290 TraceCheckUtils]: 57: Hoare triple {9196#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {9196#false} is VALID [2022-02-20 18:00:00,157 INFO L272 TraceCheckUtils]: 58: Hoare triple {9196#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {9196#false} is VALID [2022-02-20 18:00:00,157 INFO L290 TraceCheckUtils]: 59: Hoare triple {9196#false} ~handle := #in~handle;~value := #in~value; {9196#false} is VALID [2022-02-20 18:00:00,157 INFO L290 TraceCheckUtils]: 60: Hoare triple {9196#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9196#false} is VALID [2022-02-20 18:00:00,157 INFO L290 TraceCheckUtils]: 61: Hoare triple {9196#false} assume true; {9196#false} is VALID [2022-02-20 18:00:00,157 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {9196#false} {9196#false} #1221#return; {9196#false} is VALID [2022-02-20 18:00:00,157 INFO L272 TraceCheckUtils]: 63: Hoare triple {9196#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {9196#false} is VALID [2022-02-20 18:00:00,157 INFO L290 TraceCheckUtils]: 64: Hoare triple {9196#false} ~handle := #in~handle;~value := #in~value; {9196#false} is VALID [2022-02-20 18:00:00,157 INFO L290 TraceCheckUtils]: 65: Hoare triple {9196#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {9196#false} is VALID [2022-02-20 18:00:00,157 INFO L290 TraceCheckUtils]: 66: Hoare triple {9196#false} assume true; {9196#false} is VALID [2022-02-20 18:00:00,157 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {9196#false} {9196#false} #1223#return; {9196#false} is VALID [2022-02-20 18:00:00,157 INFO L290 TraceCheckUtils]: 68: Hoare triple {9196#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {9196#false} is VALID [2022-02-20 18:00:00,157 INFO L290 TraceCheckUtils]: 69: Hoare triple {9196#false} #t~ret65#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret65#1 && #t~ret65#1 <= 2147483647;~tmp~17#1 := #t~ret65#1;havoc #t~ret65#1;~email~0#1 := ~tmp~17#1; {9196#false} is VALID [2022-02-20 18:00:00,157 INFO L272 TraceCheckUtils]: 70: Hoare triple {9196#false} call outgoing(~sender#1, ~email~0#1); {9196#false} is VALID [2022-02-20 18:00:00,158 INFO L290 TraceCheckUtils]: 71: Hoare triple {9196#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret69#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~19#1; {9196#false} is VALID [2022-02-20 18:00:00,158 INFO L272 TraceCheckUtils]: 72: Hoare triple {9196#false} call sign_#t~ret69#1 := getClientPrivateKey(sign_~client#1); {9196#false} is VALID [2022-02-20 18:00:00,158 INFO L290 TraceCheckUtils]: 73: Hoare triple {9196#false} ~handle := #in~handle;havoc ~retValue_acc~11; {9196#false} is VALID [2022-02-20 18:00:00,158 INFO L290 TraceCheckUtils]: 74: Hoare triple {9196#false} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {9196#false} is VALID [2022-02-20 18:00:00,158 INFO L290 TraceCheckUtils]: 75: Hoare triple {9196#false} assume true; {9196#false} is VALID [2022-02-20 18:00:00,158 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {9196#false} {9196#false} #1201#return; {9196#false} is VALID [2022-02-20 18:00:00,158 INFO L290 TraceCheckUtils]: 77: Hoare triple {9196#false} assume -2147483648 <= sign_#t~ret69#1 && sign_#t~ret69#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret69#1;havoc sign_#t~ret69#1;sign_~privkey~1#1 := sign_~tmp~19#1; {9196#false} is VALID [2022-02-20 18:00:00,158 INFO L290 TraceCheckUtils]: 78: Hoare triple {9196#false} assume 0 == sign_~privkey~1#1; {9196#false} is VALID [2022-02-20 18:00:00,158 INFO L290 TraceCheckUtils]: 79: Hoare triple {9196#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret52#1, outgoing__wrappee__AddressBook_#t~ret53#1, outgoing__wrappee__AddressBook_#t~ret54#1, outgoing__wrappee__AddressBook_#t~ret55#1, outgoing__wrappee__AddressBook_#t~ret56#1, outgoing__wrappee__AddressBook_#t~ret57#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~13#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~6#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~13#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~6#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {9196#false} is VALID [2022-02-20 18:00:00,158 INFO L272 TraceCheckUtils]: 80: Hoare triple {9196#false} call outgoing__wrappee__AddressBook_#t~ret52#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {9196#false} is VALID [2022-02-20 18:00:00,158 INFO L290 TraceCheckUtils]: 81: Hoare triple {9196#false} ~handle := #in~handle;havoc ~retValue_acc~5; {9196#false} is VALID [2022-02-20 18:00:00,158 INFO L290 TraceCheckUtils]: 82: Hoare triple {9196#false} assume 1 == ~handle;~retValue_acc~5 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~5; {9196#false} is VALID [2022-02-20 18:00:00,158 INFO L290 TraceCheckUtils]: 83: Hoare triple {9196#false} assume true; {9196#false} is VALID [2022-02-20 18:00:00,158 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {9196#false} {9196#false} #1203#return; {9196#false} is VALID [2022-02-20 18:00:00,158 INFO L290 TraceCheckUtils]: 85: Hoare triple {9196#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret52#1 && outgoing__wrappee__AddressBook_#t~ret52#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~13#1 := outgoing__wrappee__AddressBook_#t~ret52#1;havoc outgoing__wrappee__AddressBook_#t~ret52#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~13#1; {9196#false} is VALID [2022-02-20 18:00:00,158 INFO L290 TraceCheckUtils]: 86: Hoare triple {9196#false} assume 0 != outgoing__wrappee__AddressBook_~size~2#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {9196#false} is VALID [2022-02-20 18:00:00,159 INFO L290 TraceCheckUtils]: 87: Hoare triple {9196#false} assume { :end_inline_sendToAddressBook } true;call outgoing__wrappee__AddressBook_#t~ret53#1 := puts(22, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret53#1 && outgoing__wrappee__AddressBook_#t~ret53#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret53#1; {9196#false} is VALID [2022-02-20 18:00:00,159 INFO L272 TraceCheckUtils]: 88: Hoare triple {9196#false} call outgoing__wrappee__AddressBook_#t~ret54#1 := getEmailTo(outgoing__wrappee__AddressBook_~msg#1); {9196#false} is VALID [2022-02-20 18:00:00,159 INFO L290 TraceCheckUtils]: 89: Hoare triple {9196#false} ~handle := #in~handle;havoc ~retValue_acc~36; {9196#false} is VALID [2022-02-20 18:00:00,159 INFO L290 TraceCheckUtils]: 90: Hoare triple {9196#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {9196#false} is VALID [2022-02-20 18:00:00,159 INFO L290 TraceCheckUtils]: 91: Hoare triple {9196#false} assume true; {9196#false} is VALID [2022-02-20 18:00:00,159 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {9196#false} {9196#false} #1205#return; {9196#false} is VALID [2022-02-20 18:00:00,159 INFO L290 TraceCheckUtils]: 93: Hoare triple {9196#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret54#1 && outgoing__wrappee__AddressBook_#t~ret54#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___0~6#1 := outgoing__wrappee__AddressBook_#t~ret54#1;havoc outgoing__wrappee__AddressBook_#t~ret54#1;outgoing__wrappee__AddressBook_~receiver~1#1 := outgoing__wrappee__AddressBook_~tmp___0~6#1;call outgoing__wrappee__AddressBook_#t~ret55#1 := puts(23, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret55#1 && outgoing__wrappee__AddressBook_#t~ret55#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret55#1; {9196#false} is VALID [2022-02-20 18:00:00,159 INFO L272 TraceCheckUtils]: 94: Hoare triple {9196#false} call outgoing__wrappee__AddressBook_#t~ret56#1 := getClientAddressBookAddress(outgoing__wrappee__AddressBook_~client#1, 1); {9196#false} is VALID [2022-02-20 18:00:00,159 INFO L290 TraceCheckUtils]: 95: Hoare triple {9196#false} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~9; {9196#false} is VALID [2022-02-20 18:00:00,159 INFO L290 TraceCheckUtils]: 96: Hoare triple {9196#false} assume 1 == ~handle; {9196#false} is VALID [2022-02-20 18:00:00,159 INFO L290 TraceCheckUtils]: 97: Hoare triple {9196#false} assume 0 == ~index;~retValue_acc~9 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~9; {9196#false} is VALID [2022-02-20 18:00:00,159 INFO L290 TraceCheckUtils]: 98: Hoare triple {9196#false} assume true; {9196#false} is VALID [2022-02-20 18:00:00,159 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {9196#false} {9196#false} #1207#return; {9196#false} is VALID [2022-02-20 18:00:00,159 INFO L290 TraceCheckUtils]: 100: Hoare triple {9196#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret56#1 && outgoing__wrappee__AddressBook_#t~ret56#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___1~2#1 := outgoing__wrappee__AddressBook_#t~ret56#1;havoc outgoing__wrappee__AddressBook_#t~ret56#1;outgoing__wrappee__AddressBook_~second~0#1 := outgoing__wrappee__AddressBook_~tmp___1~2#1; {9196#false} is VALID [2022-02-20 18:00:00,159 INFO L272 TraceCheckUtils]: 101: Hoare triple {9196#false} call setEmailTo(outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~second~0#1); {9196#false} is VALID [2022-02-20 18:00:00,159 INFO L290 TraceCheckUtils]: 102: Hoare triple {9196#false} ~handle := #in~handle;~value := #in~value; {9196#false} is VALID [2022-02-20 18:00:00,160 INFO L290 TraceCheckUtils]: 103: Hoare triple {9196#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {9196#false} is VALID [2022-02-20 18:00:00,160 INFO L290 TraceCheckUtils]: 104: Hoare triple {9196#false} assume true; {9196#false} is VALID [2022-02-20 18:00:00,160 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {9196#false} {9196#false} #1209#return; {9196#false} is VALID [2022-02-20 18:00:00,160 INFO L272 TraceCheckUtils]: 106: Hoare triple {9196#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {9196#false} is VALID [2022-02-20 18:00:00,160 INFO L290 TraceCheckUtils]: 107: Hoare triple {9196#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~12#1;havoc ~pubkey~0#1;havoc ~tmp___0~5#1; {9196#false} is VALID [2022-02-20 18:00:00,160 INFO L272 TraceCheckUtils]: 108: Hoare triple {9196#false} call #t~ret50#1 := getEmailTo(~msg#1); {9196#false} is VALID [2022-02-20 18:00:00,160 INFO L290 TraceCheckUtils]: 109: Hoare triple {9196#false} ~handle := #in~handle;havoc ~retValue_acc~36; {9196#false} is VALID [2022-02-20 18:00:00,160 INFO L290 TraceCheckUtils]: 110: Hoare triple {9196#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {9196#false} is VALID [2022-02-20 18:00:00,160 INFO L290 TraceCheckUtils]: 111: Hoare triple {9196#false} assume true; {9196#false} is VALID [2022-02-20 18:00:00,160 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {9196#false} {9196#false} #1235#return; {9196#false} is VALID [2022-02-20 18:00:00,160 INFO L290 TraceCheckUtils]: 113: Hoare triple {9196#false} assume -2147483648 <= #t~ret50#1 && #t~ret50#1 <= 2147483647;~tmp~12#1 := #t~ret50#1;havoc #t~ret50#1;~receiver~0#1 := ~tmp~12#1; {9196#false} is VALID [2022-02-20 18:00:00,160 INFO L272 TraceCheckUtils]: 114: Hoare triple {9196#false} call #t~ret51#1 := findPublicKey(~client#1, ~receiver~0#1); {9196#false} is VALID [2022-02-20 18:00:00,160 INFO L290 TraceCheckUtils]: 115: Hoare triple {9196#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~16; {9196#false} is VALID [2022-02-20 18:00:00,160 INFO L290 TraceCheckUtils]: 116: Hoare triple {9196#false} assume 1 == ~handle; {9196#false} is VALID [2022-02-20 18:00:00,160 INFO L290 TraceCheckUtils]: 117: Hoare triple {9196#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~16 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~16; {9196#false} is VALID [2022-02-20 18:00:00,160 INFO L290 TraceCheckUtils]: 118: Hoare triple {9196#false} assume true; {9196#false} is VALID [2022-02-20 18:00:00,161 INFO L284 TraceCheckUtils]: 119: Hoare quadruple {9196#false} {9196#false} #1237#return; {9196#false} is VALID [2022-02-20 18:00:00,161 INFO L290 TraceCheckUtils]: 120: Hoare triple {9196#false} assume -2147483648 <= #t~ret51#1 && #t~ret51#1 <= 2147483647;~tmp___0~5#1 := #t~ret51#1;havoc #t~ret51#1;~pubkey~0#1 := ~tmp___0~5#1; {9196#false} is VALID [2022-02-20 18:00:00,161 INFO L290 TraceCheckUtils]: 121: Hoare triple {9196#false} assume !(0 != ~pubkey~0#1); {9196#false} is VALID [2022-02-20 18:00:00,161 INFO L290 TraceCheckUtils]: 122: Hoare triple {9196#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret49#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~11#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~11#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~18#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~18#1; {9196#false} is VALID [2022-02-20 18:00:00,161 INFO L290 TraceCheckUtils]: 123: Hoare triple {9196#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~18#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~18#1; {9196#false} is VALID [2022-02-20 18:00:00,161 INFO L290 TraceCheckUtils]: 124: Hoare triple {9196#false} outgoing__wrappee__Keys_#t~ret49#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret49#1 && outgoing__wrappee__Keys_#t~ret49#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~11#1 := outgoing__wrappee__Keys_#t~ret49#1;havoc outgoing__wrappee__Keys_#t~ret49#1; {9196#false} is VALID [2022-02-20 18:00:00,161 INFO L272 TraceCheckUtils]: 125: Hoare triple {9196#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~11#1); {9196#false} is VALID [2022-02-20 18:00:00,161 INFO L290 TraceCheckUtils]: 126: Hoare triple {9196#false} ~handle := #in~handle;~value := #in~value; {9196#false} is VALID [2022-02-20 18:00:00,161 INFO L290 TraceCheckUtils]: 127: Hoare triple {9196#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9196#false} is VALID [2022-02-20 18:00:00,161 INFO L290 TraceCheckUtils]: 128: Hoare triple {9196#false} assume true; {9196#false} is VALID [2022-02-20 18:00:00,161 INFO L284 TraceCheckUtils]: 129: Hoare quadruple {9196#false} {9196#false} #1243#return; {9196#false} is VALID [2022-02-20 18:00:00,161 INFO L290 TraceCheckUtils]: 130: Hoare triple {9196#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret47#1, mail_#t~ret48#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~10#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~10#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret76#1, __utac_acc__SignForward_spec__1_#t~ret77#1, __utac_acc__SignForward_spec__1_#t~ret78#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~21#1, __utac_acc__SignForward_spec__1_~tmp___0~9#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~21#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~9#1;call __utac_acc__SignForward_spec__1_#t~ret76#1 := puts(27, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret76#1 && __utac_acc__SignForward_spec__1_#t~ret76#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret76#1; {9196#false} is VALID [2022-02-20 18:00:00,161 INFO L272 TraceCheckUtils]: 131: Hoare triple {9196#false} call __utac_acc__SignForward_spec__1_#t~ret77#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {9196#false} is VALID [2022-02-20 18:00:00,161 INFO L290 TraceCheckUtils]: 132: Hoare triple {9196#false} ~handle := #in~handle;havoc ~retValue_acc~41; {9196#false} is VALID [2022-02-20 18:00:00,161 INFO L290 TraceCheckUtils]: 133: Hoare triple {9196#false} assume 1 == ~handle;~retValue_acc~41 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~41; {9196#false} is VALID [2022-02-20 18:00:00,161 INFO L290 TraceCheckUtils]: 134: Hoare triple {9196#false} assume true; {9196#false} is VALID [2022-02-20 18:00:00,162 INFO L284 TraceCheckUtils]: 135: Hoare quadruple {9196#false} {9196#false} #1245#return; {9196#false} is VALID [2022-02-20 18:00:00,162 INFO L290 TraceCheckUtils]: 136: Hoare triple {9196#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret77#1 && __utac_acc__SignForward_spec__1_#t~ret77#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~9#1 := __utac_acc__SignForward_spec__1_#t~ret77#1;havoc __utac_acc__SignForward_spec__1_#t~ret77#1; {9196#false} is VALID [2022-02-20 18:00:00,162 INFO L290 TraceCheckUtils]: 137: Hoare triple {9196#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~9#1; {9196#false} is VALID [2022-02-20 18:00:00,162 INFO L272 TraceCheckUtils]: 138: Hoare triple {9196#false} call __utac_acc__SignForward_spec__1_#t~ret78#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {9196#false} is VALID [2022-02-20 18:00:00,162 INFO L290 TraceCheckUtils]: 139: Hoare triple {9196#false} ~handle := #in~handle;havoc ~retValue_acc~11; {9196#false} is VALID [2022-02-20 18:00:00,162 INFO L290 TraceCheckUtils]: 140: Hoare triple {9196#false} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {9196#false} is VALID [2022-02-20 18:00:00,162 INFO L290 TraceCheckUtils]: 141: Hoare triple {9196#false} assume true; {9196#false} is VALID [2022-02-20 18:00:00,162 INFO L284 TraceCheckUtils]: 142: Hoare quadruple {9196#false} {9196#false} #1247#return; {9196#false} is VALID [2022-02-20 18:00:00,162 INFO L290 TraceCheckUtils]: 143: Hoare triple {9196#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret78#1 && __utac_acc__SignForward_spec__1_#t~ret78#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~21#1 := __utac_acc__SignForward_spec__1_#t~ret78#1;havoc __utac_acc__SignForward_spec__1_#t~ret78#1; {9196#false} is VALID [2022-02-20 18:00:00,162 INFO L290 TraceCheckUtils]: 144: Hoare triple {9196#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~21#1;assume { :begin_inline___automaton_fail } true; {9196#false} is VALID [2022-02-20 18:00:00,162 INFO L290 TraceCheckUtils]: 145: Hoare triple {9196#false} assume !false; {9196#false} is VALID [2022-02-20 18:00:00,162 INFO L134 CoverageAnalysis]: Checked inductivity of 42 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 23 trivial. 0 not checked. [2022-02-20 18:00:00,163 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:00:00,163 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1136966967] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:00:00,163 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:00:00,163 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [9] total 12 [2022-02-20 18:00:00,163 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2032805872] [2022-02-20 18:00:00,163 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:00:00,164 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 22.75) internal successors, (91), 5 states have internal predecessors, (91), 3 states have call successors, (21), 2 states have call predecessors, (21), 3 states have return successors, (18), 2 states have call predecessors, (18), 3 states have call successors, (18) Word has length 146 [2022-02-20 18:00:00,164 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:00:00,164 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 4 states have (on average 22.75) internal successors, (91), 5 states have internal predecessors, (91), 3 states have call successors, (21), 2 states have call predecessors, (21), 3 states have return successors, (18), 2 states have call predecessors, (18), 3 states have call successors, (18) [2022-02-20 18:00:00,241 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 130 edges. 130 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:00,241 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:00:00,242 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:00:00,242 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:00:00,243 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=24, Invalid=108, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:00:00,243 INFO L87 Difference]: Start difference. First operand 487 states and 749 transitions. Second operand has 5 states, 4 states have (on average 22.75) internal successors, (91), 5 states have internal predecessors, (91), 3 states have call successors, (21), 2 states have call predecessors, (21), 3 states have return successors, (18), 2 states have call predecessors, (18), 3 states have call successors, (18) [2022-02-20 18:00:01,247 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:01,247 INFO L93 Difference]: Finished difference Result 965 states and 1488 transitions. [2022-02-20 18:00:01,247 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:00:01,247 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 22.75) internal successors, (91), 5 states have internal predecessors, (91), 3 states have call successors, (21), 2 states have call predecessors, (21), 3 states have return successors, (18), 2 states have call predecessors, (18), 3 states have call successors, (18) Word has length 146 [2022-02-20 18:00:01,248 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:00:01,248 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 22.75) internal successors, (91), 5 states have internal predecessors, (91), 3 states have call successors, (21), 2 states have call predecessors, (21), 3 states have return successors, (18), 2 states have call predecessors, (18), 3 states have call successors, (18) [2022-02-20 18:00:01,257 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1250 transitions. [2022-02-20 18:00:01,257 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 22.75) internal successors, (91), 5 states have internal predecessors, (91), 3 states have call successors, (21), 2 states have call predecessors, (21), 3 states have return successors, (18), 2 states have call predecessors, (18), 3 states have call successors, (18) [2022-02-20 18:00:01,265 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1250 transitions. [2022-02-20 18:00:01,266 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1250 transitions. [2022-02-20 18:00:02,000 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1250 edges. 1250 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:02,013 INFO L225 Difference]: With dead ends: 965 [2022-02-20 18:00:02,013 INFO L226 Difference]: Without dead ends: 489 [2022-02-20 18:00:02,017 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 186 GetRequests, 175 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=28, Invalid=128, Unknown=0, NotChecked=0, Total=156 [2022-02-20 18:00:02,018 INFO L933 BasicCegarLoop]: 621 mSDtfsCounter, 152 mSDsluCounter, 1689 mSDsCounter, 0 mSdLazyCounter, 34 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 175 SdHoareTripleChecker+Valid, 2310 SdHoareTripleChecker+Invalid, 34 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 34 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:00:02,019 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [175 Valid, 2310 Invalid, 34 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 34 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:00:02,020 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 489 states. [2022-02-20 18:00:02,089 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 489 to 489. [2022-02-20 18:00:02,089 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:00:02,090 INFO L82 GeneralOperation]: Start isEquivalent. First operand 489 states. Second operand has 489 states, 380 states have (on average 1.5605263157894738) internal successors, (593), 385 states have internal predecessors, (593), 79 states have call successors, (79), 28 states have call predecessors, (79), 29 states have return successors, (80), 77 states have call predecessors, (80), 78 states have call successors, (80) [2022-02-20 18:00:02,091 INFO L74 IsIncluded]: Start isIncluded. First operand 489 states. Second operand has 489 states, 380 states have (on average 1.5605263157894738) internal successors, (593), 385 states have internal predecessors, (593), 79 states have call successors, (79), 28 states have call predecessors, (79), 29 states have return successors, (80), 77 states have call predecessors, (80), 78 states have call successors, (80) [2022-02-20 18:00:02,092 INFO L87 Difference]: Start difference. First operand 489 states. Second operand has 489 states, 380 states have (on average 1.5605263157894738) internal successors, (593), 385 states have internal predecessors, (593), 79 states have call successors, (79), 28 states have call predecessors, (79), 29 states have return successors, (80), 77 states have call predecessors, (80), 78 states have call successors, (80) [2022-02-20 18:00:02,104 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:02,105 INFO L93 Difference]: Finished difference Result 489 states and 752 transitions. [2022-02-20 18:00:02,105 INFO L276 IsEmpty]: Start isEmpty. Operand 489 states and 752 transitions. [2022-02-20 18:00:02,106 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:02,106 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:02,107 INFO L74 IsIncluded]: Start isIncluded. First operand has 489 states, 380 states have (on average 1.5605263157894738) internal successors, (593), 385 states have internal predecessors, (593), 79 states have call successors, (79), 28 states have call predecessors, (79), 29 states have return successors, (80), 77 states have call predecessors, (80), 78 states have call successors, (80) Second operand 489 states. [2022-02-20 18:00:02,108 INFO L87 Difference]: Start difference. First operand has 489 states, 380 states have (on average 1.5605263157894738) internal successors, (593), 385 states have internal predecessors, (593), 79 states have call successors, (79), 28 states have call predecessors, (79), 29 states have return successors, (80), 77 states have call predecessors, (80), 78 states have call successors, (80) Second operand 489 states. [2022-02-20 18:00:02,124 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:02,124 INFO L93 Difference]: Finished difference Result 489 states and 752 transitions. [2022-02-20 18:00:02,124 INFO L276 IsEmpty]: Start isEmpty. Operand 489 states and 752 transitions. [2022-02-20 18:00:02,126 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:02,126 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:02,126 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:00:02,126 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:00:02,127 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 489 states, 380 states have (on average 1.5605263157894738) internal successors, (593), 385 states have internal predecessors, (593), 79 states have call successors, (79), 28 states have call predecessors, (79), 29 states have return successors, (80), 77 states have call predecessors, (80), 78 states have call successors, (80) [2022-02-20 18:00:02,142 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 489 states to 489 states and 752 transitions. [2022-02-20 18:00:02,143 INFO L78 Accepts]: Start accepts. Automaton has 489 states and 752 transitions. Word has length 146 [2022-02-20 18:00:02,143 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:00:02,143 INFO L470 AbstractCegarLoop]: Abstraction has 489 states and 752 transitions. [2022-02-20 18:00:02,143 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 22.75) internal successors, (91), 5 states have internal predecessors, (91), 3 states have call successors, (21), 2 states have call predecessors, (21), 3 states have return successors, (18), 2 states have call predecessors, (18), 3 states have call successors, (18) [2022-02-20 18:00:02,143 INFO L276 IsEmpty]: Start isEmpty. Operand 489 states and 752 transitions. [2022-02-20 18:00:02,147 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 129 [2022-02-20 18:00:02,147 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:00:02,147 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:00:02,167 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Ended with exit code 0 [2022-02-20 18:00:02,361 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:00:02,362 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:00:02,362 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:00:02,362 INFO L85 PathProgramCache]: Analyzing trace with hash -1697933857, now seen corresponding path program 1 times [2022-02-20 18:00:02,362 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:00:02,362 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1293311142] [2022-02-20 18:00:02,362 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:02,362 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:00:02,410 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:02,437 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:00:02,439 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:02,443 INFO L290 TraceCheckUtils]: 0: Hoare triple {12771#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12705#true} is VALID [2022-02-20 18:00:02,443 INFO L290 TraceCheckUtils]: 1: Hoare triple {12705#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12705#true} is VALID [2022-02-20 18:00:02,443 INFO L290 TraceCheckUtils]: 2: Hoare triple {12705#true} assume true; {12705#true} is VALID [2022-02-20 18:00:02,443 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12705#true} {12705#true} #1279#return; {12705#true} is VALID [2022-02-20 18:00:02,448 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:00:02,450 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:02,452 INFO L290 TraceCheckUtils]: 0: Hoare triple {12772#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12705#true} is VALID [2022-02-20 18:00:02,452 INFO L290 TraceCheckUtils]: 1: Hoare triple {12705#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12705#true} is VALID [2022-02-20 18:00:02,452 INFO L290 TraceCheckUtils]: 2: Hoare triple {12705#true} assume true; {12705#true} is VALID [2022-02-20 18:00:02,452 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12705#true} {12705#true} #1281#return; {12705#true} is VALID [2022-02-20 18:00:02,452 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:00:02,455 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:02,466 INFO L290 TraceCheckUtils]: 0: Hoare triple {12771#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12773#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:02,467 INFO L290 TraceCheckUtils]: 1: Hoare triple {12773#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {12773#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:02,467 INFO L290 TraceCheckUtils]: 2: Hoare triple {12773#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {12774#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:02,467 INFO L290 TraceCheckUtils]: 3: Hoare triple {12774#(= 2 |setClientId_#in~handle|)} assume true; {12774#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:02,468 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {12774#(= 2 |setClientId_#in~handle|)} {12715#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1283#return; {12721#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:00:02,468 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:00:02,470 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:02,484 INFO L290 TraceCheckUtils]: 0: Hoare triple {12772#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12775#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:02,484 INFO L290 TraceCheckUtils]: 1: Hoare triple {12775#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12776#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:00:02,485 INFO L290 TraceCheckUtils]: 2: Hoare triple {12776#(= |setClientPrivateKey_#in~handle| 1)} assume true; {12776#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:00:02,485 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12776#(= |setClientPrivateKey_#in~handle| 1)} {12721#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1285#return; {12706#false} is VALID [2022-02-20 18:00:02,485 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2022-02-20 18:00:02,487 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:02,491 INFO L290 TraceCheckUtils]: 0: Hoare triple {12771#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12705#true} is VALID [2022-02-20 18:00:02,492 INFO L290 TraceCheckUtils]: 1: Hoare triple {12705#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12705#true} is VALID [2022-02-20 18:00:02,492 INFO L290 TraceCheckUtils]: 2: Hoare triple {12705#true} assume true; {12705#true} is VALID [2022-02-20 18:00:02,492 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12705#true} {12706#false} #1287#return; {12706#false} is VALID [2022-02-20 18:00:02,492 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 37 [2022-02-20 18:00:02,494 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:02,496 INFO L290 TraceCheckUtils]: 0: Hoare triple {12772#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12705#true} is VALID [2022-02-20 18:00:02,496 INFO L290 TraceCheckUtils]: 1: Hoare triple {12705#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12705#true} is VALID [2022-02-20 18:00:02,496 INFO L290 TraceCheckUtils]: 2: Hoare triple {12705#true} assume true; {12705#true} is VALID [2022-02-20 18:00:02,496 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12705#true} {12706#false} #1289#return; {12706#false} is VALID [2022-02-20 18:00:02,504 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 18:00:02,505 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:02,508 INFO L290 TraceCheckUtils]: 0: Hoare triple {12777#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12705#true} is VALID [2022-02-20 18:00:02,508 INFO L290 TraceCheckUtils]: 1: Hoare triple {12705#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12705#true} is VALID [2022-02-20 18:00:02,508 INFO L290 TraceCheckUtils]: 2: Hoare triple {12705#true} assume true; {12705#true} is VALID [2022-02-20 18:00:02,509 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12705#true} {12706#false} #1221#return; {12706#false} is VALID [2022-02-20 18:00:02,516 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2022-02-20 18:00:02,517 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:02,519 INFO L290 TraceCheckUtils]: 0: Hoare triple {12778#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {12705#true} is VALID [2022-02-20 18:00:02,519 INFO L290 TraceCheckUtils]: 1: Hoare triple {12705#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12705#true} is VALID [2022-02-20 18:00:02,520 INFO L290 TraceCheckUtils]: 2: Hoare triple {12705#true} assume true; {12705#true} is VALID [2022-02-20 18:00:02,520 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12705#true} {12706#false} #1223#return; {12706#false} is VALID [2022-02-20 18:00:02,520 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 73 [2022-02-20 18:00:02,521 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:02,522 INFO L290 TraceCheckUtils]: 0: Hoare triple {12705#true} ~handle := #in~handle;havoc ~retValue_acc~11; {12705#true} is VALID [2022-02-20 18:00:02,522 INFO L290 TraceCheckUtils]: 1: Hoare triple {12705#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {12705#true} is VALID [2022-02-20 18:00:02,522 INFO L290 TraceCheckUtils]: 2: Hoare triple {12705#true} assume true; {12705#true} is VALID [2022-02-20 18:00:02,523 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12705#true} {12706#false} #1201#return; {12706#false} is VALID [2022-02-20 18:00:02,523 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81 [2022-02-20 18:00:02,524 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:02,526 INFO L290 TraceCheckUtils]: 0: Hoare triple {12705#true} ~handle := #in~handle;havoc ~retValue_acc~5; {12705#true} is VALID [2022-02-20 18:00:02,526 INFO L290 TraceCheckUtils]: 1: Hoare triple {12705#true} assume 1 == ~handle;~retValue_acc~5 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~5; {12705#true} is VALID [2022-02-20 18:00:02,526 INFO L290 TraceCheckUtils]: 2: Hoare triple {12705#true} assume true; {12705#true} is VALID [2022-02-20 18:00:02,526 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12705#true} {12706#false} #1203#return; {12706#false} is VALID [2022-02-20 18:00:02,526 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90 [2022-02-20 18:00:02,527 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:02,529 INFO L290 TraceCheckUtils]: 0: Hoare triple {12705#true} ~handle := #in~handle;havoc ~retValue_acc~36; {12705#true} is VALID [2022-02-20 18:00:02,529 INFO L290 TraceCheckUtils]: 1: Hoare triple {12705#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {12705#true} is VALID [2022-02-20 18:00:02,529 INFO L290 TraceCheckUtils]: 2: Hoare triple {12705#true} assume true; {12705#true} is VALID [2022-02-20 18:00:02,529 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12705#true} {12706#false} #1235#return; {12706#false} is VALID [2022-02-20 18:00:02,529 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 18:00:02,530 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:02,531 INFO L290 TraceCheckUtils]: 0: Hoare triple {12705#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~16; {12705#true} is VALID [2022-02-20 18:00:02,531 INFO L290 TraceCheckUtils]: 1: Hoare triple {12705#true} assume 1 == ~handle; {12705#true} is VALID [2022-02-20 18:00:02,532 INFO L290 TraceCheckUtils]: 2: Hoare triple {12705#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~16 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~16; {12705#true} is VALID [2022-02-20 18:00:02,532 INFO L290 TraceCheckUtils]: 3: Hoare triple {12705#true} assume true; {12705#true} is VALID [2022-02-20 18:00:02,532 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {12705#true} {12706#false} #1237#return; {12706#false} is VALID [2022-02-20 18:00:02,532 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 107 [2022-02-20 18:00:02,535 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:02,536 INFO L290 TraceCheckUtils]: 0: Hoare triple {12777#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12705#true} is VALID [2022-02-20 18:00:02,537 INFO L290 TraceCheckUtils]: 1: Hoare triple {12705#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12705#true} is VALID [2022-02-20 18:00:02,537 INFO L290 TraceCheckUtils]: 2: Hoare triple {12705#true} assume true; {12705#true} is VALID [2022-02-20 18:00:02,537 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12705#true} {12706#false} #1243#return; {12706#false} is VALID [2022-02-20 18:00:02,537 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 113 [2022-02-20 18:00:02,539 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:02,540 INFO L290 TraceCheckUtils]: 0: Hoare triple {12705#true} ~handle := #in~handle;havoc ~retValue_acc~41; {12705#true} is VALID [2022-02-20 18:00:02,540 INFO L290 TraceCheckUtils]: 1: Hoare triple {12705#true} assume 1 == ~handle;~retValue_acc~41 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~41; {12705#true} is VALID [2022-02-20 18:00:02,540 INFO L290 TraceCheckUtils]: 2: Hoare triple {12705#true} assume true; {12705#true} is VALID [2022-02-20 18:00:02,541 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12705#true} {12706#false} #1245#return; {12706#false} is VALID [2022-02-20 18:00:02,541 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 120 [2022-02-20 18:00:02,542 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:02,543 INFO L290 TraceCheckUtils]: 0: Hoare triple {12705#true} ~handle := #in~handle;havoc ~retValue_acc~11; {12705#true} is VALID [2022-02-20 18:00:02,543 INFO L290 TraceCheckUtils]: 1: Hoare triple {12705#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {12705#true} is VALID [2022-02-20 18:00:02,543 INFO L290 TraceCheckUtils]: 2: Hoare triple {12705#true} assume true; {12705#true} is VALID [2022-02-20 18:00:02,543 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12705#true} {12706#false} #1247#return; {12706#false} is VALID [2022-02-20 18:00:02,544 INFO L290 TraceCheckUtils]: 0: Hoare triple {12705#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(13, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(34, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(20, 25);call #Ultimate.allocInit(22, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {12705#true} is VALID [2022-02-20 18:00:02,544 INFO L290 TraceCheckUtils]: 1: Hoare triple {12705#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret15#1, main_~retValue_acc~19#1, main_~tmp~3#1;havoc main_~retValue_acc~19#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {12705#true} is VALID [2022-02-20 18:00:02,544 INFO L290 TraceCheckUtils]: 2: Hoare triple {12705#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {12705#true} is VALID [2022-02-20 18:00:02,544 INFO L290 TraceCheckUtils]: 3: Hoare triple {12705#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {12705#true} is VALID [2022-02-20 18:00:02,544 INFO L290 TraceCheckUtils]: 4: Hoare triple {12705#true} main_#t~ret15#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret15#1 && main_#t~ret15#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret15#1;havoc main_#t~ret15#1; {12705#true} is VALID [2022-02-20 18:00:02,544 INFO L290 TraceCheckUtils]: 5: Hoare triple {12705#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet12#1, setup_#t~nondet13#1, setup_#t~nondet14#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {12705#true} is VALID [2022-02-20 18:00:02,545 INFO L272 TraceCheckUtils]: 6: Hoare triple {12705#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {12771#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:02,545 INFO L290 TraceCheckUtils]: 7: Hoare triple {12771#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12705#true} is VALID [2022-02-20 18:00:02,545 INFO L290 TraceCheckUtils]: 8: Hoare triple {12705#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12705#true} is VALID [2022-02-20 18:00:02,545 INFO L290 TraceCheckUtils]: 9: Hoare triple {12705#true} assume true; {12705#true} is VALID [2022-02-20 18:00:02,545 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {12705#true} {12705#true} #1279#return; {12705#true} is VALID [2022-02-20 18:00:02,546 INFO L290 TraceCheckUtils]: 11: Hoare triple {12705#true} assume { :end_inline_setup_bob__wrappee__Base } true; {12705#true} is VALID [2022-02-20 18:00:02,546 INFO L272 TraceCheckUtils]: 12: Hoare triple {12705#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {12772#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:02,546 INFO L290 TraceCheckUtils]: 13: Hoare triple {12772#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12705#true} is VALID [2022-02-20 18:00:02,546 INFO L290 TraceCheckUtils]: 14: Hoare triple {12705#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12705#true} is VALID [2022-02-20 18:00:02,546 INFO L290 TraceCheckUtils]: 15: Hoare triple {12705#true} assume true; {12705#true} is VALID [2022-02-20 18:00:02,547 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {12705#true} {12705#true} #1281#return; {12705#true} is VALID [2022-02-20 18:00:02,547 INFO L290 TraceCheckUtils]: 17: Hoare triple {12705#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet12#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {12715#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 18:00:02,548 INFO L272 TraceCheckUtils]: 18: Hoare triple {12715#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {12771#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:02,548 INFO L290 TraceCheckUtils]: 19: Hoare triple {12771#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12773#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:02,548 INFO L290 TraceCheckUtils]: 20: Hoare triple {12773#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {12773#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:02,548 INFO L290 TraceCheckUtils]: 21: Hoare triple {12773#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {12774#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:02,549 INFO L290 TraceCheckUtils]: 22: Hoare triple {12774#(= 2 |setClientId_#in~handle|)} assume true; {12774#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:02,549 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {12774#(= 2 |setClientId_#in~handle|)} {12715#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1283#return; {12721#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:00:02,550 INFO L290 TraceCheckUtils]: 24: Hoare triple {12721#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {12721#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:00:02,550 INFO L272 TraceCheckUtils]: 25: Hoare triple {12721#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {12772#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:02,550 INFO L290 TraceCheckUtils]: 26: Hoare triple {12772#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12775#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:02,551 INFO L290 TraceCheckUtils]: 27: Hoare triple {12775#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12776#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:00:02,551 INFO L290 TraceCheckUtils]: 28: Hoare triple {12776#(= |setClientPrivateKey_#in~handle| 1)} assume true; {12776#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:00:02,551 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {12776#(= |setClientPrivateKey_#in~handle| 1)} {12721#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1285#return; {12706#false} is VALID [2022-02-20 18:00:02,552 INFO L290 TraceCheckUtils]: 30: Hoare triple {12706#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet13#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {12706#false} is VALID [2022-02-20 18:00:02,552 INFO L272 TraceCheckUtils]: 31: Hoare triple {12706#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {12771#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:02,552 INFO L290 TraceCheckUtils]: 32: Hoare triple {12771#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12705#true} is VALID [2022-02-20 18:00:02,552 INFO L290 TraceCheckUtils]: 33: Hoare triple {12705#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12705#true} is VALID [2022-02-20 18:00:02,552 INFO L290 TraceCheckUtils]: 34: Hoare triple {12705#true} assume true; {12705#true} is VALID [2022-02-20 18:00:02,552 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {12705#true} {12706#false} #1287#return; {12706#false} is VALID [2022-02-20 18:00:02,552 INFO L290 TraceCheckUtils]: 36: Hoare triple {12706#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {12706#false} is VALID [2022-02-20 18:00:02,552 INFO L272 TraceCheckUtils]: 37: Hoare triple {12706#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {12772#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:02,553 INFO L290 TraceCheckUtils]: 38: Hoare triple {12772#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12705#true} is VALID [2022-02-20 18:00:02,553 INFO L290 TraceCheckUtils]: 39: Hoare triple {12705#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12705#true} is VALID [2022-02-20 18:00:02,553 INFO L290 TraceCheckUtils]: 40: Hoare triple {12705#true} assume true; {12705#true} is VALID [2022-02-20 18:00:02,553 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {12705#true} {12706#false} #1289#return; {12706#false} is VALID [2022-02-20 18:00:02,553 INFO L290 TraceCheckUtils]: 42: Hoare triple {12706#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 8, 0;havoc setup_#t~nondet14#1; {12706#false} is VALID [2022-02-20 18:00:02,553 INFO L290 TraceCheckUtils]: 43: Hoare triple {12706#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_#t~nondet107#1, test_#t~nondet108#1, test_#t~nondet109#1, test_#t~nondet110#1, test_#t~nondet111#1, test_#t~nondet112#1, test_#t~nondet113#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~25#1, test_~tmp___0~10#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~25#1;havoc test_~tmp___0~10#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {12706#false} is VALID [2022-02-20 18:00:02,553 INFO L290 TraceCheckUtils]: 44: Hoare triple {12706#false} assume !false; {12706#false} is VALID [2022-02-20 18:00:02,553 INFO L290 TraceCheckUtils]: 45: Hoare triple {12706#false} assume test_~splverifierCounter~0#1 < 4; {12706#false} is VALID [2022-02-20 18:00:02,554 INFO L290 TraceCheckUtils]: 46: Hoare triple {12706#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {12706#false} is VALID [2022-02-20 18:00:02,554 INFO L290 TraceCheckUtils]: 47: Hoare triple {12706#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet103#1 && test_#t~nondet103#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet103#1;havoc test_#t~nondet103#1; {12706#false} is VALID [2022-02-20 18:00:02,554 INFO L290 TraceCheckUtils]: 48: Hoare triple {12706#false} assume !(0 != test_~tmp___9~0#1); {12706#false} is VALID [2022-02-20 18:00:02,554 INFO L290 TraceCheckUtils]: 49: Hoare triple {12706#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet104#1 && test_#t~nondet104#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet104#1;havoc test_#t~nondet104#1; {12706#false} is VALID [2022-02-20 18:00:02,554 INFO L290 TraceCheckUtils]: 50: Hoare triple {12706#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {12706#false} is VALID [2022-02-20 18:00:02,554 INFO L290 TraceCheckUtils]: 51: Hoare triple {12706#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {12706#false} is VALID [2022-02-20 18:00:02,554 INFO L290 TraceCheckUtils]: 52: Hoare triple {12706#false} assume { :end_inline_setClientAutoResponse } true; {12706#false} is VALID [2022-02-20 18:00:02,554 INFO L290 TraceCheckUtils]: 53: Hoare triple {12706#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {12706#false} is VALID [2022-02-20 18:00:02,555 INFO L290 TraceCheckUtils]: 54: Hoare triple {12706#false} assume !false; {12706#false} is VALID [2022-02-20 18:00:02,555 INFO L290 TraceCheckUtils]: 55: Hoare triple {12706#false} assume !(test_~splverifierCounter~0#1 < 4); {12706#false} is VALID [2022-02-20 18:00:02,555 INFO L290 TraceCheckUtils]: 56: Hoare triple {12706#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_#t~ret10#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret7#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret7#1 && bobToRjh_#t~ret7#1 <= 2147483647;havoc bobToRjh_#t~ret7#1; {12706#false} is VALID [2022-02-20 18:00:02,555 INFO L272 TraceCheckUtils]: 57: Hoare triple {12706#false} call sendEmail(~bob~0, ~rjh~0); {12706#false} is VALID [2022-02-20 18:00:02,555 INFO L290 TraceCheckUtils]: 58: Hoare triple {12706#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {12706#false} is VALID [2022-02-20 18:00:02,555 INFO L272 TraceCheckUtils]: 59: Hoare triple {12706#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {12777#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:02,555 INFO L290 TraceCheckUtils]: 60: Hoare triple {12777#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12705#true} is VALID [2022-02-20 18:00:02,555 INFO L290 TraceCheckUtils]: 61: Hoare triple {12705#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12705#true} is VALID [2022-02-20 18:00:02,556 INFO L290 TraceCheckUtils]: 62: Hoare triple {12705#true} assume true; {12705#true} is VALID [2022-02-20 18:00:02,556 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {12705#true} {12706#false} #1221#return; {12706#false} is VALID [2022-02-20 18:00:02,556 INFO L272 TraceCheckUtils]: 64: Hoare triple {12706#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {12778#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:00:02,556 INFO L290 TraceCheckUtils]: 65: Hoare triple {12778#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {12705#true} is VALID [2022-02-20 18:00:02,556 INFO L290 TraceCheckUtils]: 66: Hoare triple {12705#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12705#true} is VALID [2022-02-20 18:00:02,556 INFO L290 TraceCheckUtils]: 67: Hoare triple {12705#true} assume true; {12705#true} is VALID [2022-02-20 18:00:02,556 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {12705#true} {12706#false} #1223#return; {12706#false} is VALID [2022-02-20 18:00:02,556 INFO L290 TraceCheckUtils]: 69: Hoare triple {12706#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {12706#false} is VALID [2022-02-20 18:00:02,557 INFO L290 TraceCheckUtils]: 70: Hoare triple {12706#false} #t~ret65#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret65#1 && #t~ret65#1 <= 2147483647;~tmp~17#1 := #t~ret65#1;havoc #t~ret65#1;~email~0#1 := ~tmp~17#1; {12706#false} is VALID [2022-02-20 18:00:02,557 INFO L272 TraceCheckUtils]: 71: Hoare triple {12706#false} call outgoing(~sender#1, ~email~0#1); {12706#false} is VALID [2022-02-20 18:00:02,557 INFO L290 TraceCheckUtils]: 72: Hoare triple {12706#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret69#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~19#1; {12706#false} is VALID [2022-02-20 18:00:02,557 INFO L272 TraceCheckUtils]: 73: Hoare triple {12706#false} call sign_#t~ret69#1 := getClientPrivateKey(sign_~client#1); {12705#true} is VALID [2022-02-20 18:00:02,557 INFO L290 TraceCheckUtils]: 74: Hoare triple {12705#true} ~handle := #in~handle;havoc ~retValue_acc~11; {12705#true} is VALID [2022-02-20 18:00:02,557 INFO L290 TraceCheckUtils]: 75: Hoare triple {12705#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {12705#true} is VALID [2022-02-20 18:00:02,557 INFO L290 TraceCheckUtils]: 76: Hoare triple {12705#true} assume true; {12705#true} is VALID [2022-02-20 18:00:02,557 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {12705#true} {12706#false} #1201#return; {12706#false} is VALID [2022-02-20 18:00:02,558 INFO L290 TraceCheckUtils]: 78: Hoare triple {12706#false} assume -2147483648 <= sign_#t~ret69#1 && sign_#t~ret69#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret69#1;havoc sign_#t~ret69#1;sign_~privkey~1#1 := sign_~tmp~19#1; {12706#false} is VALID [2022-02-20 18:00:02,558 INFO L290 TraceCheckUtils]: 79: Hoare triple {12706#false} assume 0 == sign_~privkey~1#1; {12706#false} is VALID [2022-02-20 18:00:02,558 INFO L290 TraceCheckUtils]: 80: Hoare triple {12706#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret52#1, outgoing__wrappee__AddressBook_#t~ret53#1, outgoing__wrappee__AddressBook_#t~ret54#1, outgoing__wrappee__AddressBook_#t~ret55#1, outgoing__wrappee__AddressBook_#t~ret56#1, outgoing__wrappee__AddressBook_#t~ret57#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~13#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~6#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~13#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~6#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {12706#false} is VALID [2022-02-20 18:00:02,558 INFO L272 TraceCheckUtils]: 81: Hoare triple {12706#false} call outgoing__wrappee__AddressBook_#t~ret52#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {12705#true} is VALID [2022-02-20 18:00:02,558 INFO L290 TraceCheckUtils]: 82: Hoare triple {12705#true} ~handle := #in~handle;havoc ~retValue_acc~5; {12705#true} is VALID [2022-02-20 18:00:02,558 INFO L290 TraceCheckUtils]: 83: Hoare triple {12705#true} assume 1 == ~handle;~retValue_acc~5 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~5; {12705#true} is VALID [2022-02-20 18:00:02,558 INFO L290 TraceCheckUtils]: 84: Hoare triple {12705#true} assume true; {12705#true} is VALID [2022-02-20 18:00:02,558 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {12705#true} {12706#false} #1203#return; {12706#false} is VALID [2022-02-20 18:00:02,558 INFO L290 TraceCheckUtils]: 86: Hoare triple {12706#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret52#1 && outgoing__wrappee__AddressBook_#t~ret52#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~13#1 := outgoing__wrappee__AddressBook_#t~ret52#1;havoc outgoing__wrappee__AddressBook_#t~ret52#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~13#1; {12706#false} is VALID [2022-02-20 18:00:02,559 INFO L290 TraceCheckUtils]: 87: Hoare triple {12706#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {12706#false} is VALID [2022-02-20 18:00:02,559 INFO L272 TraceCheckUtils]: 88: Hoare triple {12706#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {12706#false} is VALID [2022-02-20 18:00:02,559 INFO L290 TraceCheckUtils]: 89: Hoare triple {12706#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~12#1;havoc ~pubkey~0#1;havoc ~tmp___0~5#1; {12706#false} is VALID [2022-02-20 18:00:02,559 INFO L272 TraceCheckUtils]: 90: Hoare triple {12706#false} call #t~ret50#1 := getEmailTo(~msg#1); {12705#true} is VALID [2022-02-20 18:00:02,559 INFO L290 TraceCheckUtils]: 91: Hoare triple {12705#true} ~handle := #in~handle;havoc ~retValue_acc~36; {12705#true} is VALID [2022-02-20 18:00:02,559 INFO L290 TraceCheckUtils]: 92: Hoare triple {12705#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {12705#true} is VALID [2022-02-20 18:00:02,559 INFO L290 TraceCheckUtils]: 93: Hoare triple {12705#true} assume true; {12705#true} is VALID [2022-02-20 18:00:02,559 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {12705#true} {12706#false} #1235#return; {12706#false} is VALID [2022-02-20 18:00:02,560 INFO L290 TraceCheckUtils]: 95: Hoare triple {12706#false} assume -2147483648 <= #t~ret50#1 && #t~ret50#1 <= 2147483647;~tmp~12#1 := #t~ret50#1;havoc #t~ret50#1;~receiver~0#1 := ~tmp~12#1; {12706#false} is VALID [2022-02-20 18:00:02,569 INFO L272 TraceCheckUtils]: 96: Hoare triple {12706#false} call #t~ret51#1 := findPublicKey(~client#1, ~receiver~0#1); {12705#true} is VALID [2022-02-20 18:00:02,570 INFO L290 TraceCheckUtils]: 97: Hoare triple {12705#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~16; {12705#true} is VALID [2022-02-20 18:00:02,570 INFO L290 TraceCheckUtils]: 98: Hoare triple {12705#true} assume 1 == ~handle; {12705#true} is VALID [2022-02-20 18:00:02,570 INFO L290 TraceCheckUtils]: 99: Hoare triple {12705#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~16 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~16; {12705#true} is VALID [2022-02-20 18:00:02,570 INFO L290 TraceCheckUtils]: 100: Hoare triple {12705#true} assume true; {12705#true} is VALID [2022-02-20 18:00:02,570 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {12705#true} {12706#false} #1237#return; {12706#false} is VALID [2022-02-20 18:00:02,570 INFO L290 TraceCheckUtils]: 102: Hoare triple {12706#false} assume -2147483648 <= #t~ret51#1 && #t~ret51#1 <= 2147483647;~tmp___0~5#1 := #t~ret51#1;havoc #t~ret51#1;~pubkey~0#1 := ~tmp___0~5#1; {12706#false} is VALID [2022-02-20 18:00:02,571 INFO L290 TraceCheckUtils]: 103: Hoare triple {12706#false} assume !(0 != ~pubkey~0#1); {12706#false} is VALID [2022-02-20 18:00:02,571 INFO L290 TraceCheckUtils]: 104: Hoare triple {12706#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret49#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~11#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~11#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~18#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~18#1; {12706#false} is VALID [2022-02-20 18:00:02,571 INFO L290 TraceCheckUtils]: 105: Hoare triple {12706#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~18#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~18#1; {12706#false} is VALID [2022-02-20 18:00:02,571 INFO L290 TraceCheckUtils]: 106: Hoare triple {12706#false} outgoing__wrappee__Keys_#t~ret49#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret49#1 && outgoing__wrappee__Keys_#t~ret49#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~11#1 := outgoing__wrappee__Keys_#t~ret49#1;havoc outgoing__wrappee__Keys_#t~ret49#1; {12706#false} is VALID [2022-02-20 18:00:02,571 INFO L272 TraceCheckUtils]: 107: Hoare triple {12706#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~11#1); {12777#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:02,571 INFO L290 TraceCheckUtils]: 108: Hoare triple {12777#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12705#true} is VALID [2022-02-20 18:00:02,571 INFO L290 TraceCheckUtils]: 109: Hoare triple {12705#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12705#true} is VALID [2022-02-20 18:00:02,571 INFO L290 TraceCheckUtils]: 110: Hoare triple {12705#true} assume true; {12705#true} is VALID [2022-02-20 18:00:02,572 INFO L284 TraceCheckUtils]: 111: Hoare quadruple {12705#true} {12706#false} #1243#return; {12706#false} is VALID [2022-02-20 18:00:02,572 INFO L290 TraceCheckUtils]: 112: Hoare triple {12706#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret47#1, mail_#t~ret48#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~10#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~10#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret76#1, __utac_acc__SignForward_spec__1_#t~ret77#1, __utac_acc__SignForward_spec__1_#t~ret78#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~21#1, __utac_acc__SignForward_spec__1_~tmp___0~9#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~21#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~9#1;call __utac_acc__SignForward_spec__1_#t~ret76#1 := puts(27, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret76#1 && __utac_acc__SignForward_spec__1_#t~ret76#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret76#1; {12706#false} is VALID [2022-02-20 18:00:02,572 INFO L272 TraceCheckUtils]: 113: Hoare triple {12706#false} call __utac_acc__SignForward_spec__1_#t~ret77#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {12705#true} is VALID [2022-02-20 18:00:02,572 INFO L290 TraceCheckUtils]: 114: Hoare triple {12705#true} ~handle := #in~handle;havoc ~retValue_acc~41; {12705#true} is VALID [2022-02-20 18:00:02,572 INFO L290 TraceCheckUtils]: 115: Hoare triple {12705#true} assume 1 == ~handle;~retValue_acc~41 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~41; {12705#true} is VALID [2022-02-20 18:00:02,572 INFO L290 TraceCheckUtils]: 116: Hoare triple {12705#true} assume true; {12705#true} is VALID [2022-02-20 18:00:02,572 INFO L284 TraceCheckUtils]: 117: Hoare quadruple {12705#true} {12706#false} #1245#return; {12706#false} is VALID [2022-02-20 18:00:02,572 INFO L290 TraceCheckUtils]: 118: Hoare triple {12706#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret77#1 && __utac_acc__SignForward_spec__1_#t~ret77#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~9#1 := __utac_acc__SignForward_spec__1_#t~ret77#1;havoc __utac_acc__SignForward_spec__1_#t~ret77#1; {12706#false} is VALID [2022-02-20 18:00:02,573 INFO L290 TraceCheckUtils]: 119: Hoare triple {12706#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~9#1; {12706#false} is VALID [2022-02-20 18:00:02,573 INFO L272 TraceCheckUtils]: 120: Hoare triple {12706#false} call __utac_acc__SignForward_spec__1_#t~ret78#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {12705#true} is VALID [2022-02-20 18:00:02,573 INFO L290 TraceCheckUtils]: 121: Hoare triple {12705#true} ~handle := #in~handle;havoc ~retValue_acc~11; {12705#true} is VALID [2022-02-20 18:00:02,573 INFO L290 TraceCheckUtils]: 122: Hoare triple {12705#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {12705#true} is VALID [2022-02-20 18:00:02,573 INFO L290 TraceCheckUtils]: 123: Hoare triple {12705#true} assume true; {12705#true} is VALID [2022-02-20 18:00:02,573 INFO L284 TraceCheckUtils]: 124: Hoare quadruple {12705#true} {12706#false} #1247#return; {12706#false} is VALID [2022-02-20 18:00:02,573 INFO L290 TraceCheckUtils]: 125: Hoare triple {12706#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret78#1 && __utac_acc__SignForward_spec__1_#t~ret78#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~21#1 := __utac_acc__SignForward_spec__1_#t~ret78#1;havoc __utac_acc__SignForward_spec__1_#t~ret78#1; {12706#false} is VALID [2022-02-20 18:00:02,573 INFO L290 TraceCheckUtils]: 126: Hoare triple {12706#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~21#1;assume { :begin_inline___automaton_fail } true; {12706#false} is VALID [2022-02-20 18:00:02,574 INFO L290 TraceCheckUtils]: 127: Hoare triple {12706#false} assume !false; {12706#false} is VALID [2022-02-20 18:00:02,574 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 18:00:02,574 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:00:02,574 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1293311142] [2022-02-20 18:00:02,574 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1293311142] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:00:02,574 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [519046087] [2022-02-20 18:00:02,575 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:02,575 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:00:02,575 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:00:02,592 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:00:02,593 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Waiting until timeout for monitored process [2022-02-20 18:00:02,812 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:02,816 INFO L263 TraceCheckSpWp]: Trace formula consists of 1188 conjuncts, 6 conjunts are in the unsatisfiable core [2022-02-20 18:00:02,851 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:02,855 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:00:03,111 INFO L290 TraceCheckUtils]: 0: Hoare triple {12705#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(13, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(34, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(20, 25);call #Ultimate.allocInit(22, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {12705#true} is VALID [2022-02-20 18:00:03,111 INFO L290 TraceCheckUtils]: 1: Hoare triple {12705#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret15#1, main_~retValue_acc~19#1, main_~tmp~3#1;havoc main_~retValue_acc~19#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {12705#true} is VALID [2022-02-20 18:00:03,111 INFO L290 TraceCheckUtils]: 2: Hoare triple {12705#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {12705#true} is VALID [2022-02-20 18:00:03,111 INFO L290 TraceCheckUtils]: 3: Hoare triple {12705#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {12705#true} is VALID [2022-02-20 18:00:03,111 INFO L290 TraceCheckUtils]: 4: Hoare triple {12705#true} main_#t~ret15#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret15#1 && main_#t~ret15#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret15#1;havoc main_#t~ret15#1; {12705#true} is VALID [2022-02-20 18:00:03,111 INFO L290 TraceCheckUtils]: 5: Hoare triple {12705#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet12#1, setup_#t~nondet13#1, setup_#t~nondet14#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {12705#true} is VALID [2022-02-20 18:00:03,111 INFO L272 TraceCheckUtils]: 6: Hoare triple {12705#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {12705#true} is VALID [2022-02-20 18:00:03,111 INFO L290 TraceCheckUtils]: 7: Hoare triple {12705#true} ~handle := #in~handle;~value := #in~value; {12705#true} is VALID [2022-02-20 18:00:03,111 INFO L290 TraceCheckUtils]: 8: Hoare triple {12705#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12705#true} is VALID [2022-02-20 18:00:03,111 INFO L290 TraceCheckUtils]: 9: Hoare triple {12705#true} assume true; {12705#true} is VALID [2022-02-20 18:00:03,111 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {12705#true} {12705#true} #1279#return; {12705#true} is VALID [2022-02-20 18:00:03,112 INFO L290 TraceCheckUtils]: 11: Hoare triple {12705#true} assume { :end_inline_setup_bob__wrappee__Base } true; {12705#true} is VALID [2022-02-20 18:00:03,112 INFO L272 TraceCheckUtils]: 12: Hoare triple {12705#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {12705#true} is VALID [2022-02-20 18:00:03,112 INFO L290 TraceCheckUtils]: 13: Hoare triple {12705#true} ~handle := #in~handle;~value := #in~value; {12705#true} is VALID [2022-02-20 18:00:03,112 INFO L290 TraceCheckUtils]: 14: Hoare triple {12705#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12705#true} is VALID [2022-02-20 18:00:03,112 INFO L290 TraceCheckUtils]: 15: Hoare triple {12705#true} assume true; {12705#true} is VALID [2022-02-20 18:00:03,112 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {12705#true} {12705#true} #1281#return; {12705#true} is VALID [2022-02-20 18:00:03,114 INFO L290 TraceCheckUtils]: 17: Hoare triple {12705#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet12#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {12833#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:00:03,114 INFO L272 TraceCheckUtils]: 18: Hoare triple {12833#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {12705#true} is VALID [2022-02-20 18:00:03,115 INFO L290 TraceCheckUtils]: 19: Hoare triple {12705#true} ~handle := #in~handle;~value := #in~value; {12705#true} is VALID [2022-02-20 18:00:03,115 INFO L290 TraceCheckUtils]: 20: Hoare triple {12705#true} assume !(1 == ~handle); {12705#true} is VALID [2022-02-20 18:00:03,115 INFO L290 TraceCheckUtils]: 21: Hoare triple {12705#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {12705#true} is VALID [2022-02-20 18:00:03,115 INFO L290 TraceCheckUtils]: 22: Hoare triple {12705#true} assume true; {12705#true} is VALID [2022-02-20 18:00:03,123 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {12705#true} {12833#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1283#return; {12833#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:00:03,123 INFO L290 TraceCheckUtils]: 24: Hoare triple {12833#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume { :end_inline_setup_rjh__wrappee__Base } true; {12833#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:00:03,123 INFO L272 TraceCheckUtils]: 25: Hoare triple {12833#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {12705#true} is VALID [2022-02-20 18:00:03,124 INFO L290 TraceCheckUtils]: 26: Hoare triple {12705#true} ~handle := #in~handle;~value := #in~value; {12861#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} is VALID [2022-02-20 18:00:03,124 INFO L290 TraceCheckUtils]: 27: Hoare triple {12861#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12865#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:00:03,124 INFO L290 TraceCheckUtils]: 28: Hoare triple {12865#(<= |setClientPrivateKey_#in~handle| 1)} assume true; {12865#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:00:03,125 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {12865#(<= |setClientPrivateKey_#in~handle| 1)} {12833#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1285#return; {12706#false} is VALID [2022-02-20 18:00:03,125 INFO L290 TraceCheckUtils]: 30: Hoare triple {12706#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet13#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {12706#false} is VALID [2022-02-20 18:00:03,125 INFO L272 TraceCheckUtils]: 31: Hoare triple {12706#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {12706#false} is VALID [2022-02-20 18:00:03,125 INFO L290 TraceCheckUtils]: 32: Hoare triple {12706#false} ~handle := #in~handle;~value := #in~value; {12706#false} is VALID [2022-02-20 18:00:03,126 INFO L290 TraceCheckUtils]: 33: Hoare triple {12706#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12706#false} is VALID [2022-02-20 18:00:03,126 INFO L290 TraceCheckUtils]: 34: Hoare triple {12706#false} assume true; {12706#false} is VALID [2022-02-20 18:00:03,126 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {12706#false} {12706#false} #1287#return; {12706#false} is VALID [2022-02-20 18:00:03,126 INFO L290 TraceCheckUtils]: 36: Hoare triple {12706#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {12706#false} is VALID [2022-02-20 18:00:03,126 INFO L272 TraceCheckUtils]: 37: Hoare triple {12706#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {12706#false} is VALID [2022-02-20 18:00:03,126 INFO L290 TraceCheckUtils]: 38: Hoare triple {12706#false} ~handle := #in~handle;~value := #in~value; {12706#false} is VALID [2022-02-20 18:00:03,126 INFO L290 TraceCheckUtils]: 39: Hoare triple {12706#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12706#false} is VALID [2022-02-20 18:00:03,126 INFO L290 TraceCheckUtils]: 40: Hoare triple {12706#false} assume true; {12706#false} is VALID [2022-02-20 18:00:03,127 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {12706#false} {12706#false} #1289#return; {12706#false} is VALID [2022-02-20 18:00:03,127 INFO L290 TraceCheckUtils]: 42: Hoare triple {12706#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 8, 0;havoc setup_#t~nondet14#1; {12706#false} is VALID [2022-02-20 18:00:03,127 INFO L290 TraceCheckUtils]: 43: Hoare triple {12706#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_#t~nondet107#1, test_#t~nondet108#1, test_#t~nondet109#1, test_#t~nondet110#1, test_#t~nondet111#1, test_#t~nondet112#1, test_#t~nondet113#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~25#1, test_~tmp___0~10#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~25#1;havoc test_~tmp___0~10#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {12706#false} is VALID [2022-02-20 18:00:03,127 INFO L290 TraceCheckUtils]: 44: Hoare triple {12706#false} assume !false; {12706#false} is VALID [2022-02-20 18:00:03,127 INFO L290 TraceCheckUtils]: 45: Hoare triple {12706#false} assume test_~splverifierCounter~0#1 < 4; {12706#false} is VALID [2022-02-20 18:00:03,127 INFO L290 TraceCheckUtils]: 46: Hoare triple {12706#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {12706#false} is VALID [2022-02-20 18:00:03,127 INFO L290 TraceCheckUtils]: 47: Hoare triple {12706#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet103#1 && test_#t~nondet103#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet103#1;havoc test_#t~nondet103#1; {12706#false} is VALID [2022-02-20 18:00:03,127 INFO L290 TraceCheckUtils]: 48: Hoare triple {12706#false} assume !(0 != test_~tmp___9~0#1); {12706#false} is VALID [2022-02-20 18:00:03,128 INFO L290 TraceCheckUtils]: 49: Hoare triple {12706#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet104#1 && test_#t~nondet104#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet104#1;havoc test_#t~nondet104#1; {12706#false} is VALID [2022-02-20 18:00:03,128 INFO L290 TraceCheckUtils]: 50: Hoare triple {12706#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {12706#false} is VALID [2022-02-20 18:00:03,128 INFO L290 TraceCheckUtils]: 51: Hoare triple {12706#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {12706#false} is VALID [2022-02-20 18:00:03,128 INFO L290 TraceCheckUtils]: 52: Hoare triple {12706#false} assume { :end_inline_setClientAutoResponse } true; {12706#false} is VALID [2022-02-20 18:00:03,128 INFO L290 TraceCheckUtils]: 53: Hoare triple {12706#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {12706#false} is VALID [2022-02-20 18:00:03,128 INFO L290 TraceCheckUtils]: 54: Hoare triple {12706#false} assume !false; {12706#false} is VALID [2022-02-20 18:00:03,128 INFO L290 TraceCheckUtils]: 55: Hoare triple {12706#false} assume !(test_~splverifierCounter~0#1 < 4); {12706#false} is VALID [2022-02-20 18:00:03,128 INFO L290 TraceCheckUtils]: 56: Hoare triple {12706#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_#t~ret10#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret7#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret7#1 && bobToRjh_#t~ret7#1 <= 2147483647;havoc bobToRjh_#t~ret7#1; {12706#false} is VALID [2022-02-20 18:00:03,128 INFO L272 TraceCheckUtils]: 57: Hoare triple {12706#false} call sendEmail(~bob~0, ~rjh~0); {12706#false} is VALID [2022-02-20 18:00:03,129 INFO L290 TraceCheckUtils]: 58: Hoare triple {12706#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {12706#false} is VALID [2022-02-20 18:00:03,129 INFO L272 TraceCheckUtils]: 59: Hoare triple {12706#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {12706#false} is VALID [2022-02-20 18:00:03,129 INFO L290 TraceCheckUtils]: 60: Hoare triple {12706#false} ~handle := #in~handle;~value := #in~value; {12706#false} is VALID [2022-02-20 18:00:03,129 INFO L290 TraceCheckUtils]: 61: Hoare triple {12706#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12706#false} is VALID [2022-02-20 18:00:03,129 INFO L290 TraceCheckUtils]: 62: Hoare triple {12706#false} assume true; {12706#false} is VALID [2022-02-20 18:00:03,129 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {12706#false} {12706#false} #1221#return; {12706#false} is VALID [2022-02-20 18:00:03,129 INFO L272 TraceCheckUtils]: 64: Hoare triple {12706#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {12706#false} is VALID [2022-02-20 18:00:03,129 INFO L290 TraceCheckUtils]: 65: Hoare triple {12706#false} ~handle := #in~handle;~value := #in~value; {12706#false} is VALID [2022-02-20 18:00:03,130 INFO L290 TraceCheckUtils]: 66: Hoare triple {12706#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12706#false} is VALID [2022-02-20 18:00:03,130 INFO L290 TraceCheckUtils]: 67: Hoare triple {12706#false} assume true; {12706#false} is VALID [2022-02-20 18:00:03,130 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {12706#false} {12706#false} #1223#return; {12706#false} is VALID [2022-02-20 18:00:03,130 INFO L290 TraceCheckUtils]: 69: Hoare triple {12706#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {12706#false} is VALID [2022-02-20 18:00:03,130 INFO L290 TraceCheckUtils]: 70: Hoare triple {12706#false} #t~ret65#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret65#1 && #t~ret65#1 <= 2147483647;~tmp~17#1 := #t~ret65#1;havoc #t~ret65#1;~email~0#1 := ~tmp~17#1; {12706#false} is VALID [2022-02-20 18:00:03,130 INFO L272 TraceCheckUtils]: 71: Hoare triple {12706#false} call outgoing(~sender#1, ~email~0#1); {12706#false} is VALID [2022-02-20 18:00:03,130 INFO L290 TraceCheckUtils]: 72: Hoare triple {12706#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret69#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~19#1; {12706#false} is VALID [2022-02-20 18:00:03,130 INFO L272 TraceCheckUtils]: 73: Hoare triple {12706#false} call sign_#t~ret69#1 := getClientPrivateKey(sign_~client#1); {12706#false} is VALID [2022-02-20 18:00:03,131 INFO L290 TraceCheckUtils]: 74: Hoare triple {12706#false} ~handle := #in~handle;havoc ~retValue_acc~11; {12706#false} is VALID [2022-02-20 18:00:03,131 INFO L290 TraceCheckUtils]: 75: Hoare triple {12706#false} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {12706#false} is VALID [2022-02-20 18:00:03,131 INFO L290 TraceCheckUtils]: 76: Hoare triple {12706#false} assume true; {12706#false} is VALID [2022-02-20 18:00:03,131 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {12706#false} {12706#false} #1201#return; {12706#false} is VALID [2022-02-20 18:00:03,131 INFO L290 TraceCheckUtils]: 78: Hoare triple {12706#false} assume -2147483648 <= sign_#t~ret69#1 && sign_#t~ret69#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret69#1;havoc sign_#t~ret69#1;sign_~privkey~1#1 := sign_~tmp~19#1; {12706#false} is VALID [2022-02-20 18:00:03,131 INFO L290 TraceCheckUtils]: 79: Hoare triple {12706#false} assume 0 == sign_~privkey~1#1; {12706#false} is VALID [2022-02-20 18:00:03,131 INFO L290 TraceCheckUtils]: 80: Hoare triple {12706#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret52#1, outgoing__wrappee__AddressBook_#t~ret53#1, outgoing__wrappee__AddressBook_#t~ret54#1, outgoing__wrappee__AddressBook_#t~ret55#1, outgoing__wrappee__AddressBook_#t~ret56#1, outgoing__wrappee__AddressBook_#t~ret57#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~13#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~6#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~13#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~6#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {12706#false} is VALID [2022-02-20 18:00:03,131 INFO L272 TraceCheckUtils]: 81: Hoare triple {12706#false} call outgoing__wrappee__AddressBook_#t~ret52#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {12706#false} is VALID [2022-02-20 18:00:03,132 INFO L290 TraceCheckUtils]: 82: Hoare triple {12706#false} ~handle := #in~handle;havoc ~retValue_acc~5; {12706#false} is VALID [2022-02-20 18:00:03,132 INFO L290 TraceCheckUtils]: 83: Hoare triple {12706#false} assume 1 == ~handle;~retValue_acc~5 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~5; {12706#false} is VALID [2022-02-20 18:00:03,132 INFO L290 TraceCheckUtils]: 84: Hoare triple {12706#false} assume true; {12706#false} is VALID [2022-02-20 18:00:03,132 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {12706#false} {12706#false} #1203#return; {12706#false} is VALID [2022-02-20 18:00:03,132 INFO L290 TraceCheckUtils]: 86: Hoare triple {12706#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret52#1 && outgoing__wrappee__AddressBook_#t~ret52#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~13#1 := outgoing__wrappee__AddressBook_#t~ret52#1;havoc outgoing__wrappee__AddressBook_#t~ret52#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~13#1; {12706#false} is VALID [2022-02-20 18:00:03,132 INFO L290 TraceCheckUtils]: 87: Hoare triple {12706#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {12706#false} is VALID [2022-02-20 18:00:03,132 INFO L272 TraceCheckUtils]: 88: Hoare triple {12706#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {12706#false} is VALID [2022-02-20 18:00:03,132 INFO L290 TraceCheckUtils]: 89: Hoare triple {12706#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~12#1;havoc ~pubkey~0#1;havoc ~tmp___0~5#1; {12706#false} is VALID [2022-02-20 18:00:03,133 INFO L272 TraceCheckUtils]: 90: Hoare triple {12706#false} call #t~ret50#1 := getEmailTo(~msg#1); {12706#false} is VALID [2022-02-20 18:00:03,133 INFO L290 TraceCheckUtils]: 91: Hoare triple {12706#false} ~handle := #in~handle;havoc ~retValue_acc~36; {12706#false} is VALID [2022-02-20 18:00:03,133 INFO L290 TraceCheckUtils]: 92: Hoare triple {12706#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {12706#false} is VALID [2022-02-20 18:00:03,133 INFO L290 TraceCheckUtils]: 93: Hoare triple {12706#false} assume true; {12706#false} is VALID [2022-02-20 18:00:03,133 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {12706#false} {12706#false} #1235#return; {12706#false} is VALID [2022-02-20 18:00:03,133 INFO L290 TraceCheckUtils]: 95: Hoare triple {12706#false} assume -2147483648 <= #t~ret50#1 && #t~ret50#1 <= 2147483647;~tmp~12#1 := #t~ret50#1;havoc #t~ret50#1;~receiver~0#1 := ~tmp~12#1; {12706#false} is VALID [2022-02-20 18:00:03,133 INFO L272 TraceCheckUtils]: 96: Hoare triple {12706#false} call #t~ret51#1 := findPublicKey(~client#1, ~receiver~0#1); {12706#false} is VALID [2022-02-20 18:00:03,133 INFO L290 TraceCheckUtils]: 97: Hoare triple {12706#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~16; {12706#false} is VALID [2022-02-20 18:00:03,133 INFO L290 TraceCheckUtils]: 98: Hoare triple {12706#false} assume 1 == ~handle; {12706#false} is VALID [2022-02-20 18:00:03,134 INFO L290 TraceCheckUtils]: 99: Hoare triple {12706#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~16 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~16; {12706#false} is VALID [2022-02-20 18:00:03,134 INFO L290 TraceCheckUtils]: 100: Hoare triple {12706#false} assume true; {12706#false} is VALID [2022-02-20 18:00:03,134 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {12706#false} {12706#false} #1237#return; {12706#false} is VALID [2022-02-20 18:00:03,134 INFO L290 TraceCheckUtils]: 102: Hoare triple {12706#false} assume -2147483648 <= #t~ret51#1 && #t~ret51#1 <= 2147483647;~tmp___0~5#1 := #t~ret51#1;havoc #t~ret51#1;~pubkey~0#1 := ~tmp___0~5#1; {12706#false} is VALID [2022-02-20 18:00:03,134 INFO L290 TraceCheckUtils]: 103: Hoare triple {12706#false} assume !(0 != ~pubkey~0#1); {12706#false} is VALID [2022-02-20 18:00:03,134 INFO L290 TraceCheckUtils]: 104: Hoare triple {12706#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret49#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~11#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~11#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~18#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~18#1; {12706#false} is VALID [2022-02-20 18:00:03,134 INFO L290 TraceCheckUtils]: 105: Hoare triple {12706#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~18#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~18#1; {12706#false} is VALID [2022-02-20 18:00:03,134 INFO L290 TraceCheckUtils]: 106: Hoare triple {12706#false} outgoing__wrappee__Keys_#t~ret49#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret49#1 && outgoing__wrappee__Keys_#t~ret49#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~11#1 := outgoing__wrappee__Keys_#t~ret49#1;havoc outgoing__wrappee__Keys_#t~ret49#1; {12706#false} is VALID [2022-02-20 18:00:03,135 INFO L272 TraceCheckUtils]: 107: Hoare triple {12706#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~11#1); {12706#false} is VALID [2022-02-20 18:00:03,135 INFO L290 TraceCheckUtils]: 108: Hoare triple {12706#false} ~handle := #in~handle;~value := #in~value; {12706#false} is VALID [2022-02-20 18:00:03,135 INFO L290 TraceCheckUtils]: 109: Hoare triple {12706#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12706#false} is VALID [2022-02-20 18:00:03,135 INFO L290 TraceCheckUtils]: 110: Hoare triple {12706#false} assume true; {12706#false} is VALID [2022-02-20 18:00:03,135 INFO L284 TraceCheckUtils]: 111: Hoare quadruple {12706#false} {12706#false} #1243#return; {12706#false} is VALID [2022-02-20 18:00:03,135 INFO L290 TraceCheckUtils]: 112: Hoare triple {12706#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret47#1, mail_#t~ret48#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~10#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~10#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret76#1, __utac_acc__SignForward_spec__1_#t~ret77#1, __utac_acc__SignForward_spec__1_#t~ret78#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~21#1, __utac_acc__SignForward_spec__1_~tmp___0~9#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~21#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~9#1;call __utac_acc__SignForward_spec__1_#t~ret76#1 := puts(27, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret76#1 && __utac_acc__SignForward_spec__1_#t~ret76#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret76#1; {12706#false} is VALID [2022-02-20 18:00:03,135 INFO L272 TraceCheckUtils]: 113: Hoare triple {12706#false} call __utac_acc__SignForward_spec__1_#t~ret77#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {12706#false} is VALID [2022-02-20 18:00:03,135 INFO L290 TraceCheckUtils]: 114: Hoare triple {12706#false} ~handle := #in~handle;havoc ~retValue_acc~41; {12706#false} is VALID [2022-02-20 18:00:03,136 INFO L290 TraceCheckUtils]: 115: Hoare triple {12706#false} assume 1 == ~handle;~retValue_acc~41 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~41; {12706#false} is VALID [2022-02-20 18:00:03,136 INFO L290 TraceCheckUtils]: 116: Hoare triple {12706#false} assume true; {12706#false} is VALID [2022-02-20 18:00:03,136 INFO L284 TraceCheckUtils]: 117: Hoare quadruple {12706#false} {12706#false} #1245#return; {12706#false} is VALID [2022-02-20 18:00:03,136 INFO L290 TraceCheckUtils]: 118: Hoare triple {12706#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret77#1 && __utac_acc__SignForward_spec__1_#t~ret77#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~9#1 := __utac_acc__SignForward_spec__1_#t~ret77#1;havoc __utac_acc__SignForward_spec__1_#t~ret77#1; {12706#false} is VALID [2022-02-20 18:00:03,136 INFO L290 TraceCheckUtils]: 119: Hoare triple {12706#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~9#1; {12706#false} is VALID [2022-02-20 18:00:03,136 INFO L272 TraceCheckUtils]: 120: Hoare triple {12706#false} call __utac_acc__SignForward_spec__1_#t~ret78#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {12706#false} is VALID [2022-02-20 18:00:03,136 INFO L290 TraceCheckUtils]: 121: Hoare triple {12706#false} ~handle := #in~handle;havoc ~retValue_acc~11; {12706#false} is VALID [2022-02-20 18:00:03,136 INFO L290 TraceCheckUtils]: 122: Hoare triple {12706#false} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {12706#false} is VALID [2022-02-20 18:00:03,137 INFO L290 TraceCheckUtils]: 123: Hoare triple {12706#false} assume true; {12706#false} is VALID [2022-02-20 18:00:03,137 INFO L284 TraceCheckUtils]: 124: Hoare quadruple {12706#false} {12706#false} #1247#return; {12706#false} is VALID [2022-02-20 18:00:03,137 INFO L290 TraceCheckUtils]: 125: Hoare triple {12706#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret78#1 && __utac_acc__SignForward_spec__1_#t~ret78#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~21#1 := __utac_acc__SignForward_spec__1_#t~ret78#1;havoc __utac_acc__SignForward_spec__1_#t~ret78#1; {12706#false} is VALID [2022-02-20 18:00:03,137 INFO L290 TraceCheckUtils]: 126: Hoare triple {12706#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~21#1;assume { :begin_inline___automaton_fail } true; {12706#false} is VALID [2022-02-20 18:00:03,137 INFO L290 TraceCheckUtils]: 127: Hoare triple {12706#false} assume !false; {12706#false} is VALID [2022-02-20 18:00:03,137 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 15 trivial. 0 not checked. [2022-02-20 18:00:03,137 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:00:03,138 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [519046087] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:00:03,138 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:00:03,138 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [12] total 15 [2022-02-20 18:00:03,138 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1409234437] [2022-02-20 18:00:03,138 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:00:03,139 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 17.2) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (18), 2 states have call predecessors, (18), 3 states have return successors, (15), 3 states have call predecessors, (15), 3 states have call successors, (15) Word has length 128 [2022-02-20 18:00:03,139 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:00:03,139 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 17.2) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (18), 2 states have call predecessors, (18), 3 states have return successors, (15), 3 states have call predecessors, (15), 3 states have call successors, (15) [2022-02-20 18:00:03,205 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 119 edges. 119 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:03,205 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:00:03,205 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:00:03,206 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:00:03,206 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=30, Invalid=180, Unknown=0, NotChecked=0, Total=210 [2022-02-20 18:00:03,206 INFO L87 Difference]: Start difference. First operand 489 states and 752 transitions. Second operand has 5 states, 5 states have (on average 17.2) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (18), 2 states have call predecessors, (18), 3 states have return successors, (15), 3 states have call predecessors, (15), 3 states have call successors, (15) [2022-02-20 18:00:04,298 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:04,298 INFO L93 Difference]: Finished difference Result 967 states and 1493 transitions. [2022-02-20 18:00:04,298 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:00:04,298 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 17.2) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (18), 2 states have call predecessors, (18), 3 states have return successors, (15), 3 states have call predecessors, (15), 3 states have call successors, (15) Word has length 128 [2022-02-20 18:00:04,299 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:00:04,299 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 17.2) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (18), 2 states have call predecessors, (18), 3 states have return successors, (15), 3 states have call predecessors, (15), 3 states have call successors, (15) [2022-02-20 18:00:04,308 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1249 transitions. [2022-02-20 18:00:04,308 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 17.2) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (18), 2 states have call predecessors, (18), 3 states have return successors, (15), 3 states have call predecessors, (15), 3 states have call successors, (15) [2022-02-20 18:00:04,317 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1249 transitions. [2022-02-20 18:00:04,317 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1249 transitions. [2022-02-20 18:00:05,082 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1249 edges. 1249 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:05,095 INFO L225 Difference]: With dead ends: 967 [2022-02-20 18:00:05,095 INFO L226 Difference]: Without dead ends: 491 [2022-02-20 18:00:05,097 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 164 GetRequests, 150 SyntacticMatches, 0 SemanticMatches, 14 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=34, Invalid=206, Unknown=0, NotChecked=0, Total=240 [2022-02-20 18:00:05,098 INFO L933 BasicCegarLoop]: 619 mSDtfsCounter, 151 mSDsluCounter, 1680 mSDsCounter, 0 mSdLazyCounter, 45 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 174 SdHoareTripleChecker+Valid, 2299 SdHoareTripleChecker+Invalid, 45 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 45 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:00:05,098 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [174 Valid, 2299 Invalid, 45 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 45 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:00:05,100 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 491 states. [2022-02-20 18:00:05,188 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 491 to 491. [2022-02-20 18:00:05,188 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:00:05,189 INFO L82 GeneralOperation]: Start isEquivalent. First operand 491 states. Second operand has 491 states, 381 states have (on average 1.5590551181102361) internal successors, (594), 387 states have internal predecessors, (594), 79 states have call successors, (79), 28 states have call predecessors, (79), 30 states have return successors, (85), 77 states have call predecessors, (85), 78 states have call successors, (85) [2022-02-20 18:00:05,190 INFO L74 IsIncluded]: Start isIncluded. First operand 491 states. Second operand has 491 states, 381 states have (on average 1.5590551181102361) internal successors, (594), 387 states have internal predecessors, (594), 79 states have call successors, (79), 28 states have call predecessors, (79), 30 states have return successors, (85), 77 states have call predecessors, (85), 78 states have call successors, (85) [2022-02-20 18:00:05,192 INFO L87 Difference]: Start difference. First operand 491 states. Second operand has 491 states, 381 states have (on average 1.5590551181102361) internal successors, (594), 387 states have internal predecessors, (594), 79 states have call successors, (79), 28 states have call predecessors, (79), 30 states have return successors, (85), 77 states have call predecessors, (85), 78 states have call successors, (85) [2022-02-20 18:00:05,204 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:05,204 INFO L93 Difference]: Finished difference Result 491 states and 758 transitions. [2022-02-20 18:00:05,204 INFO L276 IsEmpty]: Start isEmpty. Operand 491 states and 758 transitions. [2022-02-20 18:00:05,205 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:05,205 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:05,206 INFO L74 IsIncluded]: Start isIncluded. First operand has 491 states, 381 states have (on average 1.5590551181102361) internal successors, (594), 387 states have internal predecessors, (594), 79 states have call successors, (79), 28 states have call predecessors, (79), 30 states have return successors, (85), 77 states have call predecessors, (85), 78 states have call successors, (85) Second operand 491 states. [2022-02-20 18:00:05,207 INFO L87 Difference]: Start difference. First operand has 491 states, 381 states have (on average 1.5590551181102361) internal successors, (594), 387 states have internal predecessors, (594), 79 states have call successors, (79), 28 states have call predecessors, (79), 30 states have return successors, (85), 77 states have call predecessors, (85), 78 states have call successors, (85) Second operand 491 states. [2022-02-20 18:00:05,221 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:05,222 INFO L93 Difference]: Finished difference Result 491 states and 758 transitions. [2022-02-20 18:00:05,222 INFO L276 IsEmpty]: Start isEmpty. Operand 491 states and 758 transitions. [2022-02-20 18:00:05,224 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:05,225 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:05,225 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:00:05,225 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:00:05,226 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 491 states, 381 states have (on average 1.5590551181102361) internal successors, (594), 387 states have internal predecessors, (594), 79 states have call successors, (79), 28 states have call predecessors, (79), 30 states have return successors, (85), 77 states have call predecessors, (85), 78 states have call successors, (85) [2022-02-20 18:00:05,240 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 491 states to 491 states and 758 transitions. [2022-02-20 18:00:05,241 INFO L78 Accepts]: Start accepts. Automaton has 491 states and 758 transitions. Word has length 128 [2022-02-20 18:00:05,242 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:00:05,242 INFO L470 AbstractCegarLoop]: Abstraction has 491 states and 758 transitions. [2022-02-20 18:00:05,242 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 17.2) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (18), 2 states have call predecessors, (18), 3 states have return successors, (15), 3 states have call predecessors, (15), 3 states have call successors, (15) [2022-02-20 18:00:05,242 INFO L276 IsEmpty]: Start isEmpty. Operand 491 states and 758 transitions. [2022-02-20 18:00:05,243 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 130 [2022-02-20 18:00:05,244 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:00:05,244 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:00:05,265 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Forceful destruction successful, exit code 0 [2022-02-20 18:00:05,465 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4,6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:00:05,465 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:00:05,465 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:00:05,466 INFO L85 PathProgramCache]: Analyzing trace with hash 588920322, now seen corresponding path program 1 times [2022-02-20 18:00:05,466 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:00:05,466 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1954897650] [2022-02-20 18:00:05,466 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:05,466 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:00:05,492 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:05,519 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:00:05,520 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:05,522 INFO L290 TraceCheckUtils]: 0: Hoare triple {16224#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16158#true} is VALID [2022-02-20 18:00:05,522 INFO L290 TraceCheckUtils]: 1: Hoare triple {16158#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {16158#true} is VALID [2022-02-20 18:00:05,522 INFO L290 TraceCheckUtils]: 2: Hoare triple {16158#true} assume true; {16158#true} is VALID [2022-02-20 18:00:05,522 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16158#true} {16158#true} #1279#return; {16158#true} is VALID [2022-02-20 18:00:05,527 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:00:05,528 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:05,530 INFO L290 TraceCheckUtils]: 0: Hoare triple {16225#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16158#true} is VALID [2022-02-20 18:00:05,530 INFO L290 TraceCheckUtils]: 1: Hoare triple {16158#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {16158#true} is VALID [2022-02-20 18:00:05,530 INFO L290 TraceCheckUtils]: 2: Hoare triple {16158#true} assume true; {16158#true} is VALID [2022-02-20 18:00:05,531 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16158#true} {16158#true} #1281#return; {16158#true} is VALID [2022-02-20 18:00:05,531 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:00:05,533 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:05,535 INFO L290 TraceCheckUtils]: 0: Hoare triple {16224#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16158#true} is VALID [2022-02-20 18:00:05,535 INFO L290 TraceCheckUtils]: 1: Hoare triple {16158#true} assume !(1 == ~handle); {16158#true} is VALID [2022-02-20 18:00:05,535 INFO L290 TraceCheckUtils]: 2: Hoare triple {16158#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {16158#true} is VALID [2022-02-20 18:00:05,535 INFO L290 TraceCheckUtils]: 3: Hoare triple {16158#true} assume true; {16158#true} is VALID [2022-02-20 18:00:05,535 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {16158#true} {16158#true} #1283#return; {16158#true} is VALID [2022-02-20 18:00:05,535 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:00:05,537 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:05,540 INFO L290 TraceCheckUtils]: 0: Hoare triple {16225#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16158#true} is VALID [2022-02-20 18:00:05,540 INFO L290 TraceCheckUtils]: 1: Hoare triple {16158#true} assume !(1 == ~handle); {16158#true} is VALID [2022-02-20 18:00:05,540 INFO L290 TraceCheckUtils]: 2: Hoare triple {16158#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {16158#true} is VALID [2022-02-20 18:00:05,540 INFO L290 TraceCheckUtils]: 3: Hoare triple {16158#true} assume true; {16158#true} is VALID [2022-02-20 18:00:05,540 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {16158#true} {16158#true} #1285#return; {16158#true} is VALID [2022-02-20 18:00:05,540 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:00:05,543 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:05,555 INFO L290 TraceCheckUtils]: 0: Hoare triple {16224#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16226#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:05,555 INFO L290 TraceCheckUtils]: 1: Hoare triple {16226#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {16227#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:05,555 INFO L290 TraceCheckUtils]: 2: Hoare triple {16227#(= |setClientId_#in~handle| 1)} assume true; {16227#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:05,556 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16227#(= |setClientId_#in~handle| 1)} {16178#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1287#return; {16159#false} is VALID [2022-02-20 18:00:05,556 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:00:05,557 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:05,559 INFO L290 TraceCheckUtils]: 0: Hoare triple {16225#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16158#true} is VALID [2022-02-20 18:00:05,560 INFO L290 TraceCheckUtils]: 1: Hoare triple {16158#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {16158#true} is VALID [2022-02-20 18:00:05,560 INFO L290 TraceCheckUtils]: 2: Hoare triple {16158#true} assume true; {16158#true} is VALID [2022-02-20 18:00:05,560 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16158#true} {16159#false} #1289#return; {16159#false} is VALID [2022-02-20 18:00:05,565 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-02-20 18:00:05,566 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:05,568 INFO L290 TraceCheckUtils]: 0: Hoare triple {16228#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {16158#true} is VALID [2022-02-20 18:00:05,568 INFO L290 TraceCheckUtils]: 1: Hoare triple {16158#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {16158#true} is VALID [2022-02-20 18:00:05,568 INFO L290 TraceCheckUtils]: 2: Hoare triple {16158#true} assume true; {16158#true} is VALID [2022-02-20 18:00:05,569 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16158#true} {16159#false} #1221#return; {16159#false} is VALID [2022-02-20 18:00:05,575 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65 [2022-02-20 18:00:05,576 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:05,579 INFO L290 TraceCheckUtils]: 0: Hoare triple {16229#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {16158#true} is VALID [2022-02-20 18:00:05,579 INFO L290 TraceCheckUtils]: 1: Hoare triple {16158#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {16158#true} is VALID [2022-02-20 18:00:05,579 INFO L290 TraceCheckUtils]: 2: Hoare triple {16158#true} assume true; {16158#true} is VALID [2022-02-20 18:00:05,579 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16158#true} {16159#false} #1223#return; {16159#false} is VALID [2022-02-20 18:00:05,579 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 74 [2022-02-20 18:00:05,580 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:05,582 INFO L290 TraceCheckUtils]: 0: Hoare triple {16158#true} ~handle := #in~handle;havoc ~retValue_acc~11; {16158#true} is VALID [2022-02-20 18:00:05,582 INFO L290 TraceCheckUtils]: 1: Hoare triple {16158#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {16158#true} is VALID [2022-02-20 18:00:05,583 INFO L290 TraceCheckUtils]: 2: Hoare triple {16158#true} assume true; {16158#true} is VALID [2022-02-20 18:00:05,583 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16158#true} {16159#false} #1201#return; {16159#false} is VALID [2022-02-20 18:00:05,583 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82 [2022-02-20 18:00:05,584 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:05,585 INFO L290 TraceCheckUtils]: 0: Hoare triple {16158#true} ~handle := #in~handle;havoc ~retValue_acc~5; {16158#true} is VALID [2022-02-20 18:00:05,585 INFO L290 TraceCheckUtils]: 1: Hoare triple {16158#true} assume 1 == ~handle;~retValue_acc~5 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~5; {16158#true} is VALID [2022-02-20 18:00:05,585 INFO L290 TraceCheckUtils]: 2: Hoare triple {16158#true} assume true; {16158#true} is VALID [2022-02-20 18:00:05,586 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16158#true} {16159#false} #1203#return; {16159#false} is VALID [2022-02-20 18:00:05,586 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91 [2022-02-20 18:00:05,587 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:05,588 INFO L290 TraceCheckUtils]: 0: Hoare triple {16158#true} ~handle := #in~handle;havoc ~retValue_acc~36; {16158#true} is VALID [2022-02-20 18:00:05,589 INFO L290 TraceCheckUtils]: 1: Hoare triple {16158#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {16158#true} is VALID [2022-02-20 18:00:05,589 INFO L290 TraceCheckUtils]: 2: Hoare triple {16158#true} assume true; {16158#true} is VALID [2022-02-20 18:00:05,589 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16158#true} {16159#false} #1235#return; {16159#false} is VALID [2022-02-20 18:00:05,589 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 97 [2022-02-20 18:00:05,590 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:05,593 INFO L290 TraceCheckUtils]: 0: Hoare triple {16158#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~16; {16158#true} is VALID [2022-02-20 18:00:05,593 INFO L290 TraceCheckUtils]: 1: Hoare triple {16158#true} assume 1 == ~handle; {16158#true} is VALID [2022-02-20 18:00:05,593 INFO L290 TraceCheckUtils]: 2: Hoare triple {16158#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~16 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~16; {16158#true} is VALID [2022-02-20 18:00:05,593 INFO L290 TraceCheckUtils]: 3: Hoare triple {16158#true} assume true; {16158#true} is VALID [2022-02-20 18:00:05,593 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {16158#true} {16159#false} #1237#return; {16159#false} is VALID [2022-02-20 18:00:05,594 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 108 [2022-02-20 18:00:05,594 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:05,596 INFO L290 TraceCheckUtils]: 0: Hoare triple {16228#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {16158#true} is VALID [2022-02-20 18:00:05,596 INFO L290 TraceCheckUtils]: 1: Hoare triple {16158#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {16158#true} is VALID [2022-02-20 18:00:05,596 INFO L290 TraceCheckUtils]: 2: Hoare triple {16158#true} assume true; {16158#true} is VALID [2022-02-20 18:00:05,597 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16158#true} {16159#false} #1243#return; {16159#false} is VALID [2022-02-20 18:00:05,597 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 114 [2022-02-20 18:00:05,599 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:05,601 INFO L290 TraceCheckUtils]: 0: Hoare triple {16158#true} ~handle := #in~handle;havoc ~retValue_acc~41; {16158#true} is VALID [2022-02-20 18:00:05,601 INFO L290 TraceCheckUtils]: 1: Hoare triple {16158#true} assume 1 == ~handle;~retValue_acc~41 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~41; {16158#true} is VALID [2022-02-20 18:00:05,601 INFO L290 TraceCheckUtils]: 2: Hoare triple {16158#true} assume true; {16158#true} is VALID [2022-02-20 18:00:05,601 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16158#true} {16159#false} #1245#return; {16159#false} is VALID [2022-02-20 18:00:05,601 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 121 [2022-02-20 18:00:05,602 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:05,605 INFO L290 TraceCheckUtils]: 0: Hoare triple {16158#true} ~handle := #in~handle;havoc ~retValue_acc~11; {16158#true} is VALID [2022-02-20 18:00:05,605 INFO L290 TraceCheckUtils]: 1: Hoare triple {16158#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {16158#true} is VALID [2022-02-20 18:00:05,605 INFO L290 TraceCheckUtils]: 2: Hoare triple {16158#true} assume true; {16158#true} is VALID [2022-02-20 18:00:05,606 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16158#true} {16159#false} #1247#return; {16159#false} is VALID [2022-02-20 18:00:05,606 INFO L290 TraceCheckUtils]: 0: Hoare triple {16158#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(13, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(34, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(20, 25);call #Ultimate.allocInit(22, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {16158#true} is VALID [2022-02-20 18:00:05,606 INFO L290 TraceCheckUtils]: 1: Hoare triple {16158#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret15#1, main_~retValue_acc~19#1, main_~tmp~3#1;havoc main_~retValue_acc~19#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {16158#true} is VALID [2022-02-20 18:00:05,606 INFO L290 TraceCheckUtils]: 2: Hoare triple {16158#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {16158#true} is VALID [2022-02-20 18:00:05,606 INFO L290 TraceCheckUtils]: 3: Hoare triple {16158#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {16158#true} is VALID [2022-02-20 18:00:05,606 INFO L290 TraceCheckUtils]: 4: Hoare triple {16158#true} main_#t~ret15#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret15#1 && main_#t~ret15#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret15#1;havoc main_#t~ret15#1; {16158#true} is VALID [2022-02-20 18:00:05,606 INFO L290 TraceCheckUtils]: 5: Hoare triple {16158#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet12#1, setup_#t~nondet13#1, setup_#t~nondet14#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {16158#true} is VALID [2022-02-20 18:00:05,607 INFO L272 TraceCheckUtils]: 6: Hoare triple {16158#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {16224#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:05,607 INFO L290 TraceCheckUtils]: 7: Hoare triple {16224#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16158#true} is VALID [2022-02-20 18:00:05,607 INFO L290 TraceCheckUtils]: 8: Hoare triple {16158#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {16158#true} is VALID [2022-02-20 18:00:05,607 INFO L290 TraceCheckUtils]: 9: Hoare triple {16158#true} assume true; {16158#true} is VALID [2022-02-20 18:00:05,608 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {16158#true} {16158#true} #1279#return; {16158#true} is VALID [2022-02-20 18:00:05,608 INFO L290 TraceCheckUtils]: 11: Hoare triple {16158#true} assume { :end_inline_setup_bob__wrappee__Base } true; {16158#true} is VALID [2022-02-20 18:00:05,608 INFO L272 TraceCheckUtils]: 12: Hoare triple {16158#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {16225#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:05,608 INFO L290 TraceCheckUtils]: 13: Hoare triple {16225#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16158#true} is VALID [2022-02-20 18:00:05,609 INFO L290 TraceCheckUtils]: 14: Hoare triple {16158#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {16158#true} is VALID [2022-02-20 18:00:05,609 INFO L290 TraceCheckUtils]: 15: Hoare triple {16158#true} assume true; {16158#true} is VALID [2022-02-20 18:00:05,609 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {16158#true} {16158#true} #1281#return; {16158#true} is VALID [2022-02-20 18:00:05,609 INFO L290 TraceCheckUtils]: 17: Hoare triple {16158#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet12#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {16158#true} is VALID [2022-02-20 18:00:05,609 INFO L272 TraceCheckUtils]: 18: Hoare triple {16158#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {16224#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:05,610 INFO L290 TraceCheckUtils]: 19: Hoare triple {16224#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16158#true} is VALID [2022-02-20 18:00:05,610 INFO L290 TraceCheckUtils]: 20: Hoare triple {16158#true} assume !(1 == ~handle); {16158#true} is VALID [2022-02-20 18:00:05,610 INFO L290 TraceCheckUtils]: 21: Hoare triple {16158#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {16158#true} is VALID [2022-02-20 18:00:05,610 INFO L290 TraceCheckUtils]: 22: Hoare triple {16158#true} assume true; {16158#true} is VALID [2022-02-20 18:00:05,610 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {16158#true} {16158#true} #1283#return; {16158#true} is VALID [2022-02-20 18:00:05,610 INFO L290 TraceCheckUtils]: 24: Hoare triple {16158#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {16158#true} is VALID [2022-02-20 18:00:05,611 INFO L272 TraceCheckUtils]: 25: Hoare triple {16158#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {16225#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:05,611 INFO L290 TraceCheckUtils]: 26: Hoare triple {16225#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16158#true} is VALID [2022-02-20 18:00:05,611 INFO L290 TraceCheckUtils]: 27: Hoare triple {16158#true} assume !(1 == ~handle); {16158#true} is VALID [2022-02-20 18:00:05,611 INFO L290 TraceCheckUtils]: 28: Hoare triple {16158#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {16158#true} is VALID [2022-02-20 18:00:05,611 INFO L290 TraceCheckUtils]: 29: Hoare triple {16158#true} assume true; {16158#true} is VALID [2022-02-20 18:00:05,611 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {16158#true} {16158#true} #1285#return; {16158#true} is VALID [2022-02-20 18:00:05,612 INFO L290 TraceCheckUtils]: 31: Hoare triple {16158#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet13#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {16178#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:00:05,612 INFO L272 TraceCheckUtils]: 32: Hoare triple {16178#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {16224#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:05,613 INFO L290 TraceCheckUtils]: 33: Hoare triple {16224#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16226#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:05,613 INFO L290 TraceCheckUtils]: 34: Hoare triple {16226#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {16227#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:05,613 INFO L290 TraceCheckUtils]: 35: Hoare triple {16227#(= |setClientId_#in~handle| 1)} assume true; {16227#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:05,614 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {16227#(= |setClientId_#in~handle| 1)} {16178#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1287#return; {16159#false} is VALID [2022-02-20 18:00:05,614 INFO L290 TraceCheckUtils]: 37: Hoare triple {16159#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {16159#false} is VALID [2022-02-20 18:00:05,614 INFO L272 TraceCheckUtils]: 38: Hoare triple {16159#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {16225#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:05,614 INFO L290 TraceCheckUtils]: 39: Hoare triple {16225#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16158#true} is VALID [2022-02-20 18:00:05,614 INFO L290 TraceCheckUtils]: 40: Hoare triple {16158#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {16158#true} is VALID [2022-02-20 18:00:05,614 INFO L290 TraceCheckUtils]: 41: Hoare triple {16158#true} assume true; {16158#true} is VALID [2022-02-20 18:00:05,614 INFO L284 TraceCheckUtils]: 42: Hoare quadruple {16158#true} {16159#false} #1289#return; {16159#false} is VALID [2022-02-20 18:00:05,615 INFO L290 TraceCheckUtils]: 43: Hoare triple {16159#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 8, 0;havoc setup_#t~nondet14#1; {16159#false} is VALID [2022-02-20 18:00:05,615 INFO L290 TraceCheckUtils]: 44: Hoare triple {16159#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_#t~nondet107#1, test_#t~nondet108#1, test_#t~nondet109#1, test_#t~nondet110#1, test_#t~nondet111#1, test_#t~nondet112#1, test_#t~nondet113#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~25#1, test_~tmp___0~10#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~25#1;havoc test_~tmp___0~10#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {16159#false} is VALID [2022-02-20 18:00:05,615 INFO L290 TraceCheckUtils]: 45: Hoare triple {16159#false} assume !false; {16159#false} is VALID [2022-02-20 18:00:05,615 INFO L290 TraceCheckUtils]: 46: Hoare triple {16159#false} assume test_~splverifierCounter~0#1 < 4; {16159#false} is VALID [2022-02-20 18:00:05,615 INFO L290 TraceCheckUtils]: 47: Hoare triple {16159#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {16159#false} is VALID [2022-02-20 18:00:05,615 INFO L290 TraceCheckUtils]: 48: Hoare triple {16159#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet103#1 && test_#t~nondet103#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet103#1;havoc test_#t~nondet103#1; {16159#false} is VALID [2022-02-20 18:00:05,615 INFO L290 TraceCheckUtils]: 49: Hoare triple {16159#false} assume !(0 != test_~tmp___9~0#1); {16159#false} is VALID [2022-02-20 18:00:05,615 INFO L290 TraceCheckUtils]: 50: Hoare triple {16159#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet104#1 && test_#t~nondet104#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet104#1;havoc test_#t~nondet104#1; {16159#false} is VALID [2022-02-20 18:00:05,616 INFO L290 TraceCheckUtils]: 51: Hoare triple {16159#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {16159#false} is VALID [2022-02-20 18:00:05,616 INFO L290 TraceCheckUtils]: 52: Hoare triple {16159#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {16159#false} is VALID [2022-02-20 18:00:05,616 INFO L290 TraceCheckUtils]: 53: Hoare triple {16159#false} assume { :end_inline_setClientAutoResponse } true; {16159#false} is VALID [2022-02-20 18:00:05,616 INFO L290 TraceCheckUtils]: 54: Hoare triple {16159#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {16159#false} is VALID [2022-02-20 18:00:05,616 INFO L290 TraceCheckUtils]: 55: Hoare triple {16159#false} assume !false; {16159#false} is VALID [2022-02-20 18:00:05,616 INFO L290 TraceCheckUtils]: 56: Hoare triple {16159#false} assume !(test_~splverifierCounter~0#1 < 4); {16159#false} is VALID [2022-02-20 18:00:05,616 INFO L290 TraceCheckUtils]: 57: Hoare triple {16159#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_#t~ret10#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret7#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret7#1 && bobToRjh_#t~ret7#1 <= 2147483647;havoc bobToRjh_#t~ret7#1; {16159#false} is VALID [2022-02-20 18:00:05,616 INFO L272 TraceCheckUtils]: 58: Hoare triple {16159#false} call sendEmail(~bob~0, ~rjh~0); {16159#false} is VALID [2022-02-20 18:00:05,617 INFO L290 TraceCheckUtils]: 59: Hoare triple {16159#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {16159#false} is VALID [2022-02-20 18:00:05,617 INFO L272 TraceCheckUtils]: 60: Hoare triple {16159#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {16228#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:05,617 INFO L290 TraceCheckUtils]: 61: Hoare triple {16228#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {16158#true} is VALID [2022-02-20 18:00:05,617 INFO L290 TraceCheckUtils]: 62: Hoare triple {16158#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {16158#true} is VALID [2022-02-20 18:00:05,617 INFO L290 TraceCheckUtils]: 63: Hoare triple {16158#true} assume true; {16158#true} is VALID [2022-02-20 18:00:05,618 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {16158#true} {16159#false} #1221#return; {16159#false} is VALID [2022-02-20 18:00:05,618 INFO L272 TraceCheckUtils]: 65: Hoare triple {16159#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {16229#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:00:05,618 INFO L290 TraceCheckUtils]: 66: Hoare triple {16229#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {16158#true} is VALID [2022-02-20 18:00:05,618 INFO L290 TraceCheckUtils]: 67: Hoare triple {16158#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {16158#true} is VALID [2022-02-20 18:00:05,618 INFO L290 TraceCheckUtils]: 68: Hoare triple {16158#true} assume true; {16158#true} is VALID [2022-02-20 18:00:05,618 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {16158#true} {16159#false} #1223#return; {16159#false} is VALID [2022-02-20 18:00:05,618 INFO L290 TraceCheckUtils]: 70: Hoare triple {16159#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {16159#false} is VALID [2022-02-20 18:00:05,619 INFO L290 TraceCheckUtils]: 71: Hoare triple {16159#false} #t~ret65#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret65#1 && #t~ret65#1 <= 2147483647;~tmp~17#1 := #t~ret65#1;havoc #t~ret65#1;~email~0#1 := ~tmp~17#1; {16159#false} is VALID [2022-02-20 18:00:05,619 INFO L272 TraceCheckUtils]: 72: Hoare triple {16159#false} call outgoing(~sender#1, ~email~0#1); {16159#false} is VALID [2022-02-20 18:00:05,619 INFO L290 TraceCheckUtils]: 73: Hoare triple {16159#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret69#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~19#1; {16159#false} is VALID [2022-02-20 18:00:05,619 INFO L272 TraceCheckUtils]: 74: Hoare triple {16159#false} call sign_#t~ret69#1 := getClientPrivateKey(sign_~client#1); {16158#true} is VALID [2022-02-20 18:00:05,619 INFO L290 TraceCheckUtils]: 75: Hoare triple {16158#true} ~handle := #in~handle;havoc ~retValue_acc~11; {16158#true} is VALID [2022-02-20 18:00:05,619 INFO L290 TraceCheckUtils]: 76: Hoare triple {16158#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {16158#true} is VALID [2022-02-20 18:00:05,619 INFO L290 TraceCheckUtils]: 77: Hoare triple {16158#true} assume true; {16158#true} is VALID [2022-02-20 18:00:05,619 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {16158#true} {16159#false} #1201#return; {16159#false} is VALID [2022-02-20 18:00:05,620 INFO L290 TraceCheckUtils]: 79: Hoare triple {16159#false} assume -2147483648 <= sign_#t~ret69#1 && sign_#t~ret69#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret69#1;havoc sign_#t~ret69#1;sign_~privkey~1#1 := sign_~tmp~19#1; {16159#false} is VALID [2022-02-20 18:00:05,620 INFO L290 TraceCheckUtils]: 80: Hoare triple {16159#false} assume 0 == sign_~privkey~1#1; {16159#false} is VALID [2022-02-20 18:00:05,620 INFO L290 TraceCheckUtils]: 81: Hoare triple {16159#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret52#1, outgoing__wrappee__AddressBook_#t~ret53#1, outgoing__wrappee__AddressBook_#t~ret54#1, outgoing__wrappee__AddressBook_#t~ret55#1, outgoing__wrappee__AddressBook_#t~ret56#1, outgoing__wrappee__AddressBook_#t~ret57#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~13#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~6#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~13#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~6#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {16159#false} is VALID [2022-02-20 18:00:05,620 INFO L272 TraceCheckUtils]: 82: Hoare triple {16159#false} call outgoing__wrappee__AddressBook_#t~ret52#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {16158#true} is VALID [2022-02-20 18:00:05,620 INFO L290 TraceCheckUtils]: 83: Hoare triple {16158#true} ~handle := #in~handle;havoc ~retValue_acc~5; {16158#true} is VALID [2022-02-20 18:00:05,620 INFO L290 TraceCheckUtils]: 84: Hoare triple {16158#true} assume 1 == ~handle;~retValue_acc~5 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~5; {16158#true} is VALID [2022-02-20 18:00:05,620 INFO L290 TraceCheckUtils]: 85: Hoare triple {16158#true} assume true; {16158#true} is VALID [2022-02-20 18:00:05,620 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {16158#true} {16159#false} #1203#return; {16159#false} is VALID [2022-02-20 18:00:05,620 INFO L290 TraceCheckUtils]: 87: Hoare triple {16159#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret52#1 && outgoing__wrappee__AddressBook_#t~ret52#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~13#1 := outgoing__wrappee__AddressBook_#t~ret52#1;havoc outgoing__wrappee__AddressBook_#t~ret52#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~13#1; {16159#false} is VALID [2022-02-20 18:00:05,621 INFO L290 TraceCheckUtils]: 88: Hoare triple {16159#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {16159#false} is VALID [2022-02-20 18:00:05,621 INFO L272 TraceCheckUtils]: 89: Hoare triple {16159#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {16159#false} is VALID [2022-02-20 18:00:05,621 INFO L290 TraceCheckUtils]: 90: Hoare triple {16159#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~12#1;havoc ~pubkey~0#1;havoc ~tmp___0~5#1; {16159#false} is VALID [2022-02-20 18:00:05,621 INFO L272 TraceCheckUtils]: 91: Hoare triple {16159#false} call #t~ret50#1 := getEmailTo(~msg#1); {16158#true} is VALID [2022-02-20 18:00:05,621 INFO L290 TraceCheckUtils]: 92: Hoare triple {16158#true} ~handle := #in~handle;havoc ~retValue_acc~36; {16158#true} is VALID [2022-02-20 18:00:05,621 INFO L290 TraceCheckUtils]: 93: Hoare triple {16158#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {16158#true} is VALID [2022-02-20 18:00:05,621 INFO L290 TraceCheckUtils]: 94: Hoare triple {16158#true} assume true; {16158#true} is VALID [2022-02-20 18:00:05,621 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {16158#true} {16159#false} #1235#return; {16159#false} is VALID [2022-02-20 18:00:05,622 INFO L290 TraceCheckUtils]: 96: Hoare triple {16159#false} assume -2147483648 <= #t~ret50#1 && #t~ret50#1 <= 2147483647;~tmp~12#1 := #t~ret50#1;havoc #t~ret50#1;~receiver~0#1 := ~tmp~12#1; {16159#false} is VALID [2022-02-20 18:00:05,622 INFO L272 TraceCheckUtils]: 97: Hoare triple {16159#false} call #t~ret51#1 := findPublicKey(~client#1, ~receiver~0#1); {16158#true} is VALID [2022-02-20 18:00:05,622 INFO L290 TraceCheckUtils]: 98: Hoare triple {16158#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~16; {16158#true} is VALID [2022-02-20 18:00:05,622 INFO L290 TraceCheckUtils]: 99: Hoare triple {16158#true} assume 1 == ~handle; {16158#true} is VALID [2022-02-20 18:00:05,622 INFO L290 TraceCheckUtils]: 100: Hoare triple {16158#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~16 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~16; {16158#true} is VALID [2022-02-20 18:00:05,622 INFO L290 TraceCheckUtils]: 101: Hoare triple {16158#true} assume true; {16158#true} is VALID [2022-02-20 18:00:05,622 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {16158#true} {16159#false} #1237#return; {16159#false} is VALID [2022-02-20 18:00:05,622 INFO L290 TraceCheckUtils]: 103: Hoare triple {16159#false} assume -2147483648 <= #t~ret51#1 && #t~ret51#1 <= 2147483647;~tmp___0~5#1 := #t~ret51#1;havoc #t~ret51#1;~pubkey~0#1 := ~tmp___0~5#1; {16159#false} is VALID [2022-02-20 18:00:05,622 INFO L290 TraceCheckUtils]: 104: Hoare triple {16159#false} assume !(0 != ~pubkey~0#1); {16159#false} is VALID [2022-02-20 18:00:05,623 INFO L290 TraceCheckUtils]: 105: Hoare triple {16159#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret49#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~11#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~11#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~18#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~18#1; {16159#false} is VALID [2022-02-20 18:00:05,623 INFO L290 TraceCheckUtils]: 106: Hoare triple {16159#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~18#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~18#1; {16159#false} is VALID [2022-02-20 18:00:05,623 INFO L290 TraceCheckUtils]: 107: Hoare triple {16159#false} outgoing__wrappee__Keys_#t~ret49#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret49#1 && outgoing__wrappee__Keys_#t~ret49#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~11#1 := outgoing__wrappee__Keys_#t~ret49#1;havoc outgoing__wrappee__Keys_#t~ret49#1; {16159#false} is VALID [2022-02-20 18:00:05,623 INFO L272 TraceCheckUtils]: 108: Hoare triple {16159#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~11#1); {16228#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:05,623 INFO L290 TraceCheckUtils]: 109: Hoare triple {16228#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {16158#true} is VALID [2022-02-20 18:00:05,623 INFO L290 TraceCheckUtils]: 110: Hoare triple {16158#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {16158#true} is VALID [2022-02-20 18:00:05,623 INFO L290 TraceCheckUtils]: 111: Hoare triple {16158#true} assume true; {16158#true} is VALID [2022-02-20 18:00:05,623 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {16158#true} {16159#false} #1243#return; {16159#false} is VALID [2022-02-20 18:00:05,624 INFO L290 TraceCheckUtils]: 113: Hoare triple {16159#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret47#1, mail_#t~ret48#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~10#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~10#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret76#1, __utac_acc__SignForward_spec__1_#t~ret77#1, __utac_acc__SignForward_spec__1_#t~ret78#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~21#1, __utac_acc__SignForward_spec__1_~tmp___0~9#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~21#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~9#1;call __utac_acc__SignForward_spec__1_#t~ret76#1 := puts(27, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret76#1 && __utac_acc__SignForward_spec__1_#t~ret76#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret76#1; {16159#false} is VALID [2022-02-20 18:00:05,624 INFO L272 TraceCheckUtils]: 114: Hoare triple {16159#false} call __utac_acc__SignForward_spec__1_#t~ret77#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {16158#true} is VALID [2022-02-20 18:00:05,624 INFO L290 TraceCheckUtils]: 115: Hoare triple {16158#true} ~handle := #in~handle;havoc ~retValue_acc~41; {16158#true} is VALID [2022-02-20 18:00:05,624 INFO L290 TraceCheckUtils]: 116: Hoare triple {16158#true} assume 1 == ~handle;~retValue_acc~41 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~41; {16158#true} is VALID [2022-02-20 18:00:05,624 INFO L290 TraceCheckUtils]: 117: Hoare triple {16158#true} assume true; {16158#true} is VALID [2022-02-20 18:00:05,624 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {16158#true} {16159#false} #1245#return; {16159#false} is VALID [2022-02-20 18:00:05,624 INFO L290 TraceCheckUtils]: 119: Hoare triple {16159#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret77#1 && __utac_acc__SignForward_spec__1_#t~ret77#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~9#1 := __utac_acc__SignForward_spec__1_#t~ret77#1;havoc __utac_acc__SignForward_spec__1_#t~ret77#1; {16159#false} is VALID [2022-02-20 18:00:05,624 INFO L290 TraceCheckUtils]: 120: Hoare triple {16159#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~9#1; {16159#false} is VALID [2022-02-20 18:00:05,625 INFO L272 TraceCheckUtils]: 121: Hoare triple {16159#false} call __utac_acc__SignForward_spec__1_#t~ret78#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {16158#true} is VALID [2022-02-20 18:00:05,625 INFO L290 TraceCheckUtils]: 122: Hoare triple {16158#true} ~handle := #in~handle;havoc ~retValue_acc~11; {16158#true} is VALID [2022-02-20 18:00:05,625 INFO L290 TraceCheckUtils]: 123: Hoare triple {16158#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {16158#true} is VALID [2022-02-20 18:00:05,625 INFO L290 TraceCheckUtils]: 124: Hoare triple {16158#true} assume true; {16158#true} is VALID [2022-02-20 18:00:05,625 INFO L284 TraceCheckUtils]: 125: Hoare quadruple {16158#true} {16159#false} #1247#return; {16159#false} is VALID [2022-02-20 18:00:05,625 INFO L290 TraceCheckUtils]: 126: Hoare triple {16159#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret78#1 && __utac_acc__SignForward_spec__1_#t~ret78#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~21#1 := __utac_acc__SignForward_spec__1_#t~ret78#1;havoc __utac_acc__SignForward_spec__1_#t~ret78#1; {16159#false} is VALID [2022-02-20 18:00:05,625 INFO L290 TraceCheckUtils]: 127: Hoare triple {16159#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~21#1;assume { :begin_inline___automaton_fail } true; {16159#false} is VALID [2022-02-20 18:00:05,625 INFO L290 TraceCheckUtils]: 128: Hoare triple {16159#false} assume !false; {16159#false} is VALID [2022-02-20 18:00:05,626 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 18:00:05,626 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:00:05,626 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1954897650] [2022-02-20 18:00:05,626 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1954897650] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:00:05,626 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:00:05,626 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 18:00:05,626 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1159293177] [2022-02-20 18:00:05,627 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:00:05,627 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 10.25) internal successors, (82), 5 states have internal predecessors, (82), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (15), 2 states have call predecessors, (15), 3 states have call successors, (15) Word has length 129 [2022-02-20 18:00:05,627 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:00:05,628 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 10.25) internal successors, (82), 5 states have internal predecessors, (82), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (15), 2 states have call predecessors, (15), 3 states have call successors, (15) [2022-02-20 18:00:05,706 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 115 edges. 115 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:05,706 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 18:00:05,706 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:00:05,706 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 18:00:05,706 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:00:05,707 INFO L87 Difference]: Start difference. First operand 491 states and 758 transitions. Second operand has 9 states, 8 states have (on average 10.25) internal successors, (82), 5 states have internal predecessors, (82), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (15), 2 states have call predecessors, (15), 3 states have call successors, (15) [2022-02-20 18:00:13,709 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:13,709 INFO L93 Difference]: Finished difference Result 1093 states and 1709 transitions. [2022-02-20 18:00:13,709 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 18:00:13,710 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 10.25) internal successors, (82), 5 states have internal predecessors, (82), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (15), 2 states have call predecessors, (15), 3 states have call successors, (15) Word has length 129 [2022-02-20 18:00:13,710 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:00:13,710 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 10.25) internal successors, (82), 5 states have internal predecessors, (82), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (15), 2 states have call predecessors, (15), 3 states have call successors, (15) [2022-02-20 18:00:13,723 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1457 transitions. [2022-02-20 18:00:13,724 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 10.25) internal successors, (82), 5 states have internal predecessors, (82), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (15), 2 states have call predecessors, (15), 3 states have call successors, (15) [2022-02-20 18:00:13,737 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1457 transitions. [2022-02-20 18:00:13,737 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1457 transitions. [2022-02-20 18:00:14,945 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1457 edges. 1457 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:14,967 INFO L225 Difference]: With dead ends: 1093 [2022-02-20 18:00:14,968 INFO L226 Difference]: Without dead ends: 625 [2022-02-20 18:00:14,969 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 48 GetRequests, 33 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 31 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 18:00:14,970 INFO L933 BasicCegarLoop]: 691 mSDtfsCounter, 1554 mSDsluCounter, 986 mSDsCounter, 0 mSdLazyCounter, 2310 mSolverCounterSat, 562 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1574 SdHoareTripleChecker+Valid, 1677 SdHoareTripleChecker+Invalid, 2872 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 562 IncrementalHoareTripleChecker+Valid, 2310 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.4s IncrementalHoareTripleChecker+Time [2022-02-20 18:00:14,970 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1574 Valid, 1677 Invalid, 2872 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [562 Valid, 2310 Invalid, 0 Unknown, 0 Unchecked, 3.4s Time] [2022-02-20 18:00:14,971 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 625 states. [2022-02-20 18:00:15,089 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 625 to 491. [2022-02-20 18:00:15,089 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:00:15,091 INFO L82 GeneralOperation]: Start isEquivalent. First operand 625 states. Second operand has 491 states, 381 states have (on average 1.5590551181102361) internal successors, (594), 387 states have internal predecessors, (594), 79 states have call successors, (79), 28 states have call predecessors, (79), 30 states have return successors, (84), 77 states have call predecessors, (84), 78 states have call successors, (84) [2022-02-20 18:00:15,092 INFO L74 IsIncluded]: Start isIncluded. First operand 625 states. Second operand has 491 states, 381 states have (on average 1.5590551181102361) internal successors, (594), 387 states have internal predecessors, (594), 79 states have call successors, (79), 28 states have call predecessors, (79), 30 states have return successors, (84), 77 states have call predecessors, (84), 78 states have call successors, (84) [2022-02-20 18:00:15,093 INFO L87 Difference]: Start difference. First operand 625 states. Second operand has 491 states, 381 states have (on average 1.5590551181102361) internal successors, (594), 387 states have internal predecessors, (594), 79 states have call successors, (79), 28 states have call predecessors, (79), 30 states have return successors, (84), 77 states have call predecessors, (84), 78 states have call successors, (84) [2022-02-20 18:00:15,115 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:15,115 INFO L93 Difference]: Finished difference Result 625 states and 982 transitions. [2022-02-20 18:00:15,115 INFO L276 IsEmpty]: Start isEmpty. Operand 625 states and 982 transitions. [2022-02-20 18:00:15,118 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:15,118 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:15,119 INFO L74 IsIncluded]: Start isIncluded. First operand has 491 states, 381 states have (on average 1.5590551181102361) internal successors, (594), 387 states have internal predecessors, (594), 79 states have call successors, (79), 28 states have call predecessors, (79), 30 states have return successors, (84), 77 states have call predecessors, (84), 78 states have call successors, (84) Second operand 625 states. [2022-02-20 18:00:15,135 INFO L87 Difference]: Start difference. First operand has 491 states, 381 states have (on average 1.5590551181102361) internal successors, (594), 387 states have internal predecessors, (594), 79 states have call successors, (79), 28 states have call predecessors, (79), 30 states have return successors, (84), 77 states have call predecessors, (84), 78 states have call successors, (84) Second operand 625 states. [2022-02-20 18:00:15,158 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:15,158 INFO L93 Difference]: Finished difference Result 625 states and 982 transitions. [2022-02-20 18:00:15,158 INFO L276 IsEmpty]: Start isEmpty. Operand 625 states and 982 transitions. [2022-02-20 18:00:15,161 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:15,161 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:15,161 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:00:15,161 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:00:15,163 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 491 states, 381 states have (on average 1.5590551181102361) internal successors, (594), 387 states have internal predecessors, (594), 79 states have call successors, (79), 28 states have call predecessors, (79), 30 states have return successors, (84), 77 states have call predecessors, (84), 78 states have call successors, (84) [2022-02-20 18:00:15,179 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 491 states to 491 states and 757 transitions. [2022-02-20 18:00:15,179 INFO L78 Accepts]: Start accepts. Automaton has 491 states and 757 transitions. Word has length 129 [2022-02-20 18:00:15,179 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:00:15,179 INFO L470 AbstractCegarLoop]: Abstraction has 491 states and 757 transitions. [2022-02-20 18:00:15,180 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 10.25) internal successors, (82), 5 states have internal predecessors, (82), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (15), 2 states have call predecessors, (15), 3 states have call successors, (15) [2022-02-20 18:00:15,180 INFO L276 IsEmpty]: Start isEmpty. Operand 491 states and 757 transitions. [2022-02-20 18:00:15,181 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 131 [2022-02-20 18:00:15,182 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:00:15,182 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:00:15,182 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 18:00:15,182 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:00:15,183 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:00:15,183 INFO L85 PathProgramCache]: Analyzing trace with hash 34869954, now seen corresponding path program 2 times [2022-02-20 18:00:15,183 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:00:15,183 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [258141845] [2022-02-20 18:00:15,183 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:15,183 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:00:15,205 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,225 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:00:15,227 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,229 INFO L290 TraceCheckUtils]: 0: Hoare triple {19767#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19700#true} is VALID [2022-02-20 18:00:15,229 INFO L290 TraceCheckUtils]: 1: Hoare triple {19700#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19700#true} is VALID [2022-02-20 18:00:15,229 INFO L290 TraceCheckUtils]: 2: Hoare triple {19700#true} assume true; {19700#true} is VALID [2022-02-20 18:00:15,229 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19700#true} {19700#true} #1279#return; {19700#true} is VALID [2022-02-20 18:00:15,234 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:00:15,235 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,237 INFO L290 TraceCheckUtils]: 0: Hoare triple {19768#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19700#true} is VALID [2022-02-20 18:00:15,237 INFO L290 TraceCheckUtils]: 1: Hoare triple {19700#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {19700#true} is VALID [2022-02-20 18:00:15,238 INFO L290 TraceCheckUtils]: 2: Hoare triple {19700#true} assume true; {19700#true} is VALID [2022-02-20 18:00:15,238 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19700#true} {19700#true} #1281#return; {19700#true} is VALID [2022-02-20 18:00:15,238 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:00:15,239 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,241 INFO L290 TraceCheckUtils]: 0: Hoare triple {19767#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19700#true} is VALID [2022-02-20 18:00:15,241 INFO L290 TraceCheckUtils]: 1: Hoare triple {19700#true} assume !(1 == ~handle); {19700#true} is VALID [2022-02-20 18:00:15,241 INFO L290 TraceCheckUtils]: 2: Hoare triple {19700#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {19700#true} is VALID [2022-02-20 18:00:15,241 INFO L290 TraceCheckUtils]: 3: Hoare triple {19700#true} assume true; {19700#true} is VALID [2022-02-20 18:00:15,242 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {19700#true} {19700#true} #1283#return; {19700#true} is VALID [2022-02-20 18:00:15,242 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:00:15,244 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,247 INFO L290 TraceCheckUtils]: 0: Hoare triple {19768#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19700#true} is VALID [2022-02-20 18:00:15,247 INFO L290 TraceCheckUtils]: 1: Hoare triple {19700#true} assume !(1 == ~handle); {19700#true} is VALID [2022-02-20 18:00:15,247 INFO L290 TraceCheckUtils]: 2: Hoare triple {19700#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {19700#true} is VALID [2022-02-20 18:00:15,247 INFO L290 TraceCheckUtils]: 3: Hoare triple {19700#true} assume true; {19700#true} is VALID [2022-02-20 18:00:15,247 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {19700#true} {19700#true} #1285#return; {19700#true} is VALID [2022-02-20 18:00:15,248 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:00:15,249 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,260 INFO L290 TraceCheckUtils]: 0: Hoare triple {19767#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19769#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:15,261 INFO L290 TraceCheckUtils]: 1: Hoare triple {19769#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {19769#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:15,261 INFO L290 TraceCheckUtils]: 2: Hoare triple {19769#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {19770#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:15,261 INFO L290 TraceCheckUtils]: 3: Hoare triple {19770#(= 2 |setClientId_#in~handle|)} assume true; {19770#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:15,262 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {19770#(= 2 |setClientId_#in~handle|)} {19720#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1287#return; {19701#false} is VALID [2022-02-20 18:00:15,262 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2022-02-20 18:00:15,264 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,266 INFO L290 TraceCheckUtils]: 0: Hoare triple {19768#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19700#true} is VALID [2022-02-20 18:00:15,266 INFO L290 TraceCheckUtils]: 1: Hoare triple {19700#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {19700#true} is VALID [2022-02-20 18:00:15,266 INFO L290 TraceCheckUtils]: 2: Hoare triple {19700#true} assume true; {19700#true} is VALID [2022-02-20 18:00:15,266 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19700#true} {19701#false} #1289#return; {19701#false} is VALID [2022-02-20 18:00:15,271 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 18:00:15,272 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,274 INFO L290 TraceCheckUtils]: 0: Hoare triple {19771#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19700#true} is VALID [2022-02-20 18:00:15,274 INFO L290 TraceCheckUtils]: 1: Hoare triple {19700#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19700#true} is VALID [2022-02-20 18:00:15,274 INFO L290 TraceCheckUtils]: 2: Hoare triple {19700#true} assume true; {19700#true} is VALID [2022-02-20 18:00:15,274 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19700#true} {19701#false} #1221#return; {19701#false} is VALID [2022-02-20 18:00:15,281 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 18:00:15,282 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,284 INFO L290 TraceCheckUtils]: 0: Hoare triple {19772#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {19700#true} is VALID [2022-02-20 18:00:15,284 INFO L290 TraceCheckUtils]: 1: Hoare triple {19700#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {19700#true} is VALID [2022-02-20 18:00:15,284 INFO L290 TraceCheckUtils]: 2: Hoare triple {19700#true} assume true; {19700#true} is VALID [2022-02-20 18:00:15,284 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19700#true} {19701#false} #1223#return; {19701#false} is VALID [2022-02-20 18:00:15,284 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:00:15,286 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,287 INFO L290 TraceCheckUtils]: 0: Hoare triple {19700#true} ~handle := #in~handle;havoc ~retValue_acc~11; {19700#true} is VALID [2022-02-20 18:00:15,288 INFO L290 TraceCheckUtils]: 1: Hoare triple {19700#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {19700#true} is VALID [2022-02-20 18:00:15,288 INFO L290 TraceCheckUtils]: 2: Hoare triple {19700#true} assume true; {19700#true} is VALID [2022-02-20 18:00:15,288 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19700#true} {19701#false} #1201#return; {19701#false} is VALID [2022-02-20 18:00:15,288 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83 [2022-02-20 18:00:15,289 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,291 INFO L290 TraceCheckUtils]: 0: Hoare triple {19700#true} ~handle := #in~handle;havoc ~retValue_acc~5; {19700#true} is VALID [2022-02-20 18:00:15,291 INFO L290 TraceCheckUtils]: 1: Hoare triple {19700#true} assume 1 == ~handle;~retValue_acc~5 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~5; {19700#true} is VALID [2022-02-20 18:00:15,291 INFO L290 TraceCheckUtils]: 2: Hoare triple {19700#true} assume true; {19700#true} is VALID [2022-02-20 18:00:15,291 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19700#true} {19701#false} #1203#return; {19701#false} is VALID [2022-02-20 18:00:15,291 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:00:15,292 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,293 INFO L290 TraceCheckUtils]: 0: Hoare triple {19700#true} ~handle := #in~handle;havoc ~retValue_acc~36; {19700#true} is VALID [2022-02-20 18:00:15,294 INFO L290 TraceCheckUtils]: 1: Hoare triple {19700#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {19700#true} is VALID [2022-02-20 18:00:15,294 INFO L290 TraceCheckUtils]: 2: Hoare triple {19700#true} assume true; {19700#true} is VALID [2022-02-20 18:00:15,294 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19700#true} {19701#false} #1235#return; {19701#false} is VALID [2022-02-20 18:00:15,294 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 18:00:15,295 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,296 INFO L290 TraceCheckUtils]: 0: Hoare triple {19700#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~16; {19700#true} is VALID [2022-02-20 18:00:15,296 INFO L290 TraceCheckUtils]: 1: Hoare triple {19700#true} assume 1 == ~handle; {19700#true} is VALID [2022-02-20 18:00:15,297 INFO L290 TraceCheckUtils]: 2: Hoare triple {19700#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~16 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~16; {19700#true} is VALID [2022-02-20 18:00:15,297 INFO L290 TraceCheckUtils]: 3: Hoare triple {19700#true} assume true; {19700#true} is VALID [2022-02-20 18:00:15,297 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {19700#true} {19701#false} #1237#return; {19701#false} is VALID [2022-02-20 18:00:15,297 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 109 [2022-02-20 18:00:15,298 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,299 INFO L290 TraceCheckUtils]: 0: Hoare triple {19771#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19700#true} is VALID [2022-02-20 18:00:15,300 INFO L290 TraceCheckUtils]: 1: Hoare triple {19700#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19700#true} is VALID [2022-02-20 18:00:15,300 INFO L290 TraceCheckUtils]: 2: Hoare triple {19700#true} assume true; {19700#true} is VALID [2022-02-20 18:00:15,300 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19700#true} {19701#false} #1243#return; {19701#false} is VALID [2022-02-20 18:00:15,300 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 115 [2022-02-20 18:00:15,301 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,303 INFO L290 TraceCheckUtils]: 0: Hoare triple {19700#true} ~handle := #in~handle;havoc ~retValue_acc~41; {19700#true} is VALID [2022-02-20 18:00:15,303 INFO L290 TraceCheckUtils]: 1: Hoare triple {19700#true} assume 1 == ~handle;~retValue_acc~41 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~41; {19700#true} is VALID [2022-02-20 18:00:15,304 INFO L290 TraceCheckUtils]: 2: Hoare triple {19700#true} assume true; {19700#true} is VALID [2022-02-20 18:00:15,304 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19700#true} {19701#false} #1245#return; {19701#false} is VALID [2022-02-20 18:00:15,304 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 122 [2022-02-20 18:00:15,305 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:15,306 INFO L290 TraceCheckUtils]: 0: Hoare triple {19700#true} ~handle := #in~handle;havoc ~retValue_acc~11; {19700#true} is VALID [2022-02-20 18:00:15,307 INFO L290 TraceCheckUtils]: 1: Hoare triple {19700#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {19700#true} is VALID [2022-02-20 18:00:15,307 INFO L290 TraceCheckUtils]: 2: Hoare triple {19700#true} assume true; {19700#true} is VALID [2022-02-20 18:00:15,307 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19700#true} {19701#false} #1247#return; {19701#false} is VALID [2022-02-20 18:00:15,307 INFO L290 TraceCheckUtils]: 0: Hoare triple {19700#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(13, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(34, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(20, 25);call #Ultimate.allocInit(22, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {19700#true} is VALID [2022-02-20 18:00:15,307 INFO L290 TraceCheckUtils]: 1: Hoare triple {19700#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret15#1, main_~retValue_acc~19#1, main_~tmp~3#1;havoc main_~retValue_acc~19#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {19700#true} is VALID [2022-02-20 18:00:15,307 INFO L290 TraceCheckUtils]: 2: Hoare triple {19700#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {19700#true} is VALID [2022-02-20 18:00:15,307 INFO L290 TraceCheckUtils]: 3: Hoare triple {19700#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {19700#true} is VALID [2022-02-20 18:00:15,308 INFO L290 TraceCheckUtils]: 4: Hoare triple {19700#true} main_#t~ret15#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret15#1 && main_#t~ret15#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret15#1;havoc main_#t~ret15#1; {19700#true} is VALID [2022-02-20 18:00:15,308 INFO L290 TraceCheckUtils]: 5: Hoare triple {19700#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet12#1, setup_#t~nondet13#1, setup_#t~nondet14#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {19700#true} is VALID [2022-02-20 18:00:15,308 INFO L272 TraceCheckUtils]: 6: Hoare triple {19700#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {19767#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:15,308 INFO L290 TraceCheckUtils]: 7: Hoare triple {19767#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19700#true} is VALID [2022-02-20 18:00:15,308 INFO L290 TraceCheckUtils]: 8: Hoare triple {19700#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19700#true} is VALID [2022-02-20 18:00:15,309 INFO L290 TraceCheckUtils]: 9: Hoare triple {19700#true} assume true; {19700#true} is VALID [2022-02-20 18:00:15,309 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {19700#true} {19700#true} #1279#return; {19700#true} is VALID [2022-02-20 18:00:15,309 INFO L290 TraceCheckUtils]: 11: Hoare triple {19700#true} assume { :end_inline_setup_bob__wrappee__Base } true; {19700#true} is VALID [2022-02-20 18:00:15,309 INFO L272 TraceCheckUtils]: 12: Hoare triple {19700#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {19768#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:15,309 INFO L290 TraceCheckUtils]: 13: Hoare triple {19768#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19700#true} is VALID [2022-02-20 18:00:15,310 INFO L290 TraceCheckUtils]: 14: Hoare triple {19700#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {19700#true} is VALID [2022-02-20 18:00:15,310 INFO L290 TraceCheckUtils]: 15: Hoare triple {19700#true} assume true; {19700#true} is VALID [2022-02-20 18:00:15,310 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {19700#true} {19700#true} #1281#return; {19700#true} is VALID [2022-02-20 18:00:15,310 INFO L290 TraceCheckUtils]: 17: Hoare triple {19700#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet12#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {19700#true} is VALID [2022-02-20 18:00:15,310 INFO L272 TraceCheckUtils]: 18: Hoare triple {19700#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {19767#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:15,311 INFO L290 TraceCheckUtils]: 19: Hoare triple {19767#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19700#true} is VALID [2022-02-20 18:00:15,311 INFO L290 TraceCheckUtils]: 20: Hoare triple {19700#true} assume !(1 == ~handle); {19700#true} is VALID [2022-02-20 18:00:15,311 INFO L290 TraceCheckUtils]: 21: Hoare triple {19700#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {19700#true} is VALID [2022-02-20 18:00:15,311 INFO L290 TraceCheckUtils]: 22: Hoare triple {19700#true} assume true; {19700#true} is VALID [2022-02-20 18:00:15,311 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {19700#true} {19700#true} #1283#return; {19700#true} is VALID [2022-02-20 18:00:15,311 INFO L290 TraceCheckUtils]: 24: Hoare triple {19700#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {19700#true} is VALID [2022-02-20 18:00:15,312 INFO L272 TraceCheckUtils]: 25: Hoare triple {19700#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {19768#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:15,312 INFO L290 TraceCheckUtils]: 26: Hoare triple {19768#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19700#true} is VALID [2022-02-20 18:00:15,312 INFO L290 TraceCheckUtils]: 27: Hoare triple {19700#true} assume !(1 == ~handle); {19700#true} is VALID [2022-02-20 18:00:15,312 INFO L290 TraceCheckUtils]: 28: Hoare triple {19700#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {19700#true} is VALID [2022-02-20 18:00:15,312 INFO L290 TraceCheckUtils]: 29: Hoare triple {19700#true} assume true; {19700#true} is VALID [2022-02-20 18:00:15,312 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {19700#true} {19700#true} #1285#return; {19700#true} is VALID [2022-02-20 18:00:15,313 INFO L290 TraceCheckUtils]: 31: Hoare triple {19700#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet13#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {19720#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:00:15,313 INFO L272 TraceCheckUtils]: 32: Hoare triple {19720#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {19767#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:15,314 INFO L290 TraceCheckUtils]: 33: Hoare triple {19767#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19769#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:15,314 INFO L290 TraceCheckUtils]: 34: Hoare triple {19769#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {19769#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:15,314 INFO L290 TraceCheckUtils]: 35: Hoare triple {19769#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {19770#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:15,315 INFO L290 TraceCheckUtils]: 36: Hoare triple {19770#(= 2 |setClientId_#in~handle|)} assume true; {19770#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:15,315 INFO L284 TraceCheckUtils]: 37: Hoare quadruple {19770#(= 2 |setClientId_#in~handle|)} {19720#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1287#return; {19701#false} is VALID [2022-02-20 18:00:15,315 INFO L290 TraceCheckUtils]: 38: Hoare triple {19701#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {19701#false} is VALID [2022-02-20 18:00:15,315 INFO L272 TraceCheckUtils]: 39: Hoare triple {19701#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {19768#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:15,315 INFO L290 TraceCheckUtils]: 40: Hoare triple {19768#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19700#true} is VALID [2022-02-20 18:00:15,316 INFO L290 TraceCheckUtils]: 41: Hoare triple {19700#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {19700#true} is VALID [2022-02-20 18:00:15,316 INFO L290 TraceCheckUtils]: 42: Hoare triple {19700#true} assume true; {19700#true} is VALID [2022-02-20 18:00:15,316 INFO L284 TraceCheckUtils]: 43: Hoare quadruple {19700#true} {19701#false} #1289#return; {19701#false} is VALID [2022-02-20 18:00:15,316 INFO L290 TraceCheckUtils]: 44: Hoare triple {19701#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 8, 0;havoc setup_#t~nondet14#1; {19701#false} is VALID [2022-02-20 18:00:15,316 INFO L290 TraceCheckUtils]: 45: Hoare triple {19701#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_#t~nondet107#1, test_#t~nondet108#1, test_#t~nondet109#1, test_#t~nondet110#1, test_#t~nondet111#1, test_#t~nondet112#1, test_#t~nondet113#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~25#1, test_~tmp___0~10#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~25#1;havoc test_~tmp___0~10#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {19701#false} is VALID [2022-02-20 18:00:15,316 INFO L290 TraceCheckUtils]: 46: Hoare triple {19701#false} assume !false; {19701#false} is VALID [2022-02-20 18:00:15,316 INFO L290 TraceCheckUtils]: 47: Hoare triple {19701#false} assume test_~splverifierCounter~0#1 < 4; {19701#false} is VALID [2022-02-20 18:00:15,317 INFO L290 TraceCheckUtils]: 48: Hoare triple {19701#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {19701#false} is VALID [2022-02-20 18:00:15,317 INFO L290 TraceCheckUtils]: 49: Hoare triple {19701#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet103#1 && test_#t~nondet103#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet103#1;havoc test_#t~nondet103#1; {19701#false} is VALID [2022-02-20 18:00:15,317 INFO L290 TraceCheckUtils]: 50: Hoare triple {19701#false} assume !(0 != test_~tmp___9~0#1); {19701#false} is VALID [2022-02-20 18:00:15,317 INFO L290 TraceCheckUtils]: 51: Hoare triple {19701#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet104#1 && test_#t~nondet104#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet104#1;havoc test_#t~nondet104#1; {19701#false} is VALID [2022-02-20 18:00:15,317 INFO L290 TraceCheckUtils]: 52: Hoare triple {19701#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {19701#false} is VALID [2022-02-20 18:00:15,317 INFO L290 TraceCheckUtils]: 53: Hoare triple {19701#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {19701#false} is VALID [2022-02-20 18:00:15,317 INFO L290 TraceCheckUtils]: 54: Hoare triple {19701#false} assume { :end_inline_setClientAutoResponse } true; {19701#false} is VALID [2022-02-20 18:00:15,317 INFO L290 TraceCheckUtils]: 55: Hoare triple {19701#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {19701#false} is VALID [2022-02-20 18:00:15,317 INFO L290 TraceCheckUtils]: 56: Hoare triple {19701#false} assume !false; {19701#false} is VALID [2022-02-20 18:00:15,318 INFO L290 TraceCheckUtils]: 57: Hoare triple {19701#false} assume !(test_~splverifierCounter~0#1 < 4); {19701#false} is VALID [2022-02-20 18:00:15,318 INFO L290 TraceCheckUtils]: 58: Hoare triple {19701#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_#t~ret10#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret7#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret7#1 && bobToRjh_#t~ret7#1 <= 2147483647;havoc bobToRjh_#t~ret7#1; {19701#false} is VALID [2022-02-20 18:00:15,318 INFO L272 TraceCheckUtils]: 59: Hoare triple {19701#false} call sendEmail(~bob~0, ~rjh~0); {19701#false} is VALID [2022-02-20 18:00:15,318 INFO L290 TraceCheckUtils]: 60: Hoare triple {19701#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {19701#false} is VALID [2022-02-20 18:00:15,318 INFO L272 TraceCheckUtils]: 61: Hoare triple {19701#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {19771#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:15,318 INFO L290 TraceCheckUtils]: 62: Hoare triple {19771#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19700#true} is VALID [2022-02-20 18:00:15,318 INFO L290 TraceCheckUtils]: 63: Hoare triple {19700#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19700#true} is VALID [2022-02-20 18:00:15,319 INFO L290 TraceCheckUtils]: 64: Hoare triple {19700#true} assume true; {19700#true} is VALID [2022-02-20 18:00:15,319 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {19700#true} {19701#false} #1221#return; {19701#false} is VALID [2022-02-20 18:00:15,319 INFO L272 TraceCheckUtils]: 66: Hoare triple {19701#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {19772#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:00:15,319 INFO L290 TraceCheckUtils]: 67: Hoare triple {19772#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {19700#true} is VALID [2022-02-20 18:00:15,319 INFO L290 TraceCheckUtils]: 68: Hoare triple {19700#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {19700#true} is VALID [2022-02-20 18:00:15,319 INFO L290 TraceCheckUtils]: 69: Hoare triple {19700#true} assume true; {19700#true} is VALID [2022-02-20 18:00:15,319 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {19700#true} {19701#false} #1223#return; {19701#false} is VALID [2022-02-20 18:00:15,319 INFO L290 TraceCheckUtils]: 71: Hoare triple {19701#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {19701#false} is VALID [2022-02-20 18:00:15,320 INFO L290 TraceCheckUtils]: 72: Hoare triple {19701#false} #t~ret65#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret65#1 && #t~ret65#1 <= 2147483647;~tmp~17#1 := #t~ret65#1;havoc #t~ret65#1;~email~0#1 := ~tmp~17#1; {19701#false} is VALID [2022-02-20 18:00:15,320 INFO L272 TraceCheckUtils]: 73: Hoare triple {19701#false} call outgoing(~sender#1, ~email~0#1); {19701#false} is VALID [2022-02-20 18:00:15,320 INFO L290 TraceCheckUtils]: 74: Hoare triple {19701#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret69#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~19#1; {19701#false} is VALID [2022-02-20 18:00:15,320 INFO L272 TraceCheckUtils]: 75: Hoare triple {19701#false} call sign_#t~ret69#1 := getClientPrivateKey(sign_~client#1); {19700#true} is VALID [2022-02-20 18:00:15,320 INFO L290 TraceCheckUtils]: 76: Hoare triple {19700#true} ~handle := #in~handle;havoc ~retValue_acc~11; {19700#true} is VALID [2022-02-20 18:00:15,320 INFO L290 TraceCheckUtils]: 77: Hoare triple {19700#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {19700#true} is VALID [2022-02-20 18:00:15,320 INFO L290 TraceCheckUtils]: 78: Hoare triple {19700#true} assume true; {19700#true} is VALID [2022-02-20 18:00:15,320 INFO L284 TraceCheckUtils]: 79: Hoare quadruple {19700#true} {19701#false} #1201#return; {19701#false} is VALID [2022-02-20 18:00:15,320 INFO L290 TraceCheckUtils]: 80: Hoare triple {19701#false} assume -2147483648 <= sign_#t~ret69#1 && sign_#t~ret69#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret69#1;havoc sign_#t~ret69#1;sign_~privkey~1#1 := sign_~tmp~19#1; {19701#false} is VALID [2022-02-20 18:00:15,321 INFO L290 TraceCheckUtils]: 81: Hoare triple {19701#false} assume 0 == sign_~privkey~1#1; {19701#false} is VALID [2022-02-20 18:00:15,321 INFO L290 TraceCheckUtils]: 82: Hoare triple {19701#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret52#1, outgoing__wrappee__AddressBook_#t~ret53#1, outgoing__wrappee__AddressBook_#t~ret54#1, outgoing__wrappee__AddressBook_#t~ret55#1, outgoing__wrappee__AddressBook_#t~ret56#1, outgoing__wrappee__AddressBook_#t~ret57#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~13#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~6#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~13#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~6#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {19701#false} is VALID [2022-02-20 18:00:15,321 INFO L272 TraceCheckUtils]: 83: Hoare triple {19701#false} call outgoing__wrappee__AddressBook_#t~ret52#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {19700#true} is VALID [2022-02-20 18:00:15,321 INFO L290 TraceCheckUtils]: 84: Hoare triple {19700#true} ~handle := #in~handle;havoc ~retValue_acc~5; {19700#true} is VALID [2022-02-20 18:00:15,321 INFO L290 TraceCheckUtils]: 85: Hoare triple {19700#true} assume 1 == ~handle;~retValue_acc~5 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~5; {19700#true} is VALID [2022-02-20 18:00:15,321 INFO L290 TraceCheckUtils]: 86: Hoare triple {19700#true} assume true; {19700#true} is VALID [2022-02-20 18:00:15,321 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {19700#true} {19701#false} #1203#return; {19701#false} is VALID [2022-02-20 18:00:15,322 INFO L290 TraceCheckUtils]: 88: Hoare triple {19701#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret52#1 && outgoing__wrappee__AddressBook_#t~ret52#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~13#1 := outgoing__wrappee__AddressBook_#t~ret52#1;havoc outgoing__wrappee__AddressBook_#t~ret52#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~13#1; {19701#false} is VALID [2022-02-20 18:00:15,322 INFO L290 TraceCheckUtils]: 89: Hoare triple {19701#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {19701#false} is VALID [2022-02-20 18:00:15,322 INFO L272 TraceCheckUtils]: 90: Hoare triple {19701#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {19701#false} is VALID [2022-02-20 18:00:15,322 INFO L290 TraceCheckUtils]: 91: Hoare triple {19701#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~12#1;havoc ~pubkey~0#1;havoc ~tmp___0~5#1; {19701#false} is VALID [2022-02-20 18:00:15,322 INFO L272 TraceCheckUtils]: 92: Hoare triple {19701#false} call #t~ret50#1 := getEmailTo(~msg#1); {19700#true} is VALID [2022-02-20 18:00:15,322 INFO L290 TraceCheckUtils]: 93: Hoare triple {19700#true} ~handle := #in~handle;havoc ~retValue_acc~36; {19700#true} is VALID [2022-02-20 18:00:15,322 INFO L290 TraceCheckUtils]: 94: Hoare triple {19700#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {19700#true} is VALID [2022-02-20 18:00:15,323 INFO L290 TraceCheckUtils]: 95: Hoare triple {19700#true} assume true; {19700#true} is VALID [2022-02-20 18:00:15,323 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {19700#true} {19701#false} #1235#return; {19701#false} is VALID [2022-02-20 18:00:15,323 INFO L290 TraceCheckUtils]: 97: Hoare triple {19701#false} assume -2147483648 <= #t~ret50#1 && #t~ret50#1 <= 2147483647;~tmp~12#1 := #t~ret50#1;havoc #t~ret50#1;~receiver~0#1 := ~tmp~12#1; {19701#false} is VALID [2022-02-20 18:00:15,323 INFO L272 TraceCheckUtils]: 98: Hoare triple {19701#false} call #t~ret51#1 := findPublicKey(~client#1, ~receiver~0#1); {19700#true} is VALID [2022-02-20 18:00:15,323 INFO L290 TraceCheckUtils]: 99: Hoare triple {19700#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~16; {19700#true} is VALID [2022-02-20 18:00:15,323 INFO L290 TraceCheckUtils]: 100: Hoare triple {19700#true} assume 1 == ~handle; {19700#true} is VALID [2022-02-20 18:00:15,323 INFO L290 TraceCheckUtils]: 101: Hoare triple {19700#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~16 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~16; {19700#true} is VALID [2022-02-20 18:00:15,323 INFO L290 TraceCheckUtils]: 102: Hoare triple {19700#true} assume true; {19700#true} is VALID [2022-02-20 18:00:15,324 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {19700#true} {19701#false} #1237#return; {19701#false} is VALID [2022-02-20 18:00:15,324 INFO L290 TraceCheckUtils]: 104: Hoare triple {19701#false} assume -2147483648 <= #t~ret51#1 && #t~ret51#1 <= 2147483647;~tmp___0~5#1 := #t~ret51#1;havoc #t~ret51#1;~pubkey~0#1 := ~tmp___0~5#1; {19701#false} is VALID [2022-02-20 18:00:15,324 INFO L290 TraceCheckUtils]: 105: Hoare triple {19701#false} assume !(0 != ~pubkey~0#1); {19701#false} is VALID [2022-02-20 18:00:15,324 INFO L290 TraceCheckUtils]: 106: Hoare triple {19701#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret49#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~11#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~11#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~18#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~18#1; {19701#false} is VALID [2022-02-20 18:00:15,324 INFO L290 TraceCheckUtils]: 107: Hoare triple {19701#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~18#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~18#1; {19701#false} is VALID [2022-02-20 18:00:15,324 INFO L290 TraceCheckUtils]: 108: Hoare triple {19701#false} outgoing__wrappee__Keys_#t~ret49#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret49#1 && outgoing__wrappee__Keys_#t~ret49#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~11#1 := outgoing__wrappee__Keys_#t~ret49#1;havoc outgoing__wrappee__Keys_#t~ret49#1; {19701#false} is VALID [2022-02-20 18:00:15,324 INFO L272 TraceCheckUtils]: 109: Hoare triple {19701#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~11#1); {19771#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:15,324 INFO L290 TraceCheckUtils]: 110: Hoare triple {19771#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19700#true} is VALID [2022-02-20 18:00:15,325 INFO L290 TraceCheckUtils]: 111: Hoare triple {19700#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19700#true} is VALID [2022-02-20 18:00:15,325 INFO L290 TraceCheckUtils]: 112: Hoare triple {19700#true} assume true; {19700#true} is VALID [2022-02-20 18:00:15,325 INFO L284 TraceCheckUtils]: 113: Hoare quadruple {19700#true} {19701#false} #1243#return; {19701#false} is VALID [2022-02-20 18:00:15,325 INFO L290 TraceCheckUtils]: 114: Hoare triple {19701#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret47#1, mail_#t~ret48#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~10#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~10#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret76#1, __utac_acc__SignForward_spec__1_#t~ret77#1, __utac_acc__SignForward_spec__1_#t~ret78#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~21#1, __utac_acc__SignForward_spec__1_~tmp___0~9#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~21#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~9#1;call __utac_acc__SignForward_spec__1_#t~ret76#1 := puts(27, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret76#1 && __utac_acc__SignForward_spec__1_#t~ret76#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret76#1; {19701#false} is VALID [2022-02-20 18:00:15,325 INFO L272 TraceCheckUtils]: 115: Hoare triple {19701#false} call __utac_acc__SignForward_spec__1_#t~ret77#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {19700#true} is VALID [2022-02-20 18:00:15,325 INFO L290 TraceCheckUtils]: 116: Hoare triple {19700#true} ~handle := #in~handle;havoc ~retValue_acc~41; {19700#true} is VALID [2022-02-20 18:00:15,325 INFO L290 TraceCheckUtils]: 117: Hoare triple {19700#true} assume 1 == ~handle;~retValue_acc~41 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~41; {19700#true} is VALID [2022-02-20 18:00:15,325 INFO L290 TraceCheckUtils]: 118: Hoare triple {19700#true} assume true; {19700#true} is VALID [2022-02-20 18:00:15,326 INFO L284 TraceCheckUtils]: 119: Hoare quadruple {19700#true} {19701#false} #1245#return; {19701#false} is VALID [2022-02-20 18:00:15,326 INFO L290 TraceCheckUtils]: 120: Hoare triple {19701#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret77#1 && __utac_acc__SignForward_spec__1_#t~ret77#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~9#1 := __utac_acc__SignForward_spec__1_#t~ret77#1;havoc __utac_acc__SignForward_spec__1_#t~ret77#1; {19701#false} is VALID [2022-02-20 18:00:15,326 INFO L290 TraceCheckUtils]: 121: Hoare triple {19701#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~9#1; {19701#false} is VALID [2022-02-20 18:00:15,326 INFO L272 TraceCheckUtils]: 122: Hoare triple {19701#false} call __utac_acc__SignForward_spec__1_#t~ret78#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {19700#true} is VALID [2022-02-20 18:00:15,326 INFO L290 TraceCheckUtils]: 123: Hoare triple {19700#true} ~handle := #in~handle;havoc ~retValue_acc~11; {19700#true} is VALID [2022-02-20 18:00:15,326 INFO L290 TraceCheckUtils]: 124: Hoare triple {19700#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {19700#true} is VALID [2022-02-20 18:00:15,326 INFO L290 TraceCheckUtils]: 125: Hoare triple {19700#true} assume true; {19700#true} is VALID [2022-02-20 18:00:15,326 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {19700#true} {19701#false} #1247#return; {19701#false} is VALID [2022-02-20 18:00:15,327 INFO L290 TraceCheckUtils]: 127: Hoare triple {19701#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret78#1 && __utac_acc__SignForward_spec__1_#t~ret78#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~21#1 := __utac_acc__SignForward_spec__1_#t~ret78#1;havoc __utac_acc__SignForward_spec__1_#t~ret78#1; {19701#false} is VALID [2022-02-20 18:00:15,327 INFO L290 TraceCheckUtils]: 128: Hoare triple {19701#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~21#1;assume { :begin_inline___automaton_fail } true; {19701#false} is VALID [2022-02-20 18:00:15,327 INFO L290 TraceCheckUtils]: 129: Hoare triple {19701#false} assume !false; {19701#false} is VALID [2022-02-20 18:00:15,327 INFO L134 CoverageAnalysis]: Checked inductivity of 35 backedges. 7 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 18:00:15,327 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:00:15,328 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [258141845] [2022-02-20 18:00:15,328 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [258141845] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:00:15,328 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:00:15,328 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 18:00:15,328 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [853579780] [2022-02-20 18:00:15,328 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:00:15,329 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 10.375) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (15), 2 states have call predecessors, (15), 3 states have call successors, (15) Word has length 130 [2022-02-20 18:00:15,329 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:00:15,330 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 10.375) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (15), 2 states have call predecessors, (15), 3 states have call successors, (15) [2022-02-20 18:00:15,396 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 116 edges. 116 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:15,396 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 18:00:15,396 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:00:15,397 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 18:00:15,397 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:00:15,397 INFO L87 Difference]: Start difference. First operand 491 states and 757 transitions. Second operand has 9 states, 8 states have (on average 10.375) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (15), 2 states have call predecessors, (15), 3 states have call successors, (15) [2022-02-20 18:00:23,438 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:23,438 INFO L93 Difference]: Finished difference Result 1095 states and 1712 transitions. [2022-02-20 18:00:23,438 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 18:00:23,439 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 10.375) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (15), 2 states have call predecessors, (15), 3 states have call successors, (15) Word has length 130 [2022-02-20 18:00:23,439 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:00:23,440 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 10.375) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (15), 2 states have call predecessors, (15), 3 states have call successors, (15) [2022-02-20 18:00:23,452 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1458 transitions. [2022-02-20 18:00:23,452 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 10.375) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (15), 2 states have call predecessors, (15), 3 states have call successors, (15) [2022-02-20 18:00:23,464 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1458 transitions. [2022-02-20 18:00:23,465 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1458 transitions. [2022-02-20 18:00:24,650 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1458 edges. 1458 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:24,670 INFO L225 Difference]: With dead ends: 1095 [2022-02-20 18:00:24,671 INFO L226 Difference]: Without dead ends: 627 [2022-02-20 18:00:24,672 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 48 GetRequests, 33 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 30 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 18:00:24,672 INFO L933 BasicCegarLoop]: 693 mSDtfsCounter, 1550 mSDsluCounter, 986 mSDsCounter, 0 mSdLazyCounter, 2313 mSolverCounterSat, 564 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1571 SdHoareTripleChecker+Valid, 1679 SdHoareTripleChecker+Invalid, 2877 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 564 IncrementalHoareTripleChecker+Valid, 2313 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.6s IncrementalHoareTripleChecker+Time [2022-02-20 18:00:24,673 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1571 Valid, 1679 Invalid, 2877 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [564 Valid, 2313 Invalid, 0 Unknown, 0 Unchecked, 3.6s Time] [2022-02-20 18:00:24,673 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 627 states. [2022-02-20 18:00:24,769 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 627 to 493. [2022-02-20 18:00:24,769 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:00:24,770 INFO L82 GeneralOperation]: Start isEquivalent. First operand 627 states. Second operand has 493 states, 382 states have (on average 1.557591623036649) internal successors, (595), 389 states have internal predecessors, (595), 79 states have call successors, (79), 28 states have call predecessors, (79), 31 states have return successors, (86), 77 states have call predecessors, (86), 78 states have call successors, (86) [2022-02-20 18:00:24,771 INFO L74 IsIncluded]: Start isIncluded. First operand 627 states. Second operand has 493 states, 382 states have (on average 1.557591623036649) internal successors, (595), 389 states have internal predecessors, (595), 79 states have call successors, (79), 28 states have call predecessors, (79), 31 states have return successors, (86), 77 states have call predecessors, (86), 78 states have call successors, (86) [2022-02-20 18:00:24,772 INFO L87 Difference]: Start difference. First operand 627 states. Second operand has 493 states, 382 states have (on average 1.557591623036649) internal successors, (595), 389 states have internal predecessors, (595), 79 states have call successors, (79), 28 states have call predecessors, (79), 31 states have return successors, (86), 77 states have call predecessors, (86), 78 states have call successors, (86) [2022-02-20 18:00:24,791 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:24,791 INFO L93 Difference]: Finished difference Result 627 states and 985 transitions. [2022-02-20 18:00:24,791 INFO L276 IsEmpty]: Start isEmpty. Operand 627 states and 985 transitions. [2022-02-20 18:00:24,794 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:24,794 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:24,795 INFO L74 IsIncluded]: Start isIncluded. First operand has 493 states, 382 states have (on average 1.557591623036649) internal successors, (595), 389 states have internal predecessors, (595), 79 states have call successors, (79), 28 states have call predecessors, (79), 31 states have return successors, (86), 77 states have call predecessors, (86), 78 states have call successors, (86) Second operand 627 states. [2022-02-20 18:00:24,796 INFO L87 Difference]: Start difference. First operand has 493 states, 382 states have (on average 1.557591623036649) internal successors, (595), 389 states have internal predecessors, (595), 79 states have call successors, (79), 28 states have call predecessors, (79), 31 states have return successors, (86), 77 states have call predecessors, (86), 78 states have call successors, (86) Second operand 627 states. [2022-02-20 18:00:24,815 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:24,815 INFO L93 Difference]: Finished difference Result 627 states and 985 transitions. [2022-02-20 18:00:24,815 INFO L276 IsEmpty]: Start isEmpty. Operand 627 states and 985 transitions. [2022-02-20 18:00:24,818 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:24,818 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:24,818 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:00:24,818 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:00:24,819 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 493 states, 382 states have (on average 1.557591623036649) internal successors, (595), 389 states have internal predecessors, (595), 79 states have call successors, (79), 28 states have call predecessors, (79), 31 states have return successors, (86), 77 states have call predecessors, (86), 78 states have call successors, (86) [2022-02-20 18:00:24,866 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 493 states to 493 states and 760 transitions. [2022-02-20 18:00:24,866 INFO L78 Accepts]: Start accepts. Automaton has 493 states and 760 transitions. Word has length 130 [2022-02-20 18:00:24,866 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:00:24,866 INFO L470 AbstractCegarLoop]: Abstraction has 493 states and 760 transitions. [2022-02-20 18:00:24,867 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 10.375) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (15), 2 states have call predecessors, (15), 3 states have call successors, (15) [2022-02-20 18:00:24,867 INFO L276 IsEmpty]: Start isEmpty. Operand 493 states and 760 transitions. [2022-02-20 18:00:24,868 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 132 [2022-02-20 18:00:24,868 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:00:24,868 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:00:24,868 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-20 18:00:24,868 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:00:24,869 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:00:24,869 INFO L85 PathProgramCache]: Analyzing trace with hash -877326521, now seen corresponding path program 1 times [2022-02-20 18:00:24,869 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:00:24,869 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1233776163] [2022-02-20 18:00:24,869 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:24,869 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:00:24,905 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:24,939 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:00:24,940 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:24,942 INFO L290 TraceCheckUtils]: 0: Hoare triple {23320#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {23251#true} is VALID [2022-02-20 18:00:24,942 INFO L290 TraceCheckUtils]: 1: Hoare triple {23251#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {23251#true} is VALID [2022-02-20 18:00:24,942 INFO L290 TraceCheckUtils]: 2: Hoare triple {23251#true} assume true; {23251#true} is VALID [2022-02-20 18:00:24,942 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23251#true} {23251#true} #1279#return; {23251#true} is VALID [2022-02-20 18:00:24,947 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:00:24,948 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:24,955 INFO L290 TraceCheckUtils]: 0: Hoare triple {23321#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {23251#true} is VALID [2022-02-20 18:00:24,955 INFO L290 TraceCheckUtils]: 1: Hoare triple {23251#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {23251#true} is VALID [2022-02-20 18:00:24,956 INFO L290 TraceCheckUtils]: 2: Hoare triple {23251#true} assume true; {23251#true} is VALID [2022-02-20 18:00:24,956 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23251#true} {23251#true} #1281#return; {23251#true} is VALID [2022-02-20 18:00:24,956 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:00:24,957 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:24,959 INFO L290 TraceCheckUtils]: 0: Hoare triple {23320#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {23251#true} is VALID [2022-02-20 18:00:24,959 INFO L290 TraceCheckUtils]: 1: Hoare triple {23251#true} assume !(1 == ~handle); {23251#true} is VALID [2022-02-20 18:00:24,959 INFO L290 TraceCheckUtils]: 2: Hoare triple {23251#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {23251#true} is VALID [2022-02-20 18:00:24,959 INFO L290 TraceCheckUtils]: 3: Hoare triple {23251#true} assume true; {23251#true} is VALID [2022-02-20 18:00:24,959 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {23251#true} {23251#true} #1283#return; {23251#true} is VALID [2022-02-20 18:00:24,960 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:00:24,961 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:24,963 INFO L290 TraceCheckUtils]: 0: Hoare triple {23321#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {23251#true} is VALID [2022-02-20 18:00:24,963 INFO L290 TraceCheckUtils]: 1: Hoare triple {23251#true} assume !(1 == ~handle); {23251#true} is VALID [2022-02-20 18:00:24,963 INFO L290 TraceCheckUtils]: 2: Hoare triple {23251#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {23251#true} is VALID [2022-02-20 18:00:24,964 INFO L290 TraceCheckUtils]: 3: Hoare triple {23251#true} assume true; {23251#true} is VALID [2022-02-20 18:00:24,964 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {23251#true} {23251#true} #1285#return; {23251#true} is VALID [2022-02-20 18:00:24,964 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:00:24,966 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:24,983 INFO L290 TraceCheckUtils]: 0: Hoare triple {23320#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {23322#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:24,983 INFO L290 TraceCheckUtils]: 1: Hoare triple {23322#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {23322#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:24,983 INFO L290 TraceCheckUtils]: 2: Hoare triple {23322#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {23322#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:24,984 INFO L290 TraceCheckUtils]: 3: Hoare triple {23322#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {23323#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:24,984 INFO L290 TraceCheckUtils]: 4: Hoare triple {23323#(= 3 |setClientId_#in~handle|)} assume true; {23323#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:24,985 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {23323#(= 3 |setClientId_#in~handle|)} {23271#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1287#return; {23278#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:00:24,985 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:00:24,986 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:24,999 INFO L290 TraceCheckUtils]: 0: Hoare triple {23321#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {23324#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:25,000 INFO L290 TraceCheckUtils]: 1: Hoare triple {23324#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {23325#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:00:25,000 INFO L290 TraceCheckUtils]: 2: Hoare triple {23325#(= |setClientPrivateKey_#in~handle| 1)} assume true; {23325#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:00:25,000 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23325#(= |setClientPrivateKey_#in~handle| 1)} {23278#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1289#return; {23252#false} is VALID [2022-02-20 18:00:25,007 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 18:00:25,008 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:25,010 INFO L290 TraceCheckUtils]: 0: Hoare triple {23326#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {23251#true} is VALID [2022-02-20 18:00:25,011 INFO L290 TraceCheckUtils]: 1: Hoare triple {23251#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {23251#true} is VALID [2022-02-20 18:00:25,011 INFO L290 TraceCheckUtils]: 2: Hoare triple {23251#true} assume true; {23251#true} is VALID [2022-02-20 18:00:25,011 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23251#true} {23252#false} #1221#return; {23252#false} is VALID [2022-02-20 18:00:25,018 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:00:25,019 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:25,023 INFO L290 TraceCheckUtils]: 0: Hoare triple {23327#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {23251#true} is VALID [2022-02-20 18:00:25,023 INFO L290 TraceCheckUtils]: 1: Hoare triple {23251#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {23251#true} is VALID [2022-02-20 18:00:25,023 INFO L290 TraceCheckUtils]: 2: Hoare triple {23251#true} assume true; {23251#true} is VALID [2022-02-20 18:00:25,023 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23251#true} {23252#false} #1223#return; {23252#false} is VALID [2022-02-20 18:00:25,024 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 76 [2022-02-20 18:00:25,025 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:25,027 INFO L290 TraceCheckUtils]: 0: Hoare triple {23251#true} ~handle := #in~handle;havoc ~retValue_acc~11; {23251#true} is VALID [2022-02-20 18:00:25,027 INFO L290 TraceCheckUtils]: 1: Hoare triple {23251#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {23251#true} is VALID [2022-02-20 18:00:25,027 INFO L290 TraceCheckUtils]: 2: Hoare triple {23251#true} assume true; {23251#true} is VALID [2022-02-20 18:00:25,027 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23251#true} {23252#false} #1201#return; {23252#false} is VALID [2022-02-20 18:00:25,028 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 18:00:25,028 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:25,030 INFO L290 TraceCheckUtils]: 0: Hoare triple {23251#true} ~handle := #in~handle;havoc ~retValue_acc~5; {23251#true} is VALID [2022-02-20 18:00:25,030 INFO L290 TraceCheckUtils]: 1: Hoare triple {23251#true} assume 1 == ~handle;~retValue_acc~5 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~5; {23251#true} is VALID [2022-02-20 18:00:25,030 INFO L290 TraceCheckUtils]: 2: Hoare triple {23251#true} assume true; {23251#true} is VALID [2022-02-20 18:00:25,030 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23251#true} {23252#false} #1203#return; {23252#false} is VALID [2022-02-20 18:00:25,030 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 18:00:25,031 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:25,032 INFO L290 TraceCheckUtils]: 0: Hoare triple {23251#true} ~handle := #in~handle;havoc ~retValue_acc~36; {23251#true} is VALID [2022-02-20 18:00:25,032 INFO L290 TraceCheckUtils]: 1: Hoare triple {23251#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {23251#true} is VALID [2022-02-20 18:00:25,032 INFO L290 TraceCheckUtils]: 2: Hoare triple {23251#true} assume true; {23251#true} is VALID [2022-02-20 18:00:25,033 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23251#true} {23252#false} #1235#return; {23252#false} is VALID [2022-02-20 18:00:25,033 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99 [2022-02-20 18:00:25,033 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:25,035 INFO L290 TraceCheckUtils]: 0: Hoare triple {23251#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~16; {23251#true} is VALID [2022-02-20 18:00:25,036 INFO L290 TraceCheckUtils]: 1: Hoare triple {23251#true} assume 1 == ~handle; {23251#true} is VALID [2022-02-20 18:00:25,036 INFO L290 TraceCheckUtils]: 2: Hoare triple {23251#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~16 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~16; {23251#true} is VALID [2022-02-20 18:00:25,036 INFO L290 TraceCheckUtils]: 3: Hoare triple {23251#true} assume true; {23251#true} is VALID [2022-02-20 18:00:25,036 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {23251#true} {23252#false} #1237#return; {23252#false} is VALID [2022-02-20 18:00:25,036 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 110 [2022-02-20 18:00:25,037 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:25,038 INFO L290 TraceCheckUtils]: 0: Hoare triple {23326#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {23251#true} is VALID [2022-02-20 18:00:25,038 INFO L290 TraceCheckUtils]: 1: Hoare triple {23251#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {23251#true} is VALID [2022-02-20 18:00:25,038 INFO L290 TraceCheckUtils]: 2: Hoare triple {23251#true} assume true; {23251#true} is VALID [2022-02-20 18:00:25,038 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23251#true} {23252#false} #1243#return; {23252#false} is VALID [2022-02-20 18:00:25,039 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 116 [2022-02-20 18:00:25,039 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:25,040 INFO L290 TraceCheckUtils]: 0: Hoare triple {23251#true} ~handle := #in~handle;havoc ~retValue_acc~41; {23251#true} is VALID [2022-02-20 18:00:25,040 INFO L290 TraceCheckUtils]: 1: Hoare triple {23251#true} assume 1 == ~handle;~retValue_acc~41 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~41; {23251#true} is VALID [2022-02-20 18:00:25,041 INFO L290 TraceCheckUtils]: 2: Hoare triple {23251#true} assume true; {23251#true} is VALID [2022-02-20 18:00:25,041 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23251#true} {23252#false} #1245#return; {23252#false} is VALID [2022-02-20 18:00:25,041 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 123 [2022-02-20 18:00:25,041 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:25,043 INFO L290 TraceCheckUtils]: 0: Hoare triple {23251#true} ~handle := #in~handle;havoc ~retValue_acc~11; {23251#true} is VALID [2022-02-20 18:00:25,043 INFO L290 TraceCheckUtils]: 1: Hoare triple {23251#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {23251#true} is VALID [2022-02-20 18:00:25,043 INFO L290 TraceCheckUtils]: 2: Hoare triple {23251#true} assume true; {23251#true} is VALID [2022-02-20 18:00:25,043 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23251#true} {23252#false} #1247#return; {23252#false} is VALID [2022-02-20 18:00:25,043 INFO L290 TraceCheckUtils]: 0: Hoare triple {23251#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(13, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(34, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(20, 25);call #Ultimate.allocInit(22, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {23251#true} is VALID [2022-02-20 18:00:25,043 INFO L290 TraceCheckUtils]: 1: Hoare triple {23251#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret15#1, main_~retValue_acc~19#1, main_~tmp~3#1;havoc main_~retValue_acc~19#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {23251#true} is VALID [2022-02-20 18:00:25,044 INFO L290 TraceCheckUtils]: 2: Hoare triple {23251#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {23251#true} is VALID [2022-02-20 18:00:25,044 INFO L290 TraceCheckUtils]: 3: Hoare triple {23251#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {23251#true} is VALID [2022-02-20 18:00:25,044 INFO L290 TraceCheckUtils]: 4: Hoare triple {23251#true} main_#t~ret15#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret15#1 && main_#t~ret15#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret15#1;havoc main_#t~ret15#1; {23251#true} is VALID [2022-02-20 18:00:25,044 INFO L290 TraceCheckUtils]: 5: Hoare triple {23251#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet12#1, setup_#t~nondet13#1, setup_#t~nondet14#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {23251#true} is VALID [2022-02-20 18:00:25,045 INFO L272 TraceCheckUtils]: 6: Hoare triple {23251#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {23320#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:25,045 INFO L290 TraceCheckUtils]: 7: Hoare triple {23320#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {23251#true} is VALID [2022-02-20 18:00:25,045 INFO L290 TraceCheckUtils]: 8: Hoare triple {23251#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {23251#true} is VALID [2022-02-20 18:00:25,045 INFO L290 TraceCheckUtils]: 9: Hoare triple {23251#true} assume true; {23251#true} is VALID [2022-02-20 18:00:25,045 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {23251#true} {23251#true} #1279#return; {23251#true} is VALID [2022-02-20 18:00:25,045 INFO L290 TraceCheckUtils]: 11: Hoare triple {23251#true} assume { :end_inline_setup_bob__wrappee__Base } true; {23251#true} is VALID [2022-02-20 18:00:25,046 INFO L272 TraceCheckUtils]: 12: Hoare triple {23251#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {23321#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:25,046 INFO L290 TraceCheckUtils]: 13: Hoare triple {23321#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {23251#true} is VALID [2022-02-20 18:00:25,046 INFO L290 TraceCheckUtils]: 14: Hoare triple {23251#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {23251#true} is VALID [2022-02-20 18:00:25,046 INFO L290 TraceCheckUtils]: 15: Hoare triple {23251#true} assume true; {23251#true} is VALID [2022-02-20 18:00:25,046 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {23251#true} {23251#true} #1281#return; {23251#true} is VALID [2022-02-20 18:00:25,046 INFO L290 TraceCheckUtils]: 17: Hoare triple {23251#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet12#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {23251#true} is VALID [2022-02-20 18:00:25,047 INFO L272 TraceCheckUtils]: 18: Hoare triple {23251#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {23320#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:25,047 INFO L290 TraceCheckUtils]: 19: Hoare triple {23320#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {23251#true} is VALID [2022-02-20 18:00:25,047 INFO L290 TraceCheckUtils]: 20: Hoare triple {23251#true} assume !(1 == ~handle); {23251#true} is VALID [2022-02-20 18:00:25,047 INFO L290 TraceCheckUtils]: 21: Hoare triple {23251#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {23251#true} is VALID [2022-02-20 18:00:25,047 INFO L290 TraceCheckUtils]: 22: Hoare triple {23251#true} assume true; {23251#true} is VALID [2022-02-20 18:00:25,047 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {23251#true} {23251#true} #1283#return; {23251#true} is VALID [2022-02-20 18:00:25,048 INFO L290 TraceCheckUtils]: 24: Hoare triple {23251#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {23251#true} is VALID [2022-02-20 18:00:25,048 INFO L272 TraceCheckUtils]: 25: Hoare triple {23251#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {23321#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:25,048 INFO L290 TraceCheckUtils]: 26: Hoare triple {23321#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {23251#true} is VALID [2022-02-20 18:00:25,048 INFO L290 TraceCheckUtils]: 27: Hoare triple {23251#true} assume !(1 == ~handle); {23251#true} is VALID [2022-02-20 18:00:25,048 INFO L290 TraceCheckUtils]: 28: Hoare triple {23251#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {23251#true} is VALID [2022-02-20 18:00:25,049 INFO L290 TraceCheckUtils]: 29: Hoare triple {23251#true} assume true; {23251#true} is VALID [2022-02-20 18:00:25,049 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {23251#true} {23251#true} #1285#return; {23251#true} is VALID [2022-02-20 18:00:25,049 INFO L290 TraceCheckUtils]: 31: Hoare triple {23251#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet13#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {23271#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:00:25,050 INFO L272 TraceCheckUtils]: 32: Hoare triple {23271#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {23320#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:25,050 INFO L290 TraceCheckUtils]: 33: Hoare triple {23320#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {23322#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:25,050 INFO L290 TraceCheckUtils]: 34: Hoare triple {23322#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {23322#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:25,050 INFO L290 TraceCheckUtils]: 35: Hoare triple {23322#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {23322#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:25,051 INFO L290 TraceCheckUtils]: 36: Hoare triple {23322#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {23323#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:25,051 INFO L290 TraceCheckUtils]: 37: Hoare triple {23323#(= 3 |setClientId_#in~handle|)} assume true; {23323#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:25,051 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {23323#(= 3 |setClientId_#in~handle|)} {23271#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1287#return; {23278#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:00:25,052 INFO L290 TraceCheckUtils]: 39: Hoare triple {23278#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {23278#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:00:25,052 INFO L272 TraceCheckUtils]: 40: Hoare triple {23278#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {23321#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:25,053 INFO L290 TraceCheckUtils]: 41: Hoare triple {23321#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {23324#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:25,053 INFO L290 TraceCheckUtils]: 42: Hoare triple {23324#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {23325#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:00:25,053 INFO L290 TraceCheckUtils]: 43: Hoare triple {23325#(= |setClientPrivateKey_#in~handle| 1)} assume true; {23325#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:00:25,054 INFO L284 TraceCheckUtils]: 44: Hoare quadruple {23325#(= |setClientPrivateKey_#in~handle| 1)} {23278#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1289#return; {23252#false} is VALID [2022-02-20 18:00:25,054 INFO L290 TraceCheckUtils]: 45: Hoare triple {23252#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 8, 0;havoc setup_#t~nondet14#1; {23252#false} is VALID [2022-02-20 18:00:25,054 INFO L290 TraceCheckUtils]: 46: Hoare triple {23252#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_#t~nondet107#1, test_#t~nondet108#1, test_#t~nondet109#1, test_#t~nondet110#1, test_#t~nondet111#1, test_#t~nondet112#1, test_#t~nondet113#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~25#1, test_~tmp___0~10#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~25#1;havoc test_~tmp___0~10#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {23252#false} is VALID [2022-02-20 18:00:25,054 INFO L290 TraceCheckUtils]: 47: Hoare triple {23252#false} assume !false; {23252#false} is VALID [2022-02-20 18:00:25,054 INFO L290 TraceCheckUtils]: 48: Hoare triple {23252#false} assume test_~splverifierCounter~0#1 < 4; {23252#false} is VALID [2022-02-20 18:00:25,054 INFO L290 TraceCheckUtils]: 49: Hoare triple {23252#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {23252#false} is VALID [2022-02-20 18:00:25,054 INFO L290 TraceCheckUtils]: 50: Hoare triple {23252#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet103#1 && test_#t~nondet103#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet103#1;havoc test_#t~nondet103#1; {23252#false} is VALID [2022-02-20 18:00:25,054 INFO L290 TraceCheckUtils]: 51: Hoare triple {23252#false} assume !(0 != test_~tmp___9~0#1); {23252#false} is VALID [2022-02-20 18:00:25,055 INFO L290 TraceCheckUtils]: 52: Hoare triple {23252#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet104#1 && test_#t~nondet104#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet104#1;havoc test_#t~nondet104#1; {23252#false} is VALID [2022-02-20 18:00:25,055 INFO L290 TraceCheckUtils]: 53: Hoare triple {23252#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {23252#false} is VALID [2022-02-20 18:00:25,055 INFO L290 TraceCheckUtils]: 54: Hoare triple {23252#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {23252#false} is VALID [2022-02-20 18:00:25,055 INFO L290 TraceCheckUtils]: 55: Hoare triple {23252#false} assume { :end_inline_setClientAutoResponse } true; {23252#false} is VALID [2022-02-20 18:00:25,055 INFO L290 TraceCheckUtils]: 56: Hoare triple {23252#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {23252#false} is VALID [2022-02-20 18:00:25,055 INFO L290 TraceCheckUtils]: 57: Hoare triple {23252#false} assume !false; {23252#false} is VALID [2022-02-20 18:00:25,055 INFO L290 TraceCheckUtils]: 58: Hoare triple {23252#false} assume !(test_~splverifierCounter~0#1 < 4); {23252#false} is VALID [2022-02-20 18:00:25,055 INFO L290 TraceCheckUtils]: 59: Hoare triple {23252#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_#t~ret10#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret7#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret7#1 && bobToRjh_#t~ret7#1 <= 2147483647;havoc bobToRjh_#t~ret7#1; {23252#false} is VALID [2022-02-20 18:00:25,055 INFO L272 TraceCheckUtils]: 60: Hoare triple {23252#false} call sendEmail(~bob~0, ~rjh~0); {23252#false} is VALID [2022-02-20 18:00:25,056 INFO L290 TraceCheckUtils]: 61: Hoare triple {23252#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {23252#false} is VALID [2022-02-20 18:00:25,056 INFO L272 TraceCheckUtils]: 62: Hoare triple {23252#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {23326#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:25,056 INFO L290 TraceCheckUtils]: 63: Hoare triple {23326#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {23251#true} is VALID [2022-02-20 18:00:25,056 INFO L290 TraceCheckUtils]: 64: Hoare triple {23251#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {23251#true} is VALID [2022-02-20 18:00:25,056 INFO L290 TraceCheckUtils]: 65: Hoare triple {23251#true} assume true; {23251#true} is VALID [2022-02-20 18:00:25,056 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {23251#true} {23252#false} #1221#return; {23252#false} is VALID [2022-02-20 18:00:25,056 INFO L272 TraceCheckUtils]: 67: Hoare triple {23252#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {23327#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:00:25,056 INFO L290 TraceCheckUtils]: 68: Hoare triple {23327#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {23251#true} is VALID [2022-02-20 18:00:25,057 INFO L290 TraceCheckUtils]: 69: Hoare triple {23251#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {23251#true} is VALID [2022-02-20 18:00:25,057 INFO L290 TraceCheckUtils]: 70: Hoare triple {23251#true} assume true; {23251#true} is VALID [2022-02-20 18:00:25,057 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {23251#true} {23252#false} #1223#return; {23252#false} is VALID [2022-02-20 18:00:25,057 INFO L290 TraceCheckUtils]: 72: Hoare triple {23252#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {23252#false} is VALID [2022-02-20 18:00:25,057 INFO L290 TraceCheckUtils]: 73: Hoare triple {23252#false} #t~ret65#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret65#1 && #t~ret65#1 <= 2147483647;~tmp~17#1 := #t~ret65#1;havoc #t~ret65#1;~email~0#1 := ~tmp~17#1; {23252#false} is VALID [2022-02-20 18:00:25,057 INFO L272 TraceCheckUtils]: 74: Hoare triple {23252#false} call outgoing(~sender#1, ~email~0#1); {23252#false} is VALID [2022-02-20 18:00:25,057 INFO L290 TraceCheckUtils]: 75: Hoare triple {23252#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret69#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~19#1; {23252#false} is VALID [2022-02-20 18:00:25,057 INFO L272 TraceCheckUtils]: 76: Hoare triple {23252#false} call sign_#t~ret69#1 := getClientPrivateKey(sign_~client#1); {23251#true} is VALID [2022-02-20 18:00:25,058 INFO L290 TraceCheckUtils]: 77: Hoare triple {23251#true} ~handle := #in~handle;havoc ~retValue_acc~11; {23251#true} is VALID [2022-02-20 18:00:25,058 INFO L290 TraceCheckUtils]: 78: Hoare triple {23251#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {23251#true} is VALID [2022-02-20 18:00:25,058 INFO L290 TraceCheckUtils]: 79: Hoare triple {23251#true} assume true; {23251#true} is VALID [2022-02-20 18:00:25,058 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {23251#true} {23252#false} #1201#return; {23252#false} is VALID [2022-02-20 18:00:25,058 INFO L290 TraceCheckUtils]: 81: Hoare triple {23252#false} assume -2147483648 <= sign_#t~ret69#1 && sign_#t~ret69#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret69#1;havoc sign_#t~ret69#1;sign_~privkey~1#1 := sign_~tmp~19#1; {23252#false} is VALID [2022-02-20 18:00:25,058 INFO L290 TraceCheckUtils]: 82: Hoare triple {23252#false} assume 0 == sign_~privkey~1#1; {23252#false} is VALID [2022-02-20 18:00:25,058 INFO L290 TraceCheckUtils]: 83: Hoare triple {23252#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret52#1, outgoing__wrappee__AddressBook_#t~ret53#1, outgoing__wrappee__AddressBook_#t~ret54#1, outgoing__wrappee__AddressBook_#t~ret55#1, outgoing__wrappee__AddressBook_#t~ret56#1, outgoing__wrappee__AddressBook_#t~ret57#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~13#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~6#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~13#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~6#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {23252#false} is VALID [2022-02-20 18:00:25,058 INFO L272 TraceCheckUtils]: 84: Hoare triple {23252#false} call outgoing__wrappee__AddressBook_#t~ret52#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {23251#true} is VALID [2022-02-20 18:00:25,058 INFO L290 TraceCheckUtils]: 85: Hoare triple {23251#true} ~handle := #in~handle;havoc ~retValue_acc~5; {23251#true} is VALID [2022-02-20 18:00:25,059 INFO L290 TraceCheckUtils]: 86: Hoare triple {23251#true} assume 1 == ~handle;~retValue_acc~5 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~5; {23251#true} is VALID [2022-02-20 18:00:25,059 INFO L290 TraceCheckUtils]: 87: Hoare triple {23251#true} assume true; {23251#true} is VALID [2022-02-20 18:00:25,059 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {23251#true} {23252#false} #1203#return; {23252#false} is VALID [2022-02-20 18:00:25,059 INFO L290 TraceCheckUtils]: 89: Hoare triple {23252#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret52#1 && outgoing__wrappee__AddressBook_#t~ret52#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~13#1 := outgoing__wrappee__AddressBook_#t~ret52#1;havoc outgoing__wrappee__AddressBook_#t~ret52#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~13#1; {23252#false} is VALID [2022-02-20 18:00:25,059 INFO L290 TraceCheckUtils]: 90: Hoare triple {23252#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {23252#false} is VALID [2022-02-20 18:00:25,059 INFO L272 TraceCheckUtils]: 91: Hoare triple {23252#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {23252#false} is VALID [2022-02-20 18:00:25,059 INFO L290 TraceCheckUtils]: 92: Hoare triple {23252#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~12#1;havoc ~pubkey~0#1;havoc ~tmp___0~5#1; {23252#false} is VALID [2022-02-20 18:00:25,059 INFO L272 TraceCheckUtils]: 93: Hoare triple {23252#false} call #t~ret50#1 := getEmailTo(~msg#1); {23251#true} is VALID [2022-02-20 18:00:25,060 INFO L290 TraceCheckUtils]: 94: Hoare triple {23251#true} ~handle := #in~handle;havoc ~retValue_acc~36; {23251#true} is VALID [2022-02-20 18:00:25,060 INFO L290 TraceCheckUtils]: 95: Hoare triple {23251#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {23251#true} is VALID [2022-02-20 18:00:25,060 INFO L290 TraceCheckUtils]: 96: Hoare triple {23251#true} assume true; {23251#true} is VALID [2022-02-20 18:00:25,060 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {23251#true} {23252#false} #1235#return; {23252#false} is VALID [2022-02-20 18:00:25,060 INFO L290 TraceCheckUtils]: 98: Hoare triple {23252#false} assume -2147483648 <= #t~ret50#1 && #t~ret50#1 <= 2147483647;~tmp~12#1 := #t~ret50#1;havoc #t~ret50#1;~receiver~0#1 := ~tmp~12#1; {23252#false} is VALID [2022-02-20 18:00:25,060 INFO L272 TraceCheckUtils]: 99: Hoare triple {23252#false} call #t~ret51#1 := findPublicKey(~client#1, ~receiver~0#1); {23251#true} is VALID [2022-02-20 18:00:25,060 INFO L290 TraceCheckUtils]: 100: Hoare triple {23251#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~16; {23251#true} is VALID [2022-02-20 18:00:25,060 INFO L290 TraceCheckUtils]: 101: Hoare triple {23251#true} assume 1 == ~handle; {23251#true} is VALID [2022-02-20 18:00:25,061 INFO L290 TraceCheckUtils]: 102: Hoare triple {23251#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~16 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~16; {23251#true} is VALID [2022-02-20 18:00:25,061 INFO L290 TraceCheckUtils]: 103: Hoare triple {23251#true} assume true; {23251#true} is VALID [2022-02-20 18:00:25,061 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {23251#true} {23252#false} #1237#return; {23252#false} is VALID [2022-02-20 18:00:25,061 INFO L290 TraceCheckUtils]: 105: Hoare triple {23252#false} assume -2147483648 <= #t~ret51#1 && #t~ret51#1 <= 2147483647;~tmp___0~5#1 := #t~ret51#1;havoc #t~ret51#1;~pubkey~0#1 := ~tmp___0~5#1; {23252#false} is VALID [2022-02-20 18:00:25,061 INFO L290 TraceCheckUtils]: 106: Hoare triple {23252#false} assume !(0 != ~pubkey~0#1); {23252#false} is VALID [2022-02-20 18:00:25,061 INFO L290 TraceCheckUtils]: 107: Hoare triple {23252#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret49#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~11#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~11#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~18#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~18#1; {23252#false} is VALID [2022-02-20 18:00:25,061 INFO L290 TraceCheckUtils]: 108: Hoare triple {23252#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~18#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~18#1; {23252#false} is VALID [2022-02-20 18:00:25,061 INFO L290 TraceCheckUtils]: 109: Hoare triple {23252#false} outgoing__wrappee__Keys_#t~ret49#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret49#1 && outgoing__wrappee__Keys_#t~ret49#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~11#1 := outgoing__wrappee__Keys_#t~ret49#1;havoc outgoing__wrappee__Keys_#t~ret49#1; {23252#false} is VALID [2022-02-20 18:00:25,062 INFO L272 TraceCheckUtils]: 110: Hoare triple {23252#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~11#1); {23326#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:25,062 INFO L290 TraceCheckUtils]: 111: Hoare triple {23326#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {23251#true} is VALID [2022-02-20 18:00:25,062 INFO L290 TraceCheckUtils]: 112: Hoare triple {23251#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {23251#true} is VALID [2022-02-20 18:00:25,062 INFO L290 TraceCheckUtils]: 113: Hoare triple {23251#true} assume true; {23251#true} is VALID [2022-02-20 18:00:25,062 INFO L284 TraceCheckUtils]: 114: Hoare quadruple {23251#true} {23252#false} #1243#return; {23252#false} is VALID [2022-02-20 18:00:25,062 INFO L290 TraceCheckUtils]: 115: Hoare triple {23252#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret47#1, mail_#t~ret48#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~10#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~10#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret76#1, __utac_acc__SignForward_spec__1_#t~ret77#1, __utac_acc__SignForward_spec__1_#t~ret78#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~21#1, __utac_acc__SignForward_spec__1_~tmp___0~9#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~21#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~9#1;call __utac_acc__SignForward_spec__1_#t~ret76#1 := puts(27, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret76#1 && __utac_acc__SignForward_spec__1_#t~ret76#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret76#1; {23252#false} is VALID [2022-02-20 18:00:25,062 INFO L272 TraceCheckUtils]: 116: Hoare triple {23252#false} call __utac_acc__SignForward_spec__1_#t~ret77#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {23251#true} is VALID [2022-02-20 18:00:25,062 INFO L290 TraceCheckUtils]: 117: Hoare triple {23251#true} ~handle := #in~handle;havoc ~retValue_acc~41; {23251#true} is VALID [2022-02-20 18:00:25,063 INFO L290 TraceCheckUtils]: 118: Hoare triple {23251#true} assume 1 == ~handle;~retValue_acc~41 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~41; {23251#true} is VALID [2022-02-20 18:00:25,063 INFO L290 TraceCheckUtils]: 119: Hoare triple {23251#true} assume true; {23251#true} is VALID [2022-02-20 18:00:25,063 INFO L284 TraceCheckUtils]: 120: Hoare quadruple {23251#true} {23252#false} #1245#return; {23252#false} is VALID [2022-02-20 18:00:25,063 INFO L290 TraceCheckUtils]: 121: Hoare triple {23252#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret77#1 && __utac_acc__SignForward_spec__1_#t~ret77#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~9#1 := __utac_acc__SignForward_spec__1_#t~ret77#1;havoc __utac_acc__SignForward_spec__1_#t~ret77#1; {23252#false} is VALID [2022-02-20 18:00:25,063 INFO L290 TraceCheckUtils]: 122: Hoare triple {23252#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~9#1; {23252#false} is VALID [2022-02-20 18:00:25,063 INFO L272 TraceCheckUtils]: 123: Hoare triple {23252#false} call __utac_acc__SignForward_spec__1_#t~ret78#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {23251#true} is VALID [2022-02-20 18:00:25,063 INFO L290 TraceCheckUtils]: 124: Hoare triple {23251#true} ~handle := #in~handle;havoc ~retValue_acc~11; {23251#true} is VALID [2022-02-20 18:00:25,063 INFO L290 TraceCheckUtils]: 125: Hoare triple {23251#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {23251#true} is VALID [2022-02-20 18:00:25,063 INFO L290 TraceCheckUtils]: 126: Hoare triple {23251#true} assume true; {23251#true} is VALID [2022-02-20 18:00:25,064 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {23251#true} {23252#false} #1247#return; {23252#false} is VALID [2022-02-20 18:00:25,064 INFO L290 TraceCheckUtils]: 128: Hoare triple {23252#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret78#1 && __utac_acc__SignForward_spec__1_#t~ret78#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~21#1 := __utac_acc__SignForward_spec__1_#t~ret78#1;havoc __utac_acc__SignForward_spec__1_#t~ret78#1; {23252#false} is VALID [2022-02-20 18:00:25,064 INFO L290 TraceCheckUtils]: 129: Hoare triple {23252#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~21#1;assume { :begin_inline___automaton_fail } true; {23252#false} is VALID [2022-02-20 18:00:25,064 INFO L290 TraceCheckUtils]: 130: Hoare triple {23252#false} assume !false; {23252#false} is VALID [2022-02-20 18:00:25,064 INFO L134 CoverageAnalysis]: Checked inductivity of 35 backedges. 13 proven. 0 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 18:00:25,064 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:00:25,065 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1233776163] [2022-02-20 18:00:25,065 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1233776163] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:00:25,065 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:00:25,065 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 18:00:25,065 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1992361487] [2022-02-20 18:00:25,065 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:00:25,066 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 7.909090909090909) internal successors, (87), 8 states have internal predecessors, (87), 4 states have call successors, (18), 6 states have call predecessors, (18), 3 states have return successors, (15), 3 states have call predecessors, (15), 4 states have call successors, (15) Word has length 131 [2022-02-20 18:00:25,066 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:00:25,066 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 7.909090909090909) internal successors, (87), 8 states have internal predecessors, (87), 4 states have call successors, (18), 6 states have call predecessors, (18), 3 states have return successors, (15), 3 states have call predecessors, (15), 4 states have call successors, (15) [2022-02-20 18:00:25,133 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 120 edges. 120 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:25,133 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 18:00:25,134 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:00:25,134 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 18:00:25,134 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:00:25,135 INFO L87 Difference]: Start difference. First operand 493 states and 760 transitions. Second operand has 12 states, 11 states have (on average 7.909090909090909) internal successors, (87), 8 states have internal predecessors, (87), 4 states have call successors, (18), 6 states have call predecessors, (18), 3 states have return successors, (15), 3 states have call predecessors, (15), 4 states have call successors, (15) [2022-02-20 18:00:35,550 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:35,551 INFO L93 Difference]: Finished difference Result 1093 states and 1707 transitions. [2022-02-20 18:00:35,551 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2022-02-20 18:00:35,551 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 7.909090909090909) internal successors, (87), 8 states have internal predecessors, (87), 4 states have call successors, (18), 6 states have call predecessors, (18), 3 states have return successors, (15), 3 states have call predecessors, (15), 4 states have call successors, (15) Word has length 131 [2022-02-20 18:00:35,551 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:00:35,551 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 7.909090909090909) internal successors, (87), 8 states have internal predecessors, (87), 4 states have call successors, (18), 6 states have call predecessors, (18), 3 states have return successors, (15), 3 states have call predecessors, (15), 4 states have call successors, (15) [2022-02-20 18:00:35,563 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1459 transitions. [2022-02-20 18:00:35,563 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 7.909090909090909) internal successors, (87), 8 states have internal predecessors, (87), 4 states have call successors, (18), 6 states have call predecessors, (18), 3 states have return successors, (15), 3 states have call predecessors, (15), 4 states have call successors, (15) [2022-02-20 18:00:35,574 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1459 transitions. [2022-02-20 18:00:35,574 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 1459 transitions. [2022-02-20 18:00:36,729 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1459 edges. 1459 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:36,748 INFO L225 Difference]: With dead ends: 1093 [2022-02-20 18:00:36,749 INFO L226 Difference]: Without dead ends: 627 [2022-02-20 18:00:36,750 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 55 GetRequests, 33 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 71 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=112, Invalid=440, Unknown=0, NotChecked=0, Total=552 [2022-02-20 18:00:36,751 INFO L933 BasicCegarLoop]: 678 mSDtfsCounter, 1689 mSDsluCounter, 1366 mSDsCounter, 0 mSdLazyCounter, 4185 mSolverCounterSat, 632 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 4.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1689 SdHoareTripleChecker+Valid, 2044 SdHoareTripleChecker+Invalid, 4817 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 632 IncrementalHoareTripleChecker+Valid, 4185 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 4.9s IncrementalHoareTripleChecker+Time [2022-02-20 18:00:36,751 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1689 Valid, 2044 Invalid, 4817 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [632 Valid, 4185 Invalid, 0 Unknown, 0 Unchecked, 4.9s Time] [2022-02-20 18:00:36,752 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 627 states. [2022-02-20 18:00:36,836 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 627 to 493. [2022-02-20 18:00:36,836 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:00:36,837 INFO L82 GeneralOperation]: Start isEquivalent. First operand 627 states. Second operand has 493 states, 382 states have (on average 1.557591623036649) internal successors, (595), 389 states have internal predecessors, (595), 79 states have call successors, (79), 28 states have call predecessors, (79), 31 states have return successors, (85), 77 states have call predecessors, (85), 78 states have call successors, (85) [2022-02-20 18:00:36,838 INFO L74 IsIncluded]: Start isIncluded. First operand 627 states. Second operand has 493 states, 382 states have (on average 1.557591623036649) internal successors, (595), 389 states have internal predecessors, (595), 79 states have call successors, (79), 28 states have call predecessors, (79), 31 states have return successors, (85), 77 states have call predecessors, (85), 78 states have call successors, (85) [2022-02-20 18:00:36,838 INFO L87 Difference]: Start difference. First operand 627 states. Second operand has 493 states, 382 states have (on average 1.557591623036649) internal successors, (595), 389 states have internal predecessors, (595), 79 states have call successors, (79), 28 states have call predecessors, (79), 31 states have return successors, (85), 77 states have call predecessors, (85), 78 states have call successors, (85) [2022-02-20 18:00:36,858 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:36,858 INFO L93 Difference]: Finished difference Result 627 states and 984 transitions. [2022-02-20 18:00:36,858 INFO L276 IsEmpty]: Start isEmpty. Operand 627 states and 984 transitions. [2022-02-20 18:00:36,860 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:36,861 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:36,862 INFO L74 IsIncluded]: Start isIncluded. First operand has 493 states, 382 states have (on average 1.557591623036649) internal successors, (595), 389 states have internal predecessors, (595), 79 states have call successors, (79), 28 states have call predecessors, (79), 31 states have return successors, (85), 77 states have call predecessors, (85), 78 states have call successors, (85) Second operand 627 states. [2022-02-20 18:00:36,862 INFO L87 Difference]: Start difference. First operand has 493 states, 382 states have (on average 1.557591623036649) internal successors, (595), 389 states have internal predecessors, (595), 79 states have call successors, (79), 28 states have call predecessors, (79), 31 states have return successors, (85), 77 states have call predecessors, (85), 78 states have call successors, (85) Second operand 627 states. [2022-02-20 18:00:36,882 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:36,882 INFO L93 Difference]: Finished difference Result 627 states and 984 transitions. [2022-02-20 18:00:36,882 INFO L276 IsEmpty]: Start isEmpty. Operand 627 states and 984 transitions. [2022-02-20 18:00:36,885 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:36,885 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:36,885 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:00:36,885 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:00:36,886 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 493 states, 382 states have (on average 1.557591623036649) internal successors, (595), 389 states have internal predecessors, (595), 79 states have call successors, (79), 28 states have call predecessors, (79), 31 states have return successors, (85), 77 states have call predecessors, (85), 78 states have call successors, (85) [2022-02-20 18:00:36,900 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 493 states to 493 states and 759 transitions. [2022-02-20 18:00:36,901 INFO L78 Accepts]: Start accepts. Automaton has 493 states and 759 transitions. Word has length 131 [2022-02-20 18:00:36,901 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:00:36,901 INFO L470 AbstractCegarLoop]: Abstraction has 493 states and 759 transitions. [2022-02-20 18:00:36,901 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 12 states, 11 states have (on average 7.909090909090909) internal successors, (87), 8 states have internal predecessors, (87), 4 states have call successors, (18), 6 states have call predecessors, (18), 3 states have return successors, (15), 3 states have call predecessors, (15), 4 states have call successors, (15) [2022-02-20 18:00:36,902 INFO L276 IsEmpty]: Start isEmpty. Operand 493 states and 759 transitions. [2022-02-20 18:00:36,903 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 152 [2022-02-20 18:00:36,903 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:00:36,904 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:00:36,904 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-02-20 18:00:36,904 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:00:36,904 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:00:36,904 INFO L85 PathProgramCache]: Analyzing trace with hash 798997829, now seen corresponding path program 1 times [2022-02-20 18:00:36,904 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:00:36,905 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [387947271] [2022-02-20 18:00:36,905 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:36,905 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:00:36,930 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:36,952 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:00:36,954 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:36,956 INFO L290 TraceCheckUtils]: 0: Hoare triple {26894#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {26811#true} is VALID [2022-02-20 18:00:36,956 INFO L290 TraceCheckUtils]: 1: Hoare triple {26811#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {26811#true} is VALID [2022-02-20 18:00:36,956 INFO L290 TraceCheckUtils]: 2: Hoare triple {26811#true} assume true; {26811#true} is VALID [2022-02-20 18:00:36,956 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26811#true} {26811#true} #1279#return; {26811#true} is VALID [2022-02-20 18:00:36,961 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:00:36,962 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:36,964 INFO L290 TraceCheckUtils]: 0: Hoare triple {26895#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {26811#true} is VALID [2022-02-20 18:00:36,964 INFO L290 TraceCheckUtils]: 1: Hoare triple {26811#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {26811#true} is VALID [2022-02-20 18:00:36,965 INFO L290 TraceCheckUtils]: 2: Hoare triple {26811#true} assume true; {26811#true} is VALID [2022-02-20 18:00:36,965 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26811#true} {26811#true} #1281#return; {26811#true} is VALID [2022-02-20 18:00:36,965 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:00:36,967 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:36,968 INFO L290 TraceCheckUtils]: 0: Hoare triple {26894#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {26811#true} is VALID [2022-02-20 18:00:36,969 INFO L290 TraceCheckUtils]: 1: Hoare triple {26811#true} assume !(1 == ~handle); {26811#true} is VALID [2022-02-20 18:00:36,969 INFO L290 TraceCheckUtils]: 2: Hoare triple {26811#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {26811#true} is VALID [2022-02-20 18:00:36,969 INFO L290 TraceCheckUtils]: 3: Hoare triple {26811#true} assume true; {26811#true} is VALID [2022-02-20 18:00:36,969 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {26811#true} {26811#true} #1283#return; {26811#true} is VALID [2022-02-20 18:00:36,969 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:00:36,970 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:36,972 INFO L290 TraceCheckUtils]: 0: Hoare triple {26895#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {26811#true} is VALID [2022-02-20 18:00:36,972 INFO L290 TraceCheckUtils]: 1: Hoare triple {26811#true} assume !(1 == ~handle); {26811#true} is VALID [2022-02-20 18:00:36,972 INFO L290 TraceCheckUtils]: 2: Hoare triple {26811#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {26811#true} is VALID [2022-02-20 18:00:36,972 INFO L290 TraceCheckUtils]: 3: Hoare triple {26811#true} assume true; {26811#true} is VALID [2022-02-20 18:00:36,972 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {26811#true} {26811#true} #1285#return; {26811#true} is VALID [2022-02-20 18:00:36,972 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:00:36,974 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:36,986 INFO L290 TraceCheckUtils]: 0: Hoare triple {26894#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {26896#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:36,987 INFO L290 TraceCheckUtils]: 1: Hoare triple {26896#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {26896#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:36,987 INFO L290 TraceCheckUtils]: 2: Hoare triple {26896#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {26896#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:36,987 INFO L290 TraceCheckUtils]: 3: Hoare triple {26896#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {26897#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:36,988 INFO L290 TraceCheckUtils]: 4: Hoare triple {26897#(= 3 |setClientId_#in~handle|)} assume true; {26897#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:36,988 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {26897#(= 3 |setClientId_#in~handle|)} {26831#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1287#return; {26838#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:00:36,988 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:00:36,990 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:37,004 INFO L290 TraceCheckUtils]: 0: Hoare triple {26895#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {26898#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:37,004 INFO L290 TraceCheckUtils]: 1: Hoare triple {26898#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {26898#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:37,005 INFO L290 TraceCheckUtils]: 2: Hoare triple {26898#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {26899#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:37,005 INFO L290 TraceCheckUtils]: 3: Hoare triple {26899#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {26899#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:37,005 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {26899#(= 2 |setClientPrivateKey_#in~handle|)} {26838#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1289#return; {26812#false} is VALID [2022-02-20 18:00:37,012 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63 [2022-02-20 18:00:37,014 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:37,015 INFO L290 TraceCheckUtils]: 0: Hoare triple {26900#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {26811#true} is VALID [2022-02-20 18:00:37,015 INFO L290 TraceCheckUtils]: 1: Hoare triple {26811#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {26811#true} is VALID [2022-02-20 18:00:37,016 INFO L290 TraceCheckUtils]: 2: Hoare triple {26811#true} assume true; {26811#true} is VALID [2022-02-20 18:00:37,016 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26811#true} {26812#false} #1221#return; {26812#false} is VALID [2022-02-20 18:00:37,023 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 18:00:37,024 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:37,026 INFO L290 TraceCheckUtils]: 0: Hoare triple {26901#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {26811#true} is VALID [2022-02-20 18:00:37,026 INFO L290 TraceCheckUtils]: 1: Hoare triple {26811#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {26811#true} is VALID [2022-02-20 18:00:37,026 INFO L290 TraceCheckUtils]: 2: Hoare triple {26811#true} assume true; {26811#true} is VALID [2022-02-20 18:00:37,026 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26811#true} {26812#false} #1223#return; {26812#false} is VALID [2022-02-20 18:00:37,026 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 18:00:37,027 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:37,029 INFO L290 TraceCheckUtils]: 0: Hoare triple {26811#true} ~handle := #in~handle;havoc ~retValue_acc~11; {26811#true} is VALID [2022-02-20 18:00:37,029 INFO L290 TraceCheckUtils]: 1: Hoare triple {26811#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {26811#true} is VALID [2022-02-20 18:00:37,029 INFO L290 TraceCheckUtils]: 2: Hoare triple {26811#true} assume true; {26811#true} is VALID [2022-02-20 18:00:37,029 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26811#true} {26812#false} #1201#return; {26812#false} is VALID [2022-02-20 18:00:37,029 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 18:00:37,030 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:37,031 INFO L290 TraceCheckUtils]: 0: Hoare triple {26811#true} ~handle := #in~handle;havoc ~retValue_acc~5; {26811#true} is VALID [2022-02-20 18:00:37,032 INFO L290 TraceCheckUtils]: 1: Hoare triple {26811#true} assume 1 == ~handle;~retValue_acc~5 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~5; {26811#true} is VALID [2022-02-20 18:00:37,032 INFO L290 TraceCheckUtils]: 2: Hoare triple {26811#true} assume true; {26811#true} is VALID [2022-02-20 18:00:37,032 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26811#true} {26812#false} #1203#return; {26812#false} is VALID [2022-02-20 18:00:37,032 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 18:00:37,033 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:37,034 INFO L290 TraceCheckUtils]: 0: Hoare triple {26811#true} ~handle := #in~handle;havoc ~retValue_acc~36; {26811#true} is VALID [2022-02-20 18:00:37,034 INFO L290 TraceCheckUtils]: 1: Hoare triple {26811#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {26811#true} is VALID [2022-02-20 18:00:37,034 INFO L290 TraceCheckUtils]: 2: Hoare triple {26811#true} assume true; {26811#true} is VALID [2022-02-20 18:00:37,035 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26811#true} {26812#false} #1205#return; {26812#false} is VALID [2022-02-20 18:00:37,035 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99 [2022-02-20 18:00:37,035 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:37,037 INFO L290 TraceCheckUtils]: 0: Hoare triple {26811#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~9; {26811#true} is VALID [2022-02-20 18:00:37,037 INFO L290 TraceCheckUtils]: 1: Hoare triple {26811#true} assume 1 == ~handle; {26811#true} is VALID [2022-02-20 18:00:37,037 INFO L290 TraceCheckUtils]: 2: Hoare triple {26811#true} assume 0 == ~index;~retValue_acc~9 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~9; {26811#true} is VALID [2022-02-20 18:00:37,037 INFO L290 TraceCheckUtils]: 3: Hoare triple {26811#true} assume true; {26811#true} is VALID [2022-02-20 18:00:37,037 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {26811#true} {26812#false} #1207#return; {26812#false} is VALID [2022-02-20 18:00:37,038 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 106 [2022-02-20 18:00:37,038 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:37,040 INFO L290 TraceCheckUtils]: 0: Hoare triple {26901#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {26811#true} is VALID [2022-02-20 18:00:37,040 INFO L290 TraceCheckUtils]: 1: Hoare triple {26811#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {26811#true} is VALID [2022-02-20 18:00:37,040 INFO L290 TraceCheckUtils]: 2: Hoare triple {26811#true} assume true; {26811#true} is VALID [2022-02-20 18:00:37,040 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26811#true} {26812#false} #1209#return; {26812#false} is VALID [2022-02-20 18:00:37,040 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 113 [2022-02-20 18:00:37,041 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:37,042 INFO L290 TraceCheckUtils]: 0: Hoare triple {26811#true} ~handle := #in~handle;havoc ~retValue_acc~36; {26811#true} is VALID [2022-02-20 18:00:37,042 INFO L290 TraceCheckUtils]: 1: Hoare triple {26811#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {26811#true} is VALID [2022-02-20 18:00:37,043 INFO L290 TraceCheckUtils]: 2: Hoare triple {26811#true} assume true; {26811#true} is VALID [2022-02-20 18:00:37,043 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26811#true} {26812#false} #1235#return; {26812#false} is VALID [2022-02-20 18:00:37,043 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 119 [2022-02-20 18:00:37,044 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:37,045 INFO L290 TraceCheckUtils]: 0: Hoare triple {26811#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~16; {26811#true} is VALID [2022-02-20 18:00:37,045 INFO L290 TraceCheckUtils]: 1: Hoare triple {26811#true} assume 1 == ~handle; {26811#true} is VALID [2022-02-20 18:00:37,045 INFO L290 TraceCheckUtils]: 2: Hoare triple {26811#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~16 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~16; {26811#true} is VALID [2022-02-20 18:00:37,046 INFO L290 TraceCheckUtils]: 3: Hoare triple {26811#true} assume true; {26811#true} is VALID [2022-02-20 18:00:37,046 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {26811#true} {26812#false} #1237#return; {26812#false} is VALID [2022-02-20 18:00:37,046 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 130 [2022-02-20 18:00:37,047 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:37,049 INFO L290 TraceCheckUtils]: 0: Hoare triple {26900#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {26811#true} is VALID [2022-02-20 18:00:37,049 INFO L290 TraceCheckUtils]: 1: Hoare triple {26811#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {26811#true} is VALID [2022-02-20 18:00:37,049 INFO L290 TraceCheckUtils]: 2: Hoare triple {26811#true} assume true; {26811#true} is VALID [2022-02-20 18:00:37,050 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26811#true} {26812#false} #1243#return; {26812#false} is VALID [2022-02-20 18:00:37,050 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 136 [2022-02-20 18:00:37,050 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:37,052 INFO L290 TraceCheckUtils]: 0: Hoare triple {26811#true} ~handle := #in~handle;havoc ~retValue_acc~41; {26811#true} is VALID [2022-02-20 18:00:37,052 INFO L290 TraceCheckUtils]: 1: Hoare triple {26811#true} assume 1 == ~handle;~retValue_acc~41 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~41; {26811#true} is VALID [2022-02-20 18:00:37,052 INFO L290 TraceCheckUtils]: 2: Hoare triple {26811#true} assume true; {26811#true} is VALID [2022-02-20 18:00:37,052 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26811#true} {26812#false} #1245#return; {26812#false} is VALID [2022-02-20 18:00:37,053 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 143 [2022-02-20 18:00:37,053 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:37,055 INFO L290 TraceCheckUtils]: 0: Hoare triple {26811#true} ~handle := #in~handle;havoc ~retValue_acc~11; {26811#true} is VALID [2022-02-20 18:00:37,055 INFO L290 TraceCheckUtils]: 1: Hoare triple {26811#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {26811#true} is VALID [2022-02-20 18:00:37,056 INFO L290 TraceCheckUtils]: 2: Hoare triple {26811#true} assume true; {26811#true} is VALID [2022-02-20 18:00:37,056 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26811#true} {26812#false} #1247#return; {26812#false} is VALID [2022-02-20 18:00:37,056 INFO L290 TraceCheckUtils]: 0: Hoare triple {26811#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(13, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(34, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(20, 25);call #Ultimate.allocInit(22, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {26811#true} is VALID [2022-02-20 18:00:37,056 INFO L290 TraceCheckUtils]: 1: Hoare triple {26811#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret15#1, main_~retValue_acc~19#1, main_~tmp~3#1;havoc main_~retValue_acc~19#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {26811#true} is VALID [2022-02-20 18:00:37,056 INFO L290 TraceCheckUtils]: 2: Hoare triple {26811#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {26811#true} is VALID [2022-02-20 18:00:37,056 INFO L290 TraceCheckUtils]: 3: Hoare triple {26811#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {26811#true} is VALID [2022-02-20 18:00:37,056 INFO L290 TraceCheckUtils]: 4: Hoare triple {26811#true} main_#t~ret15#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret15#1 && main_#t~ret15#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret15#1;havoc main_#t~ret15#1; {26811#true} is VALID [2022-02-20 18:00:37,057 INFO L290 TraceCheckUtils]: 5: Hoare triple {26811#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet12#1, setup_#t~nondet13#1, setup_#t~nondet14#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {26811#true} is VALID [2022-02-20 18:00:37,057 INFO L272 TraceCheckUtils]: 6: Hoare triple {26811#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {26894#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:37,057 INFO L290 TraceCheckUtils]: 7: Hoare triple {26894#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {26811#true} is VALID [2022-02-20 18:00:37,057 INFO L290 TraceCheckUtils]: 8: Hoare triple {26811#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {26811#true} is VALID [2022-02-20 18:00:37,057 INFO L290 TraceCheckUtils]: 9: Hoare triple {26811#true} assume true; {26811#true} is VALID [2022-02-20 18:00:37,058 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {26811#true} {26811#true} #1279#return; {26811#true} is VALID [2022-02-20 18:00:37,058 INFO L290 TraceCheckUtils]: 11: Hoare triple {26811#true} assume { :end_inline_setup_bob__wrappee__Base } true; {26811#true} is VALID [2022-02-20 18:00:37,058 INFO L272 TraceCheckUtils]: 12: Hoare triple {26811#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {26895#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:37,058 INFO L290 TraceCheckUtils]: 13: Hoare triple {26895#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {26811#true} is VALID [2022-02-20 18:00:37,058 INFO L290 TraceCheckUtils]: 14: Hoare triple {26811#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {26811#true} is VALID [2022-02-20 18:00:37,059 INFO L290 TraceCheckUtils]: 15: Hoare triple {26811#true} assume true; {26811#true} is VALID [2022-02-20 18:00:37,059 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {26811#true} {26811#true} #1281#return; {26811#true} is VALID [2022-02-20 18:00:37,059 INFO L290 TraceCheckUtils]: 17: Hoare triple {26811#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet12#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {26811#true} is VALID [2022-02-20 18:00:37,059 INFO L272 TraceCheckUtils]: 18: Hoare triple {26811#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {26894#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:37,059 INFO L290 TraceCheckUtils]: 19: Hoare triple {26894#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {26811#true} is VALID [2022-02-20 18:00:37,060 INFO L290 TraceCheckUtils]: 20: Hoare triple {26811#true} assume !(1 == ~handle); {26811#true} is VALID [2022-02-20 18:00:37,060 INFO L290 TraceCheckUtils]: 21: Hoare triple {26811#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {26811#true} is VALID [2022-02-20 18:00:37,060 INFO L290 TraceCheckUtils]: 22: Hoare triple {26811#true} assume true; {26811#true} is VALID [2022-02-20 18:00:37,060 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {26811#true} {26811#true} #1283#return; {26811#true} is VALID [2022-02-20 18:00:37,060 INFO L290 TraceCheckUtils]: 24: Hoare triple {26811#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {26811#true} is VALID [2022-02-20 18:00:37,061 INFO L272 TraceCheckUtils]: 25: Hoare triple {26811#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {26895#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:37,061 INFO L290 TraceCheckUtils]: 26: Hoare triple {26895#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {26811#true} is VALID [2022-02-20 18:00:37,061 INFO L290 TraceCheckUtils]: 27: Hoare triple {26811#true} assume !(1 == ~handle); {26811#true} is VALID [2022-02-20 18:00:37,061 INFO L290 TraceCheckUtils]: 28: Hoare triple {26811#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {26811#true} is VALID [2022-02-20 18:00:37,061 INFO L290 TraceCheckUtils]: 29: Hoare triple {26811#true} assume true; {26811#true} is VALID [2022-02-20 18:00:37,061 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {26811#true} {26811#true} #1285#return; {26811#true} is VALID [2022-02-20 18:00:37,062 INFO L290 TraceCheckUtils]: 31: Hoare triple {26811#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet13#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {26831#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:00:37,062 INFO L272 TraceCheckUtils]: 32: Hoare triple {26831#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {26894#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:37,062 INFO L290 TraceCheckUtils]: 33: Hoare triple {26894#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {26896#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:37,063 INFO L290 TraceCheckUtils]: 34: Hoare triple {26896#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {26896#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:37,063 INFO L290 TraceCheckUtils]: 35: Hoare triple {26896#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {26896#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:37,063 INFO L290 TraceCheckUtils]: 36: Hoare triple {26896#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {26897#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:37,064 INFO L290 TraceCheckUtils]: 37: Hoare triple {26897#(= 3 |setClientId_#in~handle|)} assume true; {26897#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:37,064 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {26897#(= 3 |setClientId_#in~handle|)} {26831#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1287#return; {26838#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:00:37,064 INFO L290 TraceCheckUtils]: 39: Hoare triple {26838#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} assume { :end_inline_setup_chuck__wrappee__Base } true; {26838#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:00:37,065 INFO L272 TraceCheckUtils]: 40: Hoare triple {26838#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {26895#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:37,065 INFO L290 TraceCheckUtils]: 41: Hoare triple {26895#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {26898#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:37,066 INFO L290 TraceCheckUtils]: 42: Hoare triple {26898#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {26898#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:37,066 INFO L290 TraceCheckUtils]: 43: Hoare triple {26898#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {26899#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:37,066 INFO L290 TraceCheckUtils]: 44: Hoare triple {26899#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {26899#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:37,067 INFO L284 TraceCheckUtils]: 45: Hoare quadruple {26899#(= 2 |setClientPrivateKey_#in~handle|)} {26838#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1289#return; {26812#false} is VALID [2022-02-20 18:00:37,067 INFO L290 TraceCheckUtils]: 46: Hoare triple {26812#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 8, 0;havoc setup_#t~nondet14#1; {26812#false} is VALID [2022-02-20 18:00:37,067 INFO L290 TraceCheckUtils]: 47: Hoare triple {26812#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_#t~nondet107#1, test_#t~nondet108#1, test_#t~nondet109#1, test_#t~nondet110#1, test_#t~nondet111#1, test_#t~nondet112#1, test_#t~nondet113#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~25#1, test_~tmp___0~10#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~25#1;havoc test_~tmp___0~10#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {26812#false} is VALID [2022-02-20 18:00:37,067 INFO L290 TraceCheckUtils]: 48: Hoare triple {26812#false} assume !false; {26812#false} is VALID [2022-02-20 18:00:37,067 INFO L290 TraceCheckUtils]: 49: Hoare triple {26812#false} assume test_~splverifierCounter~0#1 < 4; {26812#false} is VALID [2022-02-20 18:00:37,067 INFO L290 TraceCheckUtils]: 50: Hoare triple {26812#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {26812#false} is VALID [2022-02-20 18:00:37,067 INFO L290 TraceCheckUtils]: 51: Hoare triple {26812#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet103#1 && test_#t~nondet103#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet103#1;havoc test_#t~nondet103#1; {26812#false} is VALID [2022-02-20 18:00:37,067 INFO L290 TraceCheckUtils]: 52: Hoare triple {26812#false} assume !(0 != test_~tmp___9~0#1); {26812#false} is VALID [2022-02-20 18:00:37,068 INFO L290 TraceCheckUtils]: 53: Hoare triple {26812#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet104#1 && test_#t~nondet104#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet104#1;havoc test_#t~nondet104#1; {26812#false} is VALID [2022-02-20 18:00:37,068 INFO L290 TraceCheckUtils]: 54: Hoare triple {26812#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {26812#false} is VALID [2022-02-20 18:00:37,068 INFO L290 TraceCheckUtils]: 55: Hoare triple {26812#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {26812#false} is VALID [2022-02-20 18:00:37,068 INFO L290 TraceCheckUtils]: 56: Hoare triple {26812#false} assume { :end_inline_setClientAutoResponse } true; {26812#false} is VALID [2022-02-20 18:00:37,068 INFO L290 TraceCheckUtils]: 57: Hoare triple {26812#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {26812#false} is VALID [2022-02-20 18:00:37,068 INFO L290 TraceCheckUtils]: 58: Hoare triple {26812#false} assume !false; {26812#false} is VALID [2022-02-20 18:00:37,068 INFO L290 TraceCheckUtils]: 59: Hoare triple {26812#false} assume !(test_~splverifierCounter~0#1 < 4); {26812#false} is VALID [2022-02-20 18:00:37,068 INFO L290 TraceCheckUtils]: 60: Hoare triple {26812#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_#t~ret10#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret7#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret7#1 && bobToRjh_#t~ret7#1 <= 2147483647;havoc bobToRjh_#t~ret7#1; {26812#false} is VALID [2022-02-20 18:00:37,068 INFO L272 TraceCheckUtils]: 61: Hoare triple {26812#false} call sendEmail(~bob~0, ~rjh~0); {26812#false} is VALID [2022-02-20 18:00:37,069 INFO L290 TraceCheckUtils]: 62: Hoare triple {26812#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {26812#false} is VALID [2022-02-20 18:00:37,069 INFO L272 TraceCheckUtils]: 63: Hoare triple {26812#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {26900#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:37,069 INFO L290 TraceCheckUtils]: 64: Hoare triple {26900#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {26811#true} is VALID [2022-02-20 18:00:37,069 INFO L290 TraceCheckUtils]: 65: Hoare triple {26811#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {26811#true} is VALID [2022-02-20 18:00:37,069 INFO L290 TraceCheckUtils]: 66: Hoare triple {26811#true} assume true; {26811#true} is VALID [2022-02-20 18:00:37,069 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {26811#true} {26812#false} #1221#return; {26812#false} is VALID [2022-02-20 18:00:37,069 INFO L272 TraceCheckUtils]: 68: Hoare triple {26812#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {26901#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:00:37,069 INFO L290 TraceCheckUtils]: 69: Hoare triple {26901#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {26811#true} is VALID [2022-02-20 18:00:37,070 INFO L290 TraceCheckUtils]: 70: Hoare triple {26811#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {26811#true} is VALID [2022-02-20 18:00:37,070 INFO L290 TraceCheckUtils]: 71: Hoare triple {26811#true} assume true; {26811#true} is VALID [2022-02-20 18:00:37,070 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {26811#true} {26812#false} #1223#return; {26812#false} is VALID [2022-02-20 18:00:37,070 INFO L290 TraceCheckUtils]: 73: Hoare triple {26812#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {26812#false} is VALID [2022-02-20 18:00:37,070 INFO L290 TraceCheckUtils]: 74: Hoare triple {26812#false} #t~ret65#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret65#1 && #t~ret65#1 <= 2147483647;~tmp~17#1 := #t~ret65#1;havoc #t~ret65#1;~email~0#1 := ~tmp~17#1; {26812#false} is VALID [2022-02-20 18:00:37,070 INFO L272 TraceCheckUtils]: 75: Hoare triple {26812#false} call outgoing(~sender#1, ~email~0#1); {26812#false} is VALID [2022-02-20 18:00:37,070 INFO L290 TraceCheckUtils]: 76: Hoare triple {26812#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret69#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~19#1; {26812#false} is VALID [2022-02-20 18:00:37,070 INFO L272 TraceCheckUtils]: 77: Hoare triple {26812#false} call sign_#t~ret69#1 := getClientPrivateKey(sign_~client#1); {26811#true} is VALID [2022-02-20 18:00:37,071 INFO L290 TraceCheckUtils]: 78: Hoare triple {26811#true} ~handle := #in~handle;havoc ~retValue_acc~11; {26811#true} is VALID [2022-02-20 18:00:37,071 INFO L290 TraceCheckUtils]: 79: Hoare triple {26811#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {26811#true} is VALID [2022-02-20 18:00:37,071 INFO L290 TraceCheckUtils]: 80: Hoare triple {26811#true} assume true; {26811#true} is VALID [2022-02-20 18:00:37,071 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {26811#true} {26812#false} #1201#return; {26812#false} is VALID [2022-02-20 18:00:37,071 INFO L290 TraceCheckUtils]: 82: Hoare triple {26812#false} assume -2147483648 <= sign_#t~ret69#1 && sign_#t~ret69#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret69#1;havoc sign_#t~ret69#1;sign_~privkey~1#1 := sign_~tmp~19#1; {26812#false} is VALID [2022-02-20 18:00:37,071 INFO L290 TraceCheckUtils]: 83: Hoare triple {26812#false} assume 0 == sign_~privkey~1#1; {26812#false} is VALID [2022-02-20 18:00:37,071 INFO L290 TraceCheckUtils]: 84: Hoare triple {26812#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret52#1, outgoing__wrappee__AddressBook_#t~ret53#1, outgoing__wrappee__AddressBook_#t~ret54#1, outgoing__wrappee__AddressBook_#t~ret55#1, outgoing__wrappee__AddressBook_#t~ret56#1, outgoing__wrappee__AddressBook_#t~ret57#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~13#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~6#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~13#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~6#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {26812#false} is VALID [2022-02-20 18:00:37,071 INFO L272 TraceCheckUtils]: 85: Hoare triple {26812#false} call outgoing__wrappee__AddressBook_#t~ret52#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {26811#true} is VALID [2022-02-20 18:00:37,072 INFO L290 TraceCheckUtils]: 86: Hoare triple {26811#true} ~handle := #in~handle;havoc ~retValue_acc~5; {26811#true} is VALID [2022-02-20 18:00:37,072 INFO L290 TraceCheckUtils]: 87: Hoare triple {26811#true} assume 1 == ~handle;~retValue_acc~5 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~5; {26811#true} is VALID [2022-02-20 18:00:37,072 INFO L290 TraceCheckUtils]: 88: Hoare triple {26811#true} assume true; {26811#true} is VALID [2022-02-20 18:00:37,072 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {26811#true} {26812#false} #1203#return; {26812#false} is VALID [2022-02-20 18:00:37,072 INFO L290 TraceCheckUtils]: 90: Hoare triple {26812#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret52#1 && outgoing__wrappee__AddressBook_#t~ret52#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~13#1 := outgoing__wrappee__AddressBook_#t~ret52#1;havoc outgoing__wrappee__AddressBook_#t~ret52#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~13#1; {26812#false} is VALID [2022-02-20 18:00:37,072 INFO L290 TraceCheckUtils]: 91: Hoare triple {26812#false} assume 0 != outgoing__wrappee__AddressBook_~size~2#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {26812#false} is VALID [2022-02-20 18:00:37,072 INFO L290 TraceCheckUtils]: 92: Hoare triple {26812#false} assume { :end_inline_sendToAddressBook } true;call outgoing__wrappee__AddressBook_#t~ret53#1 := puts(22, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret53#1 && outgoing__wrappee__AddressBook_#t~ret53#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret53#1; {26812#false} is VALID [2022-02-20 18:00:37,072 INFO L272 TraceCheckUtils]: 93: Hoare triple {26812#false} call outgoing__wrappee__AddressBook_#t~ret54#1 := getEmailTo(outgoing__wrappee__AddressBook_~msg#1); {26811#true} is VALID [2022-02-20 18:00:37,073 INFO L290 TraceCheckUtils]: 94: Hoare triple {26811#true} ~handle := #in~handle;havoc ~retValue_acc~36; {26811#true} is VALID [2022-02-20 18:00:37,073 INFO L290 TraceCheckUtils]: 95: Hoare triple {26811#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {26811#true} is VALID [2022-02-20 18:00:37,073 INFO L290 TraceCheckUtils]: 96: Hoare triple {26811#true} assume true; {26811#true} is VALID [2022-02-20 18:00:37,073 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {26811#true} {26812#false} #1205#return; {26812#false} is VALID [2022-02-20 18:00:37,073 INFO L290 TraceCheckUtils]: 98: Hoare triple {26812#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret54#1 && outgoing__wrappee__AddressBook_#t~ret54#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___0~6#1 := outgoing__wrappee__AddressBook_#t~ret54#1;havoc outgoing__wrappee__AddressBook_#t~ret54#1;outgoing__wrappee__AddressBook_~receiver~1#1 := outgoing__wrappee__AddressBook_~tmp___0~6#1;call outgoing__wrappee__AddressBook_#t~ret55#1 := puts(23, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret55#1 && outgoing__wrappee__AddressBook_#t~ret55#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret55#1; {26812#false} is VALID [2022-02-20 18:00:37,073 INFO L272 TraceCheckUtils]: 99: Hoare triple {26812#false} call outgoing__wrappee__AddressBook_#t~ret56#1 := getClientAddressBookAddress(outgoing__wrappee__AddressBook_~client#1, 1); {26811#true} is VALID [2022-02-20 18:00:37,073 INFO L290 TraceCheckUtils]: 100: Hoare triple {26811#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~9; {26811#true} is VALID [2022-02-20 18:00:37,073 INFO L290 TraceCheckUtils]: 101: Hoare triple {26811#true} assume 1 == ~handle; {26811#true} is VALID [2022-02-20 18:00:37,073 INFO L290 TraceCheckUtils]: 102: Hoare triple {26811#true} assume 0 == ~index;~retValue_acc~9 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~9; {26811#true} is VALID [2022-02-20 18:00:37,074 INFO L290 TraceCheckUtils]: 103: Hoare triple {26811#true} assume true; {26811#true} is VALID [2022-02-20 18:00:37,074 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {26811#true} {26812#false} #1207#return; {26812#false} is VALID [2022-02-20 18:00:37,074 INFO L290 TraceCheckUtils]: 105: Hoare triple {26812#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret56#1 && outgoing__wrappee__AddressBook_#t~ret56#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___1~2#1 := outgoing__wrappee__AddressBook_#t~ret56#1;havoc outgoing__wrappee__AddressBook_#t~ret56#1;outgoing__wrappee__AddressBook_~second~0#1 := outgoing__wrappee__AddressBook_~tmp___1~2#1; {26812#false} is VALID [2022-02-20 18:00:37,074 INFO L272 TraceCheckUtils]: 106: Hoare triple {26812#false} call setEmailTo(outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~second~0#1); {26901#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:00:37,074 INFO L290 TraceCheckUtils]: 107: Hoare triple {26901#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {26811#true} is VALID [2022-02-20 18:00:37,074 INFO L290 TraceCheckUtils]: 108: Hoare triple {26811#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {26811#true} is VALID [2022-02-20 18:00:37,074 INFO L290 TraceCheckUtils]: 109: Hoare triple {26811#true} assume true; {26811#true} is VALID [2022-02-20 18:00:37,074 INFO L284 TraceCheckUtils]: 110: Hoare quadruple {26811#true} {26812#false} #1209#return; {26812#false} is VALID [2022-02-20 18:00:37,075 INFO L272 TraceCheckUtils]: 111: Hoare triple {26812#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {26812#false} is VALID [2022-02-20 18:00:37,075 INFO L290 TraceCheckUtils]: 112: Hoare triple {26812#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~12#1;havoc ~pubkey~0#1;havoc ~tmp___0~5#1; {26812#false} is VALID [2022-02-20 18:00:37,075 INFO L272 TraceCheckUtils]: 113: Hoare triple {26812#false} call #t~ret50#1 := getEmailTo(~msg#1); {26811#true} is VALID [2022-02-20 18:00:37,075 INFO L290 TraceCheckUtils]: 114: Hoare triple {26811#true} ~handle := #in~handle;havoc ~retValue_acc~36; {26811#true} is VALID [2022-02-20 18:00:37,075 INFO L290 TraceCheckUtils]: 115: Hoare triple {26811#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {26811#true} is VALID [2022-02-20 18:00:37,075 INFO L290 TraceCheckUtils]: 116: Hoare triple {26811#true} assume true; {26811#true} is VALID [2022-02-20 18:00:37,075 INFO L284 TraceCheckUtils]: 117: Hoare quadruple {26811#true} {26812#false} #1235#return; {26812#false} is VALID [2022-02-20 18:00:37,075 INFO L290 TraceCheckUtils]: 118: Hoare triple {26812#false} assume -2147483648 <= #t~ret50#1 && #t~ret50#1 <= 2147483647;~tmp~12#1 := #t~ret50#1;havoc #t~ret50#1;~receiver~0#1 := ~tmp~12#1; {26812#false} is VALID [2022-02-20 18:00:37,076 INFO L272 TraceCheckUtils]: 119: Hoare triple {26812#false} call #t~ret51#1 := findPublicKey(~client#1, ~receiver~0#1); {26811#true} is VALID [2022-02-20 18:00:37,076 INFO L290 TraceCheckUtils]: 120: Hoare triple {26811#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~16; {26811#true} is VALID [2022-02-20 18:00:37,076 INFO L290 TraceCheckUtils]: 121: Hoare triple {26811#true} assume 1 == ~handle; {26811#true} is VALID [2022-02-20 18:00:37,076 INFO L290 TraceCheckUtils]: 122: Hoare triple {26811#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~16 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~16; {26811#true} is VALID [2022-02-20 18:00:37,076 INFO L290 TraceCheckUtils]: 123: Hoare triple {26811#true} assume true; {26811#true} is VALID [2022-02-20 18:00:37,076 INFO L284 TraceCheckUtils]: 124: Hoare quadruple {26811#true} {26812#false} #1237#return; {26812#false} is VALID [2022-02-20 18:00:37,076 INFO L290 TraceCheckUtils]: 125: Hoare triple {26812#false} assume -2147483648 <= #t~ret51#1 && #t~ret51#1 <= 2147483647;~tmp___0~5#1 := #t~ret51#1;havoc #t~ret51#1;~pubkey~0#1 := ~tmp___0~5#1; {26812#false} is VALID [2022-02-20 18:00:37,076 INFO L290 TraceCheckUtils]: 126: Hoare triple {26812#false} assume !(0 != ~pubkey~0#1); {26812#false} is VALID [2022-02-20 18:00:37,076 INFO L290 TraceCheckUtils]: 127: Hoare triple {26812#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret49#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~11#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~11#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~18#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~18#1; {26812#false} is VALID [2022-02-20 18:00:37,077 INFO L290 TraceCheckUtils]: 128: Hoare triple {26812#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~18#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~18#1; {26812#false} is VALID [2022-02-20 18:00:37,077 INFO L290 TraceCheckUtils]: 129: Hoare triple {26812#false} outgoing__wrappee__Keys_#t~ret49#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret49#1 && outgoing__wrappee__Keys_#t~ret49#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~11#1 := outgoing__wrappee__Keys_#t~ret49#1;havoc outgoing__wrappee__Keys_#t~ret49#1; {26812#false} is VALID [2022-02-20 18:00:37,077 INFO L272 TraceCheckUtils]: 130: Hoare triple {26812#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~11#1); {26900#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:37,077 INFO L290 TraceCheckUtils]: 131: Hoare triple {26900#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {26811#true} is VALID [2022-02-20 18:00:37,077 INFO L290 TraceCheckUtils]: 132: Hoare triple {26811#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {26811#true} is VALID [2022-02-20 18:00:37,077 INFO L290 TraceCheckUtils]: 133: Hoare triple {26811#true} assume true; {26811#true} is VALID [2022-02-20 18:00:37,077 INFO L284 TraceCheckUtils]: 134: Hoare quadruple {26811#true} {26812#false} #1243#return; {26812#false} is VALID [2022-02-20 18:00:37,077 INFO L290 TraceCheckUtils]: 135: Hoare triple {26812#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret47#1, mail_#t~ret48#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~10#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~10#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret76#1, __utac_acc__SignForward_spec__1_#t~ret77#1, __utac_acc__SignForward_spec__1_#t~ret78#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~21#1, __utac_acc__SignForward_spec__1_~tmp___0~9#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~21#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~9#1;call __utac_acc__SignForward_spec__1_#t~ret76#1 := puts(27, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret76#1 && __utac_acc__SignForward_spec__1_#t~ret76#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret76#1; {26812#false} is VALID [2022-02-20 18:00:37,078 INFO L272 TraceCheckUtils]: 136: Hoare triple {26812#false} call __utac_acc__SignForward_spec__1_#t~ret77#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {26811#true} is VALID [2022-02-20 18:00:37,078 INFO L290 TraceCheckUtils]: 137: Hoare triple {26811#true} ~handle := #in~handle;havoc ~retValue_acc~41; {26811#true} is VALID [2022-02-20 18:00:37,078 INFO L290 TraceCheckUtils]: 138: Hoare triple {26811#true} assume 1 == ~handle;~retValue_acc~41 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~41; {26811#true} is VALID [2022-02-20 18:00:37,078 INFO L290 TraceCheckUtils]: 139: Hoare triple {26811#true} assume true; {26811#true} is VALID [2022-02-20 18:00:37,078 INFO L284 TraceCheckUtils]: 140: Hoare quadruple {26811#true} {26812#false} #1245#return; {26812#false} is VALID [2022-02-20 18:00:37,078 INFO L290 TraceCheckUtils]: 141: Hoare triple {26812#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret77#1 && __utac_acc__SignForward_spec__1_#t~ret77#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~9#1 := __utac_acc__SignForward_spec__1_#t~ret77#1;havoc __utac_acc__SignForward_spec__1_#t~ret77#1; {26812#false} is VALID [2022-02-20 18:00:37,078 INFO L290 TraceCheckUtils]: 142: Hoare triple {26812#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~9#1; {26812#false} is VALID [2022-02-20 18:00:37,078 INFO L272 TraceCheckUtils]: 143: Hoare triple {26812#false} call __utac_acc__SignForward_spec__1_#t~ret78#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {26811#true} is VALID [2022-02-20 18:00:37,078 INFO L290 TraceCheckUtils]: 144: Hoare triple {26811#true} ~handle := #in~handle;havoc ~retValue_acc~11; {26811#true} is VALID [2022-02-20 18:00:37,079 INFO L290 TraceCheckUtils]: 145: Hoare triple {26811#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {26811#true} is VALID [2022-02-20 18:00:37,079 INFO L290 TraceCheckUtils]: 146: Hoare triple {26811#true} assume true; {26811#true} is VALID [2022-02-20 18:00:37,079 INFO L284 TraceCheckUtils]: 147: Hoare quadruple {26811#true} {26812#false} #1247#return; {26812#false} is VALID [2022-02-20 18:00:37,079 INFO L290 TraceCheckUtils]: 148: Hoare triple {26812#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret78#1 && __utac_acc__SignForward_spec__1_#t~ret78#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~21#1 := __utac_acc__SignForward_spec__1_#t~ret78#1;havoc __utac_acc__SignForward_spec__1_#t~ret78#1; {26812#false} is VALID [2022-02-20 18:00:37,079 INFO L290 TraceCheckUtils]: 149: Hoare triple {26812#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~21#1;assume { :begin_inline___automaton_fail } true; {26812#false} is VALID [2022-02-20 18:00:37,079 INFO L290 TraceCheckUtils]: 150: Hoare triple {26812#false} assume !false; {26812#false} is VALID [2022-02-20 18:00:37,080 INFO L134 CoverageAnalysis]: Checked inductivity of 44 backedges. 14 proven. 0 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 18:00:37,080 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:00:37,080 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [387947271] [2022-02-20 18:00:37,080 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [387947271] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:00:37,080 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:00:37,080 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 18:00:37,080 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [825466342] [2022-02-20 18:00:37,080 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:00:37,081 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 8.636363636363637) internal successors, (95), 8 states have internal predecessors, (95), 4 states have call successors, (21), 6 states have call predecessors, (21), 3 states have return successors, (18), 3 states have call predecessors, (18), 4 states have call successors, (18) Word has length 151 [2022-02-20 18:00:37,081 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:00:37,082 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 8.636363636363637) internal successors, (95), 8 states have internal predecessors, (95), 4 states have call successors, (21), 6 states have call predecessors, (21), 3 states have return successors, (18), 3 states have call predecessors, (18), 4 states have call successors, (18) [2022-02-20 18:00:37,157 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 134 edges. 134 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:37,157 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 18:00:37,157 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:00:37,157 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 18:00:37,157 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:00:37,158 INFO L87 Difference]: Start difference. First operand 493 states and 759 transitions. Second operand has 12 states, 11 states have (on average 8.636363636363637) internal successors, (95), 8 states have internal predecessors, (95), 4 states have call successors, (21), 6 states have call predecessors, (21), 3 states have return successors, (18), 3 states have call predecessors, (18), 4 states have call successors, (18) [2022-02-20 18:00:48,692 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:48,692 INFO L93 Difference]: Finished difference Result 1095 states and 1713 transitions. [2022-02-20 18:00:48,692 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2022-02-20 18:00:48,693 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 8.636363636363637) internal successors, (95), 8 states have internal predecessors, (95), 4 states have call successors, (21), 6 states have call predecessors, (21), 3 states have return successors, (18), 3 states have call predecessors, (18), 4 states have call successors, (18) Word has length 151 [2022-02-20 18:00:48,693 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:00:48,693 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 8.636363636363637) internal successors, (95), 8 states have internal predecessors, (95), 4 states have call successors, (21), 6 states have call predecessors, (21), 3 states have return successors, (18), 3 states have call predecessors, (18), 4 states have call successors, (18) [2022-02-20 18:00:48,704 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1460 transitions. [2022-02-20 18:00:48,705 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 8.636363636363637) internal successors, (95), 8 states have internal predecessors, (95), 4 states have call successors, (21), 6 states have call predecessors, (21), 3 states have return successors, (18), 3 states have call predecessors, (18), 4 states have call successors, (18) [2022-02-20 18:00:48,715 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1460 transitions. [2022-02-20 18:00:48,716 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 1460 transitions. [2022-02-20 18:00:49,945 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1460 edges. 1460 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:49,965 INFO L225 Difference]: With dead ends: 1095 [2022-02-20 18:00:49,965 INFO L226 Difference]: Without dead ends: 629 [2022-02-20 18:00:49,967 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 61 GetRequests, 39 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 71 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=112, Invalid=440, Unknown=0, NotChecked=0, Total=552 [2022-02-20 18:00:49,967 INFO L933 BasicCegarLoop]: 683 mSDtfsCounter, 1681 mSDsluCounter, 1366 mSDsCounter, 0 mSdLazyCounter, 4245 mSolverCounterSat, 616 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 5.5s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1681 SdHoareTripleChecker+Valid, 2049 SdHoareTripleChecker+Invalid, 4861 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 616 IncrementalHoareTripleChecker+Valid, 4245 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 5.5s IncrementalHoareTripleChecker+Time [2022-02-20 18:00:49,967 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1681 Valid, 2049 Invalid, 4861 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [616 Valid, 4245 Invalid, 0 Unknown, 0 Unchecked, 5.5s Time] [2022-02-20 18:00:49,968 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 629 states. [2022-02-20 18:00:50,064 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 629 to 495. [2022-02-20 18:00:50,065 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:00:50,066 INFO L82 GeneralOperation]: Start isEquivalent. First operand 629 states. Second operand has 495 states, 383 states have (on average 1.556135770234987) internal successors, (596), 391 states have internal predecessors, (596), 79 states have call successors, (79), 28 states have call predecessors, (79), 32 states have return successors, (90), 77 states have call predecessors, (90), 78 states have call successors, (90) [2022-02-20 18:00:50,066 INFO L74 IsIncluded]: Start isIncluded. First operand 629 states. Second operand has 495 states, 383 states have (on average 1.556135770234987) internal successors, (596), 391 states have internal predecessors, (596), 79 states have call successors, (79), 28 states have call predecessors, (79), 32 states have return successors, (90), 77 states have call predecessors, (90), 78 states have call successors, (90) [2022-02-20 18:00:50,067 INFO L87 Difference]: Start difference. First operand 629 states. Second operand has 495 states, 383 states have (on average 1.556135770234987) internal successors, (596), 391 states have internal predecessors, (596), 79 states have call successors, (79), 28 states have call predecessors, (79), 32 states have return successors, (90), 77 states have call predecessors, (90), 78 states have call successors, (90) [2022-02-20 18:00:50,085 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:50,086 INFO L93 Difference]: Finished difference Result 629 states and 990 transitions. [2022-02-20 18:00:50,086 INFO L276 IsEmpty]: Start isEmpty. Operand 629 states and 990 transitions. [2022-02-20 18:00:50,088 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:50,089 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:50,090 INFO L74 IsIncluded]: Start isIncluded. First operand has 495 states, 383 states have (on average 1.556135770234987) internal successors, (596), 391 states have internal predecessors, (596), 79 states have call successors, (79), 28 states have call predecessors, (79), 32 states have return successors, (90), 77 states have call predecessors, (90), 78 states have call successors, (90) Second operand 629 states. [2022-02-20 18:00:50,090 INFO L87 Difference]: Start difference. First operand has 495 states, 383 states have (on average 1.556135770234987) internal successors, (596), 391 states have internal predecessors, (596), 79 states have call successors, (79), 28 states have call predecessors, (79), 32 states have return successors, (90), 77 states have call predecessors, (90), 78 states have call successors, (90) Second operand 629 states. [2022-02-20 18:00:50,108 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:50,109 INFO L93 Difference]: Finished difference Result 629 states and 990 transitions. [2022-02-20 18:00:50,109 INFO L276 IsEmpty]: Start isEmpty. Operand 629 states and 990 transitions. [2022-02-20 18:00:50,111 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:50,111 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:50,111 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:00:50,111 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:00:50,112 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 495 states, 383 states have (on average 1.556135770234987) internal successors, (596), 391 states have internal predecessors, (596), 79 states have call successors, (79), 28 states have call predecessors, (79), 32 states have return successors, (90), 77 states have call predecessors, (90), 78 states have call successors, (90) [2022-02-20 18:00:50,126 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 495 states to 495 states and 765 transitions. [2022-02-20 18:00:50,127 INFO L78 Accepts]: Start accepts. Automaton has 495 states and 765 transitions. Word has length 151 [2022-02-20 18:00:50,127 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:00:50,127 INFO L470 AbstractCegarLoop]: Abstraction has 495 states and 765 transitions. [2022-02-20 18:00:50,128 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 12 states, 11 states have (on average 8.636363636363637) internal successors, (95), 8 states have internal predecessors, (95), 4 states have call successors, (21), 6 states have call predecessors, (21), 3 states have return successors, (18), 3 states have call predecessors, (18), 4 states have call successors, (18) [2022-02-20 18:00:50,128 INFO L276 IsEmpty]: Start isEmpty. Operand 495 states and 765 transitions. [2022-02-20 18:00:50,129 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 153 [2022-02-20 18:00:50,129 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:00:50,130 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:00:50,130 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-02-20 18:00:50,130 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:00:50,130 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:00:50,130 INFO L85 PathProgramCache]: Analyzing trace with hash 1324371639, now seen corresponding path program 1 times [2022-02-20 18:00:50,130 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:00:50,131 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [244260848] [2022-02-20 18:00:50,131 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:50,131 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:00:50,157 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:50,185 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:00:50,187 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:50,189 INFO L290 TraceCheckUtils]: 0: Hoare triple {30478#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30393#true} is VALID [2022-02-20 18:00:50,189 INFO L290 TraceCheckUtils]: 1: Hoare triple {30393#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30393#true} is VALID [2022-02-20 18:00:50,189 INFO L290 TraceCheckUtils]: 2: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:50,189 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30393#true} {30393#true} #1279#return; {30393#true} is VALID [2022-02-20 18:00:50,195 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:00:50,196 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:50,198 INFO L290 TraceCheckUtils]: 0: Hoare triple {30479#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {30393#true} is VALID [2022-02-20 18:00:50,198 INFO L290 TraceCheckUtils]: 1: Hoare triple {30393#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {30393#true} is VALID [2022-02-20 18:00:50,198 INFO L290 TraceCheckUtils]: 2: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:50,198 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30393#true} {30393#true} #1281#return; {30393#true} is VALID [2022-02-20 18:00:50,198 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:00:50,200 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:50,212 INFO L290 TraceCheckUtils]: 0: Hoare triple {30478#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30480#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:50,213 INFO L290 TraceCheckUtils]: 1: Hoare triple {30480#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {30480#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:50,213 INFO L290 TraceCheckUtils]: 2: Hoare triple {30480#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {30481#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:50,213 INFO L290 TraceCheckUtils]: 3: Hoare triple {30481#(= 2 |setClientId_#in~handle|)} assume true; {30481#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:50,214 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {30481#(= 2 |setClientId_#in~handle|)} {30403#(= ~rjh~0 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1283#return; {30409#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:00:50,214 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:00:50,215 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:50,217 INFO L290 TraceCheckUtils]: 0: Hoare triple {30479#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {30393#true} is VALID [2022-02-20 18:00:50,217 INFO L290 TraceCheckUtils]: 1: Hoare triple {30393#true} assume !(1 == ~handle); {30393#true} is VALID [2022-02-20 18:00:50,218 INFO L290 TraceCheckUtils]: 2: Hoare triple {30393#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {30393#true} is VALID [2022-02-20 18:00:50,218 INFO L290 TraceCheckUtils]: 3: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:50,218 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {30393#true} {30409#(not (= ~rjh~0 1))} #1285#return; {30409#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:00:50,218 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:00:50,220 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:50,221 INFO L290 TraceCheckUtils]: 0: Hoare triple {30478#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30393#true} is VALID [2022-02-20 18:00:50,222 INFO L290 TraceCheckUtils]: 1: Hoare triple {30393#true} assume !(1 == ~handle); {30393#true} is VALID [2022-02-20 18:00:50,222 INFO L290 TraceCheckUtils]: 2: Hoare triple {30393#true} assume !(2 == ~handle); {30393#true} is VALID [2022-02-20 18:00:50,222 INFO L290 TraceCheckUtils]: 3: Hoare triple {30393#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {30393#true} is VALID [2022-02-20 18:00:50,222 INFO L290 TraceCheckUtils]: 4: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:50,223 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {30393#true} {30409#(not (= ~rjh~0 1))} #1287#return; {30409#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:00:50,223 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:00:50,224 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:50,226 INFO L290 TraceCheckUtils]: 0: Hoare triple {30479#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {30393#true} is VALID [2022-02-20 18:00:50,226 INFO L290 TraceCheckUtils]: 1: Hoare triple {30393#true} assume !(1 == ~handle); {30393#true} is VALID [2022-02-20 18:00:50,227 INFO L290 TraceCheckUtils]: 2: Hoare triple {30393#true} assume !(2 == ~handle); {30393#true} is VALID [2022-02-20 18:00:50,227 INFO L290 TraceCheckUtils]: 3: Hoare triple {30393#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {30393#true} is VALID [2022-02-20 18:00:50,227 INFO L290 TraceCheckUtils]: 4: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:50,228 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {30393#true} {30409#(not (= ~rjh~0 1))} #1289#return; {30409#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:00:50,234 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2022-02-20 18:00:50,235 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:50,237 INFO L290 TraceCheckUtils]: 0: Hoare triple {30482#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {30393#true} is VALID [2022-02-20 18:00:50,237 INFO L290 TraceCheckUtils]: 1: Hoare triple {30393#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {30393#true} is VALID [2022-02-20 18:00:50,237 INFO L290 TraceCheckUtils]: 2: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:50,237 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30393#true} {30394#false} #1221#return; {30394#false} is VALID [2022-02-20 18:00:50,244 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 18:00:50,246 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:50,247 INFO L290 TraceCheckUtils]: 0: Hoare triple {30483#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {30393#true} is VALID [2022-02-20 18:00:50,247 INFO L290 TraceCheckUtils]: 1: Hoare triple {30393#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {30393#true} is VALID [2022-02-20 18:00:50,247 INFO L290 TraceCheckUtils]: 2: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:50,248 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30393#true} {30394#false} #1223#return; {30394#false} is VALID [2022-02-20 18:00:50,248 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 18:00:50,248 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:50,250 INFO L290 TraceCheckUtils]: 0: Hoare triple {30393#true} ~handle := #in~handle;havoc ~retValue_acc~11; {30393#true} is VALID [2022-02-20 18:00:50,250 INFO L290 TraceCheckUtils]: 1: Hoare triple {30393#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {30393#true} is VALID [2022-02-20 18:00:50,250 INFO L290 TraceCheckUtils]: 2: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:50,250 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30393#true} {30394#false} #1201#return; {30394#false} is VALID [2022-02-20 18:00:50,250 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 18:00:50,251 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:50,252 INFO L290 TraceCheckUtils]: 0: Hoare triple {30393#true} ~handle := #in~handle;havoc ~retValue_acc~5; {30393#true} is VALID [2022-02-20 18:00:50,252 INFO L290 TraceCheckUtils]: 1: Hoare triple {30393#true} assume 1 == ~handle;~retValue_acc~5 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~5; {30393#true} is VALID [2022-02-20 18:00:50,252 INFO L290 TraceCheckUtils]: 2: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:50,253 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30393#true} {30394#false} #1203#return; {30394#false} is VALID [2022-02-20 18:00:50,253 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 18:00:50,253 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:50,254 INFO L290 TraceCheckUtils]: 0: Hoare triple {30393#true} ~handle := #in~handle;havoc ~retValue_acc~36; {30393#true} is VALID [2022-02-20 18:00:50,255 INFO L290 TraceCheckUtils]: 1: Hoare triple {30393#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {30393#true} is VALID [2022-02-20 18:00:50,255 INFO L290 TraceCheckUtils]: 2: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:50,255 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30393#true} {30394#false} #1205#return; {30394#false} is VALID [2022-02-20 18:00:50,255 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2022-02-20 18:00:50,256 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:50,257 INFO L290 TraceCheckUtils]: 0: Hoare triple {30393#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~9; {30393#true} is VALID [2022-02-20 18:00:50,257 INFO L290 TraceCheckUtils]: 1: Hoare triple {30393#true} assume 1 == ~handle; {30393#true} is VALID [2022-02-20 18:00:50,257 INFO L290 TraceCheckUtils]: 2: Hoare triple {30393#true} assume 0 == ~index;~retValue_acc~9 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~9; {30393#true} is VALID [2022-02-20 18:00:50,257 INFO L290 TraceCheckUtils]: 3: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:50,258 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {30393#true} {30394#false} #1207#return; {30394#false} is VALID [2022-02-20 18:00:50,258 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 107 [2022-02-20 18:00:50,258 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:50,260 INFO L290 TraceCheckUtils]: 0: Hoare triple {30483#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {30393#true} is VALID [2022-02-20 18:00:50,260 INFO L290 TraceCheckUtils]: 1: Hoare triple {30393#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {30393#true} is VALID [2022-02-20 18:00:50,260 INFO L290 TraceCheckUtils]: 2: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:50,260 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30393#true} {30394#false} #1209#return; {30394#false} is VALID [2022-02-20 18:00:50,260 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 114 [2022-02-20 18:00:50,261 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:50,262 INFO L290 TraceCheckUtils]: 0: Hoare triple {30393#true} ~handle := #in~handle;havoc ~retValue_acc~36; {30393#true} is VALID [2022-02-20 18:00:50,262 INFO L290 TraceCheckUtils]: 1: Hoare triple {30393#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {30393#true} is VALID [2022-02-20 18:00:50,262 INFO L290 TraceCheckUtils]: 2: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:50,263 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30393#true} {30394#false} #1235#return; {30394#false} is VALID [2022-02-20 18:00:50,263 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 120 [2022-02-20 18:00:50,263 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:50,265 INFO L290 TraceCheckUtils]: 0: Hoare triple {30393#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~16; {30393#true} is VALID [2022-02-20 18:00:50,265 INFO L290 TraceCheckUtils]: 1: Hoare triple {30393#true} assume 1 == ~handle; {30393#true} is VALID [2022-02-20 18:00:50,265 INFO L290 TraceCheckUtils]: 2: Hoare triple {30393#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~16 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~16; {30393#true} is VALID [2022-02-20 18:00:50,265 INFO L290 TraceCheckUtils]: 3: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:50,265 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {30393#true} {30394#false} #1237#return; {30394#false} is VALID [2022-02-20 18:00:50,265 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 131 [2022-02-20 18:00:50,266 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:50,267 INFO L290 TraceCheckUtils]: 0: Hoare triple {30482#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {30393#true} is VALID [2022-02-20 18:00:50,267 INFO L290 TraceCheckUtils]: 1: Hoare triple {30393#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {30393#true} is VALID [2022-02-20 18:00:50,268 INFO L290 TraceCheckUtils]: 2: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:50,268 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30393#true} {30394#false} #1243#return; {30394#false} is VALID [2022-02-20 18:00:50,268 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 137 [2022-02-20 18:00:50,269 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:50,270 INFO L290 TraceCheckUtils]: 0: Hoare triple {30393#true} ~handle := #in~handle;havoc ~retValue_acc~41; {30393#true} is VALID [2022-02-20 18:00:50,270 INFO L290 TraceCheckUtils]: 1: Hoare triple {30393#true} assume 1 == ~handle;~retValue_acc~41 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~41; {30393#true} is VALID [2022-02-20 18:00:50,270 INFO L290 TraceCheckUtils]: 2: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:50,270 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30393#true} {30394#false} #1245#return; {30394#false} is VALID [2022-02-20 18:00:50,271 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 144 [2022-02-20 18:00:50,271 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:50,274 INFO L290 TraceCheckUtils]: 0: Hoare triple {30393#true} ~handle := #in~handle;havoc ~retValue_acc~11; {30393#true} is VALID [2022-02-20 18:00:50,274 INFO L290 TraceCheckUtils]: 1: Hoare triple {30393#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {30393#true} is VALID [2022-02-20 18:00:50,274 INFO L290 TraceCheckUtils]: 2: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:50,275 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30393#true} {30394#false} #1247#return; {30394#false} is VALID [2022-02-20 18:00:50,275 INFO L290 TraceCheckUtils]: 0: Hoare triple {30393#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(13, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(34, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(20, 25);call #Ultimate.allocInit(22, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {30393#true} is VALID [2022-02-20 18:00:50,275 INFO L290 TraceCheckUtils]: 1: Hoare triple {30393#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret15#1, main_~retValue_acc~19#1, main_~tmp~3#1;havoc main_~retValue_acc~19#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {30393#true} is VALID [2022-02-20 18:00:50,275 INFO L290 TraceCheckUtils]: 2: Hoare triple {30393#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {30393#true} is VALID [2022-02-20 18:00:50,275 INFO L290 TraceCheckUtils]: 3: Hoare triple {30393#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {30393#true} is VALID [2022-02-20 18:00:50,275 INFO L290 TraceCheckUtils]: 4: Hoare triple {30393#true} main_#t~ret15#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret15#1 && main_#t~ret15#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret15#1;havoc main_#t~ret15#1; {30393#true} is VALID [2022-02-20 18:00:50,275 INFO L290 TraceCheckUtils]: 5: Hoare triple {30393#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet12#1, setup_#t~nondet13#1, setup_#t~nondet14#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {30393#true} is VALID [2022-02-20 18:00:50,276 INFO L272 TraceCheckUtils]: 6: Hoare triple {30393#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {30478#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:50,276 INFO L290 TraceCheckUtils]: 7: Hoare triple {30478#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30393#true} is VALID [2022-02-20 18:00:50,276 INFO L290 TraceCheckUtils]: 8: Hoare triple {30393#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30393#true} is VALID [2022-02-20 18:00:50,276 INFO L290 TraceCheckUtils]: 9: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:50,276 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {30393#true} {30393#true} #1279#return; {30393#true} is VALID [2022-02-20 18:00:50,277 INFO L290 TraceCheckUtils]: 11: Hoare triple {30393#true} assume { :end_inline_setup_bob__wrappee__Base } true; {30393#true} is VALID [2022-02-20 18:00:50,277 INFO L272 TraceCheckUtils]: 12: Hoare triple {30393#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {30479#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:50,277 INFO L290 TraceCheckUtils]: 13: Hoare triple {30479#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {30393#true} is VALID [2022-02-20 18:00:50,277 INFO L290 TraceCheckUtils]: 14: Hoare triple {30393#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {30393#true} is VALID [2022-02-20 18:00:50,277 INFO L290 TraceCheckUtils]: 15: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:50,278 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {30393#true} {30393#true} #1281#return; {30393#true} is VALID [2022-02-20 18:00:50,278 INFO L290 TraceCheckUtils]: 17: Hoare triple {30393#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet12#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {30403#(= ~rjh~0 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 18:00:50,278 INFO L272 TraceCheckUtils]: 18: Hoare triple {30403#(= ~rjh~0 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {30478#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:50,279 INFO L290 TraceCheckUtils]: 19: Hoare triple {30478#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30480#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:50,279 INFO L290 TraceCheckUtils]: 20: Hoare triple {30480#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {30480#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:50,279 INFO L290 TraceCheckUtils]: 21: Hoare triple {30480#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {30481#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:50,280 INFO L290 TraceCheckUtils]: 22: Hoare triple {30481#(= 2 |setClientId_#in~handle|)} assume true; {30481#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:50,280 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {30481#(= 2 |setClientId_#in~handle|)} {30403#(= ~rjh~0 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1283#return; {30409#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:00:50,280 INFO L290 TraceCheckUtils]: 24: Hoare triple {30409#(not (= ~rjh~0 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {30409#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:00:50,281 INFO L272 TraceCheckUtils]: 25: Hoare triple {30409#(not (= ~rjh~0 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {30479#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:50,281 INFO L290 TraceCheckUtils]: 26: Hoare triple {30479#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {30393#true} is VALID [2022-02-20 18:00:50,281 INFO L290 TraceCheckUtils]: 27: Hoare triple {30393#true} assume !(1 == ~handle); {30393#true} is VALID [2022-02-20 18:00:50,281 INFO L290 TraceCheckUtils]: 28: Hoare triple {30393#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {30393#true} is VALID [2022-02-20 18:00:50,281 INFO L290 TraceCheckUtils]: 29: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:50,282 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {30393#true} {30409#(not (= ~rjh~0 1))} #1285#return; {30409#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:00:50,282 INFO L290 TraceCheckUtils]: 31: Hoare triple {30409#(not (= ~rjh~0 1))} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet13#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {30409#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:00:50,283 INFO L272 TraceCheckUtils]: 32: Hoare triple {30409#(not (= ~rjh~0 1))} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {30478#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:50,283 INFO L290 TraceCheckUtils]: 33: Hoare triple {30478#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30393#true} is VALID [2022-02-20 18:00:50,283 INFO L290 TraceCheckUtils]: 34: Hoare triple {30393#true} assume !(1 == ~handle); {30393#true} is VALID [2022-02-20 18:00:50,283 INFO L290 TraceCheckUtils]: 35: Hoare triple {30393#true} assume !(2 == ~handle); {30393#true} is VALID [2022-02-20 18:00:50,283 INFO L290 TraceCheckUtils]: 36: Hoare triple {30393#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {30393#true} is VALID [2022-02-20 18:00:50,283 INFO L290 TraceCheckUtils]: 37: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:50,284 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {30393#true} {30409#(not (= ~rjh~0 1))} #1287#return; {30409#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:00:50,284 INFO L290 TraceCheckUtils]: 39: Hoare triple {30409#(not (= ~rjh~0 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {30409#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:00:50,284 INFO L272 TraceCheckUtils]: 40: Hoare triple {30409#(not (= ~rjh~0 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {30479#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:50,285 INFO L290 TraceCheckUtils]: 41: Hoare triple {30479#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {30393#true} is VALID [2022-02-20 18:00:50,285 INFO L290 TraceCheckUtils]: 42: Hoare triple {30393#true} assume !(1 == ~handle); {30393#true} is VALID [2022-02-20 18:00:50,285 INFO L290 TraceCheckUtils]: 43: Hoare triple {30393#true} assume !(2 == ~handle); {30393#true} is VALID [2022-02-20 18:00:50,285 INFO L290 TraceCheckUtils]: 44: Hoare triple {30393#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {30393#true} is VALID [2022-02-20 18:00:50,285 INFO L290 TraceCheckUtils]: 45: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:50,285 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {30393#true} {30409#(not (= ~rjh~0 1))} #1289#return; {30409#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:00:50,286 INFO L290 TraceCheckUtils]: 47: Hoare triple {30409#(not (= ~rjh~0 1))} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 8, 0;havoc setup_#t~nondet14#1; {30409#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:00:50,286 INFO L290 TraceCheckUtils]: 48: Hoare triple {30409#(not (= ~rjh~0 1))} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_#t~nondet107#1, test_#t~nondet108#1, test_#t~nondet109#1, test_#t~nondet110#1, test_#t~nondet111#1, test_#t~nondet112#1, test_#t~nondet113#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~25#1, test_~tmp___0~10#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~25#1;havoc test_~tmp___0~10#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {30409#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:00:50,286 INFO L290 TraceCheckUtils]: 49: Hoare triple {30409#(not (= ~rjh~0 1))} assume !false; {30409#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:00:50,287 INFO L290 TraceCheckUtils]: 50: Hoare triple {30409#(not (= ~rjh~0 1))} assume test_~splverifierCounter~0#1 < 4; {30409#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:00:50,287 INFO L290 TraceCheckUtils]: 51: Hoare triple {30409#(not (= ~rjh~0 1))} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {30409#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:00:50,287 INFO L290 TraceCheckUtils]: 52: Hoare triple {30409#(not (= ~rjh~0 1))} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet103#1 && test_#t~nondet103#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet103#1;havoc test_#t~nondet103#1; {30409#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:00:50,287 INFO L290 TraceCheckUtils]: 53: Hoare triple {30409#(not (= ~rjh~0 1))} assume !(0 != test_~tmp___9~0#1); {30409#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:00:50,288 INFO L290 TraceCheckUtils]: 54: Hoare triple {30409#(not (= ~rjh~0 1))} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet104#1 && test_#t~nondet104#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet104#1;havoc test_#t~nondet104#1; {30409#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:00:50,288 INFO L290 TraceCheckUtils]: 55: Hoare triple {30409#(not (= ~rjh~0 1))} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {30427#(not (= |ULTIMATE.start_setClientAutoResponse_~handle#1| 1))} is VALID [2022-02-20 18:00:50,288 INFO L290 TraceCheckUtils]: 56: Hoare triple {30427#(not (= |ULTIMATE.start_setClientAutoResponse_~handle#1| 1))} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {30394#false} is VALID [2022-02-20 18:00:50,288 INFO L290 TraceCheckUtils]: 57: Hoare triple {30394#false} assume { :end_inline_setClientAutoResponse } true; {30394#false} is VALID [2022-02-20 18:00:50,289 INFO L290 TraceCheckUtils]: 58: Hoare triple {30394#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {30394#false} is VALID [2022-02-20 18:00:50,289 INFO L290 TraceCheckUtils]: 59: Hoare triple {30394#false} assume !false; {30394#false} is VALID [2022-02-20 18:00:50,289 INFO L290 TraceCheckUtils]: 60: Hoare triple {30394#false} assume !(test_~splverifierCounter~0#1 < 4); {30394#false} is VALID [2022-02-20 18:00:50,289 INFO L290 TraceCheckUtils]: 61: Hoare triple {30394#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_#t~ret10#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret7#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret7#1 && bobToRjh_#t~ret7#1 <= 2147483647;havoc bobToRjh_#t~ret7#1; {30394#false} is VALID [2022-02-20 18:00:50,289 INFO L272 TraceCheckUtils]: 62: Hoare triple {30394#false} call sendEmail(~bob~0, ~rjh~0); {30394#false} is VALID [2022-02-20 18:00:50,289 INFO L290 TraceCheckUtils]: 63: Hoare triple {30394#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {30394#false} is VALID [2022-02-20 18:00:50,289 INFO L272 TraceCheckUtils]: 64: Hoare triple {30394#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {30482#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:50,289 INFO L290 TraceCheckUtils]: 65: Hoare triple {30482#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {30393#true} is VALID [2022-02-20 18:00:50,290 INFO L290 TraceCheckUtils]: 66: Hoare triple {30393#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {30393#true} is VALID [2022-02-20 18:00:50,290 INFO L290 TraceCheckUtils]: 67: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:50,290 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {30393#true} {30394#false} #1221#return; {30394#false} is VALID [2022-02-20 18:00:50,290 INFO L272 TraceCheckUtils]: 69: Hoare triple {30394#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {30483#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:00:50,290 INFO L290 TraceCheckUtils]: 70: Hoare triple {30483#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {30393#true} is VALID [2022-02-20 18:00:50,290 INFO L290 TraceCheckUtils]: 71: Hoare triple {30393#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {30393#true} is VALID [2022-02-20 18:00:50,290 INFO L290 TraceCheckUtils]: 72: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:50,290 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {30393#true} {30394#false} #1223#return; {30394#false} is VALID [2022-02-20 18:00:50,290 INFO L290 TraceCheckUtils]: 74: Hoare triple {30394#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {30394#false} is VALID [2022-02-20 18:00:50,291 INFO L290 TraceCheckUtils]: 75: Hoare triple {30394#false} #t~ret65#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret65#1 && #t~ret65#1 <= 2147483647;~tmp~17#1 := #t~ret65#1;havoc #t~ret65#1;~email~0#1 := ~tmp~17#1; {30394#false} is VALID [2022-02-20 18:00:50,291 INFO L272 TraceCheckUtils]: 76: Hoare triple {30394#false} call outgoing(~sender#1, ~email~0#1); {30394#false} is VALID [2022-02-20 18:00:50,291 INFO L290 TraceCheckUtils]: 77: Hoare triple {30394#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret69#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~19#1; {30394#false} is VALID [2022-02-20 18:00:50,291 INFO L272 TraceCheckUtils]: 78: Hoare triple {30394#false} call sign_#t~ret69#1 := getClientPrivateKey(sign_~client#1); {30393#true} is VALID [2022-02-20 18:00:50,291 INFO L290 TraceCheckUtils]: 79: Hoare triple {30393#true} ~handle := #in~handle;havoc ~retValue_acc~11; {30393#true} is VALID [2022-02-20 18:00:50,291 INFO L290 TraceCheckUtils]: 80: Hoare triple {30393#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {30393#true} is VALID [2022-02-20 18:00:50,291 INFO L290 TraceCheckUtils]: 81: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:50,291 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {30393#true} {30394#false} #1201#return; {30394#false} is VALID [2022-02-20 18:00:50,292 INFO L290 TraceCheckUtils]: 83: Hoare triple {30394#false} assume -2147483648 <= sign_#t~ret69#1 && sign_#t~ret69#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret69#1;havoc sign_#t~ret69#1;sign_~privkey~1#1 := sign_~tmp~19#1; {30394#false} is VALID [2022-02-20 18:00:50,292 INFO L290 TraceCheckUtils]: 84: Hoare triple {30394#false} assume 0 == sign_~privkey~1#1; {30394#false} is VALID [2022-02-20 18:00:50,292 INFO L290 TraceCheckUtils]: 85: Hoare triple {30394#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret52#1, outgoing__wrappee__AddressBook_#t~ret53#1, outgoing__wrappee__AddressBook_#t~ret54#1, outgoing__wrappee__AddressBook_#t~ret55#1, outgoing__wrappee__AddressBook_#t~ret56#1, outgoing__wrappee__AddressBook_#t~ret57#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~13#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~6#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~13#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~6#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {30394#false} is VALID [2022-02-20 18:00:50,292 INFO L272 TraceCheckUtils]: 86: Hoare triple {30394#false} call outgoing__wrappee__AddressBook_#t~ret52#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {30393#true} is VALID [2022-02-20 18:00:50,292 INFO L290 TraceCheckUtils]: 87: Hoare triple {30393#true} ~handle := #in~handle;havoc ~retValue_acc~5; {30393#true} is VALID [2022-02-20 18:00:50,292 INFO L290 TraceCheckUtils]: 88: Hoare triple {30393#true} assume 1 == ~handle;~retValue_acc~5 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~5; {30393#true} is VALID [2022-02-20 18:00:50,292 INFO L290 TraceCheckUtils]: 89: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:50,292 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {30393#true} {30394#false} #1203#return; {30394#false} is VALID [2022-02-20 18:00:50,293 INFO L290 TraceCheckUtils]: 91: Hoare triple {30394#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret52#1 && outgoing__wrappee__AddressBook_#t~ret52#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~13#1 := outgoing__wrappee__AddressBook_#t~ret52#1;havoc outgoing__wrappee__AddressBook_#t~ret52#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~13#1; {30394#false} is VALID [2022-02-20 18:00:50,293 INFO L290 TraceCheckUtils]: 92: Hoare triple {30394#false} assume 0 != outgoing__wrappee__AddressBook_~size~2#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {30394#false} is VALID [2022-02-20 18:00:50,293 INFO L290 TraceCheckUtils]: 93: Hoare triple {30394#false} assume { :end_inline_sendToAddressBook } true;call outgoing__wrappee__AddressBook_#t~ret53#1 := puts(22, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret53#1 && outgoing__wrappee__AddressBook_#t~ret53#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret53#1; {30394#false} is VALID [2022-02-20 18:00:50,293 INFO L272 TraceCheckUtils]: 94: Hoare triple {30394#false} call outgoing__wrappee__AddressBook_#t~ret54#1 := getEmailTo(outgoing__wrappee__AddressBook_~msg#1); {30393#true} is VALID [2022-02-20 18:00:50,293 INFO L290 TraceCheckUtils]: 95: Hoare triple {30393#true} ~handle := #in~handle;havoc ~retValue_acc~36; {30393#true} is VALID [2022-02-20 18:00:50,293 INFO L290 TraceCheckUtils]: 96: Hoare triple {30393#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {30393#true} is VALID [2022-02-20 18:00:50,293 INFO L290 TraceCheckUtils]: 97: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:50,293 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {30393#true} {30394#false} #1205#return; {30394#false} is VALID [2022-02-20 18:00:50,293 INFO L290 TraceCheckUtils]: 99: Hoare triple {30394#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret54#1 && outgoing__wrappee__AddressBook_#t~ret54#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___0~6#1 := outgoing__wrappee__AddressBook_#t~ret54#1;havoc outgoing__wrappee__AddressBook_#t~ret54#1;outgoing__wrappee__AddressBook_~receiver~1#1 := outgoing__wrappee__AddressBook_~tmp___0~6#1;call outgoing__wrappee__AddressBook_#t~ret55#1 := puts(23, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret55#1 && outgoing__wrappee__AddressBook_#t~ret55#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret55#1; {30394#false} is VALID [2022-02-20 18:00:50,294 INFO L272 TraceCheckUtils]: 100: Hoare triple {30394#false} call outgoing__wrappee__AddressBook_#t~ret56#1 := getClientAddressBookAddress(outgoing__wrappee__AddressBook_~client#1, 1); {30393#true} is VALID [2022-02-20 18:00:50,294 INFO L290 TraceCheckUtils]: 101: Hoare triple {30393#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~9; {30393#true} is VALID [2022-02-20 18:00:50,294 INFO L290 TraceCheckUtils]: 102: Hoare triple {30393#true} assume 1 == ~handle; {30393#true} is VALID [2022-02-20 18:00:50,294 INFO L290 TraceCheckUtils]: 103: Hoare triple {30393#true} assume 0 == ~index;~retValue_acc~9 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~9; {30393#true} is VALID [2022-02-20 18:00:50,294 INFO L290 TraceCheckUtils]: 104: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:50,294 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {30393#true} {30394#false} #1207#return; {30394#false} is VALID [2022-02-20 18:00:50,294 INFO L290 TraceCheckUtils]: 106: Hoare triple {30394#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret56#1 && outgoing__wrappee__AddressBook_#t~ret56#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___1~2#1 := outgoing__wrappee__AddressBook_#t~ret56#1;havoc outgoing__wrappee__AddressBook_#t~ret56#1;outgoing__wrappee__AddressBook_~second~0#1 := outgoing__wrappee__AddressBook_~tmp___1~2#1; {30394#false} is VALID [2022-02-20 18:00:50,294 INFO L272 TraceCheckUtils]: 107: Hoare triple {30394#false} call setEmailTo(outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~second~0#1); {30483#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:00:50,295 INFO L290 TraceCheckUtils]: 108: Hoare triple {30483#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {30393#true} is VALID [2022-02-20 18:00:50,295 INFO L290 TraceCheckUtils]: 109: Hoare triple {30393#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {30393#true} is VALID [2022-02-20 18:00:50,295 INFO L290 TraceCheckUtils]: 110: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:50,295 INFO L284 TraceCheckUtils]: 111: Hoare quadruple {30393#true} {30394#false} #1209#return; {30394#false} is VALID [2022-02-20 18:00:50,295 INFO L272 TraceCheckUtils]: 112: Hoare triple {30394#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {30394#false} is VALID [2022-02-20 18:00:50,295 INFO L290 TraceCheckUtils]: 113: Hoare triple {30394#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~12#1;havoc ~pubkey~0#1;havoc ~tmp___0~5#1; {30394#false} is VALID [2022-02-20 18:00:50,295 INFO L272 TraceCheckUtils]: 114: Hoare triple {30394#false} call #t~ret50#1 := getEmailTo(~msg#1); {30393#true} is VALID [2022-02-20 18:00:50,295 INFO L290 TraceCheckUtils]: 115: Hoare triple {30393#true} ~handle := #in~handle;havoc ~retValue_acc~36; {30393#true} is VALID [2022-02-20 18:00:50,295 INFO L290 TraceCheckUtils]: 116: Hoare triple {30393#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {30393#true} is VALID [2022-02-20 18:00:50,296 INFO L290 TraceCheckUtils]: 117: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:50,296 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {30393#true} {30394#false} #1235#return; {30394#false} is VALID [2022-02-20 18:00:50,296 INFO L290 TraceCheckUtils]: 119: Hoare triple {30394#false} assume -2147483648 <= #t~ret50#1 && #t~ret50#1 <= 2147483647;~tmp~12#1 := #t~ret50#1;havoc #t~ret50#1;~receiver~0#1 := ~tmp~12#1; {30394#false} is VALID [2022-02-20 18:00:50,296 INFO L272 TraceCheckUtils]: 120: Hoare triple {30394#false} call #t~ret51#1 := findPublicKey(~client#1, ~receiver~0#1); {30393#true} is VALID [2022-02-20 18:00:50,296 INFO L290 TraceCheckUtils]: 121: Hoare triple {30393#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~16; {30393#true} is VALID [2022-02-20 18:00:50,296 INFO L290 TraceCheckUtils]: 122: Hoare triple {30393#true} assume 1 == ~handle; {30393#true} is VALID [2022-02-20 18:00:50,296 INFO L290 TraceCheckUtils]: 123: Hoare triple {30393#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~16 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~16; {30393#true} is VALID [2022-02-20 18:00:50,296 INFO L290 TraceCheckUtils]: 124: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:50,297 INFO L284 TraceCheckUtils]: 125: Hoare quadruple {30393#true} {30394#false} #1237#return; {30394#false} is VALID [2022-02-20 18:00:50,297 INFO L290 TraceCheckUtils]: 126: Hoare triple {30394#false} assume -2147483648 <= #t~ret51#1 && #t~ret51#1 <= 2147483647;~tmp___0~5#1 := #t~ret51#1;havoc #t~ret51#1;~pubkey~0#1 := ~tmp___0~5#1; {30394#false} is VALID [2022-02-20 18:00:50,297 INFO L290 TraceCheckUtils]: 127: Hoare triple {30394#false} assume !(0 != ~pubkey~0#1); {30394#false} is VALID [2022-02-20 18:00:50,297 INFO L290 TraceCheckUtils]: 128: Hoare triple {30394#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret49#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~11#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~11#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~18#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~18#1; {30394#false} is VALID [2022-02-20 18:00:50,297 INFO L290 TraceCheckUtils]: 129: Hoare triple {30394#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~18#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~18#1; {30394#false} is VALID [2022-02-20 18:00:50,297 INFO L290 TraceCheckUtils]: 130: Hoare triple {30394#false} outgoing__wrappee__Keys_#t~ret49#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret49#1 && outgoing__wrappee__Keys_#t~ret49#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~11#1 := outgoing__wrappee__Keys_#t~ret49#1;havoc outgoing__wrappee__Keys_#t~ret49#1; {30394#false} is VALID [2022-02-20 18:00:50,297 INFO L272 TraceCheckUtils]: 131: Hoare triple {30394#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~11#1); {30482#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:50,297 INFO L290 TraceCheckUtils]: 132: Hoare triple {30482#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {30393#true} is VALID [2022-02-20 18:00:50,298 INFO L290 TraceCheckUtils]: 133: Hoare triple {30393#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {30393#true} is VALID [2022-02-20 18:00:50,298 INFO L290 TraceCheckUtils]: 134: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:50,298 INFO L284 TraceCheckUtils]: 135: Hoare quadruple {30393#true} {30394#false} #1243#return; {30394#false} is VALID [2022-02-20 18:00:50,298 INFO L290 TraceCheckUtils]: 136: Hoare triple {30394#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret47#1, mail_#t~ret48#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~10#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~10#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret76#1, __utac_acc__SignForward_spec__1_#t~ret77#1, __utac_acc__SignForward_spec__1_#t~ret78#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~21#1, __utac_acc__SignForward_spec__1_~tmp___0~9#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~21#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~9#1;call __utac_acc__SignForward_spec__1_#t~ret76#1 := puts(27, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret76#1 && __utac_acc__SignForward_spec__1_#t~ret76#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret76#1; {30394#false} is VALID [2022-02-20 18:00:50,298 INFO L272 TraceCheckUtils]: 137: Hoare triple {30394#false} call __utac_acc__SignForward_spec__1_#t~ret77#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {30393#true} is VALID [2022-02-20 18:00:50,298 INFO L290 TraceCheckUtils]: 138: Hoare triple {30393#true} ~handle := #in~handle;havoc ~retValue_acc~41; {30393#true} is VALID [2022-02-20 18:00:50,298 INFO L290 TraceCheckUtils]: 139: Hoare triple {30393#true} assume 1 == ~handle;~retValue_acc~41 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~41; {30393#true} is VALID [2022-02-20 18:00:50,298 INFO L290 TraceCheckUtils]: 140: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:50,298 INFO L284 TraceCheckUtils]: 141: Hoare quadruple {30393#true} {30394#false} #1245#return; {30394#false} is VALID [2022-02-20 18:00:50,299 INFO L290 TraceCheckUtils]: 142: Hoare triple {30394#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret77#1 && __utac_acc__SignForward_spec__1_#t~ret77#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~9#1 := __utac_acc__SignForward_spec__1_#t~ret77#1;havoc __utac_acc__SignForward_spec__1_#t~ret77#1; {30394#false} is VALID [2022-02-20 18:00:50,299 INFO L290 TraceCheckUtils]: 143: Hoare triple {30394#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~9#1; {30394#false} is VALID [2022-02-20 18:00:50,299 INFO L272 TraceCheckUtils]: 144: Hoare triple {30394#false} call __utac_acc__SignForward_spec__1_#t~ret78#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {30393#true} is VALID [2022-02-20 18:00:50,299 INFO L290 TraceCheckUtils]: 145: Hoare triple {30393#true} ~handle := #in~handle;havoc ~retValue_acc~11; {30393#true} is VALID [2022-02-20 18:00:50,299 INFO L290 TraceCheckUtils]: 146: Hoare triple {30393#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {30393#true} is VALID [2022-02-20 18:00:50,299 INFO L290 TraceCheckUtils]: 147: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:50,299 INFO L284 TraceCheckUtils]: 148: Hoare quadruple {30393#true} {30394#false} #1247#return; {30394#false} is VALID [2022-02-20 18:00:50,299 INFO L290 TraceCheckUtils]: 149: Hoare triple {30394#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret78#1 && __utac_acc__SignForward_spec__1_#t~ret78#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~21#1 := __utac_acc__SignForward_spec__1_#t~ret78#1;havoc __utac_acc__SignForward_spec__1_#t~ret78#1; {30394#false} is VALID [2022-02-20 18:00:50,300 INFO L290 TraceCheckUtils]: 150: Hoare triple {30394#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~21#1;assume { :begin_inline___automaton_fail } true; {30394#false} is VALID [2022-02-20 18:00:50,300 INFO L290 TraceCheckUtils]: 151: Hoare triple {30394#false} assume !false; {30394#false} is VALID [2022-02-20 18:00:50,300 INFO L134 CoverageAnalysis]: Checked inductivity of 44 backedges. 5 proven. 4 refuted. 0 times theorem prover too weak. 35 trivial. 0 not checked. [2022-02-20 18:00:50,300 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:00:50,300 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [244260848] [2022-02-20 18:00:50,300 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [244260848] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:00:50,301 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1234235769] [2022-02-20 18:00:50,301 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:50,301 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:00:50,301 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:00:50,302 INFO L229 MonitoredProcess]: Starting monitored process 7 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:00:50,303 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (7)] Waiting until timeout for monitored process [2022-02-20 18:00:50,526 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:50,530 INFO L263 TraceCheckSpWp]: Trace formula consists of 1274 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 18:00:50,570 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:50,572 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:00:50,865 INFO L290 TraceCheckUtils]: 0: Hoare triple {30393#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(13, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(34, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(20, 25);call #Ultimate.allocInit(22, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {30393#true} is VALID [2022-02-20 18:00:50,865 INFO L290 TraceCheckUtils]: 1: Hoare triple {30393#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret15#1, main_~retValue_acc~19#1, main_~tmp~3#1;havoc main_~retValue_acc~19#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {30393#true} is VALID [2022-02-20 18:00:50,866 INFO L290 TraceCheckUtils]: 2: Hoare triple {30393#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {30393#true} is VALID [2022-02-20 18:00:50,866 INFO L290 TraceCheckUtils]: 3: Hoare triple {30393#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {30393#true} is VALID [2022-02-20 18:00:50,866 INFO L290 TraceCheckUtils]: 4: Hoare triple {30393#true} main_#t~ret15#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret15#1 && main_#t~ret15#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret15#1;havoc main_#t~ret15#1; {30393#true} is VALID [2022-02-20 18:00:50,866 INFO L290 TraceCheckUtils]: 5: Hoare triple {30393#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet12#1, setup_#t~nondet13#1, setup_#t~nondet14#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {30393#true} is VALID [2022-02-20 18:00:50,866 INFO L272 TraceCheckUtils]: 6: Hoare triple {30393#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {30393#true} is VALID [2022-02-20 18:00:50,866 INFO L290 TraceCheckUtils]: 7: Hoare triple {30393#true} ~handle := #in~handle;~value := #in~value; {30393#true} is VALID [2022-02-20 18:00:50,866 INFO L290 TraceCheckUtils]: 8: Hoare triple {30393#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30393#true} is VALID [2022-02-20 18:00:50,866 INFO L290 TraceCheckUtils]: 9: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:50,866 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {30393#true} {30393#true} #1279#return; {30393#true} is VALID [2022-02-20 18:00:50,866 INFO L290 TraceCheckUtils]: 11: Hoare triple {30393#true} assume { :end_inline_setup_bob__wrappee__Base } true; {30393#true} is VALID [2022-02-20 18:00:50,866 INFO L272 TraceCheckUtils]: 12: Hoare triple {30393#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {30393#true} is VALID [2022-02-20 18:00:50,866 INFO L290 TraceCheckUtils]: 13: Hoare triple {30393#true} ~handle := #in~handle;~value := #in~value; {30393#true} is VALID [2022-02-20 18:00:50,866 INFO L290 TraceCheckUtils]: 14: Hoare triple {30393#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {30393#true} is VALID [2022-02-20 18:00:50,866 INFO L290 TraceCheckUtils]: 15: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:50,866 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {30393#true} {30393#true} #1281#return; {30393#true} is VALID [2022-02-20 18:00:50,867 INFO L290 TraceCheckUtils]: 17: Hoare triple {30393#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet12#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {30393#true} is VALID [2022-02-20 18:00:50,867 INFO L272 TraceCheckUtils]: 18: Hoare triple {30393#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {30393#true} is VALID [2022-02-20 18:00:50,867 INFO L290 TraceCheckUtils]: 19: Hoare triple {30393#true} ~handle := #in~handle;~value := #in~value; {30393#true} is VALID [2022-02-20 18:00:50,867 INFO L290 TraceCheckUtils]: 20: Hoare triple {30393#true} assume !(1 == ~handle); {30393#true} is VALID [2022-02-20 18:00:50,867 INFO L290 TraceCheckUtils]: 21: Hoare triple {30393#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {30393#true} is VALID [2022-02-20 18:00:50,867 INFO L290 TraceCheckUtils]: 22: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:50,867 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {30393#true} {30393#true} #1283#return; {30393#true} is VALID [2022-02-20 18:00:50,867 INFO L290 TraceCheckUtils]: 24: Hoare triple {30393#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {30393#true} is VALID [2022-02-20 18:00:50,868 INFO L272 TraceCheckUtils]: 25: Hoare triple {30393#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {30393#true} is VALID [2022-02-20 18:00:50,868 INFO L290 TraceCheckUtils]: 26: Hoare triple {30393#true} ~handle := #in~handle;~value := #in~value; {30393#true} is VALID [2022-02-20 18:00:50,868 INFO L290 TraceCheckUtils]: 27: Hoare triple {30393#true} assume !(1 == ~handle); {30393#true} is VALID [2022-02-20 18:00:50,868 INFO L290 TraceCheckUtils]: 28: Hoare triple {30393#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {30393#true} is VALID [2022-02-20 18:00:50,868 INFO L290 TraceCheckUtils]: 29: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:50,868 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {30393#true} {30393#true} #1285#return; {30393#true} is VALID [2022-02-20 18:00:50,868 INFO L290 TraceCheckUtils]: 31: Hoare triple {30393#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet13#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {30393#true} is VALID [2022-02-20 18:00:50,868 INFO L272 TraceCheckUtils]: 32: Hoare triple {30393#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {30393#true} is VALID [2022-02-20 18:00:50,869 INFO L290 TraceCheckUtils]: 33: Hoare triple {30393#true} ~handle := #in~handle;~value := #in~value; {30393#true} is VALID [2022-02-20 18:00:50,869 INFO L290 TraceCheckUtils]: 34: Hoare triple {30393#true} assume !(1 == ~handle); {30393#true} is VALID [2022-02-20 18:00:50,869 INFO L290 TraceCheckUtils]: 35: Hoare triple {30393#true} assume !(2 == ~handle); {30393#true} is VALID [2022-02-20 18:00:50,869 INFO L290 TraceCheckUtils]: 36: Hoare triple {30393#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {30393#true} is VALID [2022-02-20 18:00:50,869 INFO L290 TraceCheckUtils]: 37: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:50,869 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {30393#true} {30393#true} #1287#return; {30393#true} is VALID [2022-02-20 18:00:50,869 INFO L290 TraceCheckUtils]: 39: Hoare triple {30393#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {30393#true} is VALID [2022-02-20 18:00:50,869 INFO L272 TraceCheckUtils]: 40: Hoare triple {30393#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {30393#true} is VALID [2022-02-20 18:00:50,869 INFO L290 TraceCheckUtils]: 41: Hoare triple {30393#true} ~handle := #in~handle;~value := #in~value; {30393#true} is VALID [2022-02-20 18:00:50,870 INFO L290 TraceCheckUtils]: 42: Hoare triple {30393#true} assume !(1 == ~handle); {30393#true} is VALID [2022-02-20 18:00:50,870 INFO L290 TraceCheckUtils]: 43: Hoare triple {30393#true} assume !(2 == ~handle); {30393#true} is VALID [2022-02-20 18:00:50,870 INFO L290 TraceCheckUtils]: 44: Hoare triple {30393#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {30393#true} is VALID [2022-02-20 18:00:50,870 INFO L290 TraceCheckUtils]: 45: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:50,870 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {30393#true} {30393#true} #1289#return; {30393#true} is VALID [2022-02-20 18:00:50,870 INFO L290 TraceCheckUtils]: 47: Hoare triple {30393#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 8, 0;havoc setup_#t~nondet14#1; {30393#true} is VALID [2022-02-20 18:00:50,871 INFO L290 TraceCheckUtils]: 48: Hoare triple {30393#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_#t~nondet107#1, test_#t~nondet108#1, test_#t~nondet109#1, test_#t~nondet110#1, test_#t~nondet111#1, test_#t~nondet112#1, test_#t~nondet113#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~25#1, test_~tmp___0~10#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~25#1;havoc test_~tmp___0~10#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {30631#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:00:50,871 INFO L290 TraceCheckUtils]: 49: Hoare triple {30631#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {30631#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:00:50,871 INFO L290 TraceCheckUtils]: 50: Hoare triple {30631#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {30631#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:00:50,872 INFO L290 TraceCheckUtils]: 51: Hoare triple {30631#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {30641#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:00:50,872 INFO L290 TraceCheckUtils]: 52: Hoare triple {30641#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet103#1 && test_#t~nondet103#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet103#1;havoc test_#t~nondet103#1; {30641#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:00:50,872 INFO L290 TraceCheckUtils]: 53: Hoare triple {30641#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(0 != test_~tmp___9~0#1); {30641#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:00:50,873 INFO L290 TraceCheckUtils]: 54: Hoare triple {30641#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet104#1 && test_#t~nondet104#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet104#1;havoc test_#t~nondet104#1; {30641#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:00:50,873 INFO L290 TraceCheckUtils]: 55: Hoare triple {30641#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {30641#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:00:50,873 INFO L290 TraceCheckUtils]: 56: Hoare triple {30641#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {30641#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:00:50,874 INFO L290 TraceCheckUtils]: 57: Hoare triple {30641#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume { :end_inline_setClientAutoResponse } true; {30641#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:00:50,874 INFO L290 TraceCheckUtils]: 58: Hoare triple {30641#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {30641#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:00:50,874 INFO L290 TraceCheckUtils]: 59: Hoare triple {30641#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !false; {30641#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:00:50,875 INFO L290 TraceCheckUtils]: 60: Hoare triple {30641#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(test_~splverifierCounter~0#1 < 4); {30394#false} is VALID [2022-02-20 18:00:50,875 INFO L290 TraceCheckUtils]: 61: Hoare triple {30394#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_#t~ret10#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret7#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret7#1 && bobToRjh_#t~ret7#1 <= 2147483647;havoc bobToRjh_#t~ret7#1; {30394#false} is VALID [2022-02-20 18:00:50,875 INFO L272 TraceCheckUtils]: 62: Hoare triple {30394#false} call sendEmail(~bob~0, ~rjh~0); {30394#false} is VALID [2022-02-20 18:00:50,875 INFO L290 TraceCheckUtils]: 63: Hoare triple {30394#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {30394#false} is VALID [2022-02-20 18:00:50,875 INFO L272 TraceCheckUtils]: 64: Hoare triple {30394#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {30394#false} is VALID [2022-02-20 18:00:50,875 INFO L290 TraceCheckUtils]: 65: Hoare triple {30394#false} ~handle := #in~handle;~value := #in~value; {30394#false} is VALID [2022-02-20 18:00:50,875 INFO L290 TraceCheckUtils]: 66: Hoare triple {30394#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {30394#false} is VALID [2022-02-20 18:00:50,875 INFO L290 TraceCheckUtils]: 67: Hoare triple {30394#false} assume true; {30394#false} is VALID [2022-02-20 18:00:50,876 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {30394#false} {30394#false} #1221#return; {30394#false} is VALID [2022-02-20 18:00:50,876 INFO L272 TraceCheckUtils]: 69: Hoare triple {30394#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {30394#false} is VALID [2022-02-20 18:00:50,876 INFO L290 TraceCheckUtils]: 70: Hoare triple {30394#false} ~handle := #in~handle;~value := #in~value; {30394#false} is VALID [2022-02-20 18:00:50,876 INFO L290 TraceCheckUtils]: 71: Hoare triple {30394#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {30394#false} is VALID [2022-02-20 18:00:50,876 INFO L290 TraceCheckUtils]: 72: Hoare triple {30394#false} assume true; {30394#false} is VALID [2022-02-20 18:00:50,876 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {30394#false} {30394#false} #1223#return; {30394#false} is VALID [2022-02-20 18:00:50,876 INFO L290 TraceCheckUtils]: 74: Hoare triple {30394#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {30394#false} is VALID [2022-02-20 18:00:50,876 INFO L290 TraceCheckUtils]: 75: Hoare triple {30394#false} #t~ret65#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret65#1 && #t~ret65#1 <= 2147483647;~tmp~17#1 := #t~ret65#1;havoc #t~ret65#1;~email~0#1 := ~tmp~17#1; {30394#false} is VALID [2022-02-20 18:00:50,876 INFO L272 TraceCheckUtils]: 76: Hoare triple {30394#false} call outgoing(~sender#1, ~email~0#1); {30394#false} is VALID [2022-02-20 18:00:50,877 INFO L290 TraceCheckUtils]: 77: Hoare triple {30394#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret69#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~19#1; {30394#false} is VALID [2022-02-20 18:00:50,877 INFO L272 TraceCheckUtils]: 78: Hoare triple {30394#false} call sign_#t~ret69#1 := getClientPrivateKey(sign_~client#1); {30394#false} is VALID [2022-02-20 18:00:50,877 INFO L290 TraceCheckUtils]: 79: Hoare triple {30394#false} ~handle := #in~handle;havoc ~retValue_acc~11; {30394#false} is VALID [2022-02-20 18:00:50,877 INFO L290 TraceCheckUtils]: 80: Hoare triple {30394#false} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {30394#false} is VALID [2022-02-20 18:00:50,877 INFO L290 TraceCheckUtils]: 81: Hoare triple {30394#false} assume true; {30394#false} is VALID [2022-02-20 18:00:50,877 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {30394#false} {30394#false} #1201#return; {30394#false} is VALID [2022-02-20 18:00:50,877 INFO L290 TraceCheckUtils]: 83: Hoare triple {30394#false} assume -2147483648 <= sign_#t~ret69#1 && sign_#t~ret69#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret69#1;havoc sign_#t~ret69#1;sign_~privkey~1#1 := sign_~tmp~19#1; {30394#false} is VALID [2022-02-20 18:00:50,877 INFO L290 TraceCheckUtils]: 84: Hoare triple {30394#false} assume 0 == sign_~privkey~1#1; {30394#false} is VALID [2022-02-20 18:00:50,878 INFO L290 TraceCheckUtils]: 85: Hoare triple {30394#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret52#1, outgoing__wrappee__AddressBook_#t~ret53#1, outgoing__wrappee__AddressBook_#t~ret54#1, outgoing__wrappee__AddressBook_#t~ret55#1, outgoing__wrappee__AddressBook_#t~ret56#1, outgoing__wrappee__AddressBook_#t~ret57#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~13#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~6#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~13#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~6#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {30394#false} is VALID [2022-02-20 18:00:50,878 INFO L272 TraceCheckUtils]: 86: Hoare triple {30394#false} call outgoing__wrappee__AddressBook_#t~ret52#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {30394#false} is VALID [2022-02-20 18:00:50,878 INFO L290 TraceCheckUtils]: 87: Hoare triple {30394#false} ~handle := #in~handle;havoc ~retValue_acc~5; {30394#false} is VALID [2022-02-20 18:00:50,878 INFO L290 TraceCheckUtils]: 88: Hoare triple {30394#false} assume 1 == ~handle;~retValue_acc~5 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~5; {30394#false} is VALID [2022-02-20 18:00:50,878 INFO L290 TraceCheckUtils]: 89: Hoare triple {30394#false} assume true; {30394#false} is VALID [2022-02-20 18:00:50,878 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {30394#false} {30394#false} #1203#return; {30394#false} is VALID [2022-02-20 18:00:50,878 INFO L290 TraceCheckUtils]: 91: Hoare triple {30394#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret52#1 && outgoing__wrappee__AddressBook_#t~ret52#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~13#1 := outgoing__wrappee__AddressBook_#t~ret52#1;havoc outgoing__wrappee__AddressBook_#t~ret52#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~13#1; {30394#false} is VALID [2022-02-20 18:00:50,878 INFO L290 TraceCheckUtils]: 92: Hoare triple {30394#false} assume 0 != outgoing__wrappee__AddressBook_~size~2#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {30394#false} is VALID [2022-02-20 18:00:50,879 INFO L290 TraceCheckUtils]: 93: Hoare triple {30394#false} assume { :end_inline_sendToAddressBook } true;call outgoing__wrappee__AddressBook_#t~ret53#1 := puts(22, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret53#1 && outgoing__wrappee__AddressBook_#t~ret53#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret53#1; {30394#false} is VALID [2022-02-20 18:00:50,879 INFO L272 TraceCheckUtils]: 94: Hoare triple {30394#false} call outgoing__wrappee__AddressBook_#t~ret54#1 := getEmailTo(outgoing__wrappee__AddressBook_~msg#1); {30394#false} is VALID [2022-02-20 18:00:50,879 INFO L290 TraceCheckUtils]: 95: Hoare triple {30394#false} ~handle := #in~handle;havoc ~retValue_acc~36; {30394#false} is VALID [2022-02-20 18:00:50,879 INFO L290 TraceCheckUtils]: 96: Hoare triple {30394#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {30394#false} is VALID [2022-02-20 18:00:50,879 INFO L290 TraceCheckUtils]: 97: Hoare triple {30394#false} assume true; {30394#false} is VALID [2022-02-20 18:00:50,879 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {30394#false} {30394#false} #1205#return; {30394#false} is VALID [2022-02-20 18:00:50,879 INFO L290 TraceCheckUtils]: 99: Hoare triple {30394#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret54#1 && outgoing__wrappee__AddressBook_#t~ret54#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___0~6#1 := outgoing__wrappee__AddressBook_#t~ret54#1;havoc outgoing__wrappee__AddressBook_#t~ret54#1;outgoing__wrappee__AddressBook_~receiver~1#1 := outgoing__wrappee__AddressBook_~tmp___0~6#1;call outgoing__wrappee__AddressBook_#t~ret55#1 := puts(23, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret55#1 && outgoing__wrappee__AddressBook_#t~ret55#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret55#1; {30394#false} is VALID [2022-02-20 18:00:50,879 INFO L272 TraceCheckUtils]: 100: Hoare triple {30394#false} call outgoing__wrappee__AddressBook_#t~ret56#1 := getClientAddressBookAddress(outgoing__wrappee__AddressBook_~client#1, 1); {30394#false} is VALID [2022-02-20 18:00:50,880 INFO L290 TraceCheckUtils]: 101: Hoare triple {30394#false} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~9; {30394#false} is VALID [2022-02-20 18:00:50,880 INFO L290 TraceCheckUtils]: 102: Hoare triple {30394#false} assume 1 == ~handle; {30394#false} is VALID [2022-02-20 18:00:50,880 INFO L290 TraceCheckUtils]: 103: Hoare triple {30394#false} assume 0 == ~index;~retValue_acc~9 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~9; {30394#false} is VALID [2022-02-20 18:00:50,880 INFO L290 TraceCheckUtils]: 104: Hoare triple {30394#false} assume true; {30394#false} is VALID [2022-02-20 18:00:50,880 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {30394#false} {30394#false} #1207#return; {30394#false} is VALID [2022-02-20 18:00:50,880 INFO L290 TraceCheckUtils]: 106: Hoare triple {30394#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret56#1 && outgoing__wrappee__AddressBook_#t~ret56#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___1~2#1 := outgoing__wrappee__AddressBook_#t~ret56#1;havoc outgoing__wrappee__AddressBook_#t~ret56#1;outgoing__wrappee__AddressBook_~second~0#1 := outgoing__wrappee__AddressBook_~tmp___1~2#1; {30394#false} is VALID [2022-02-20 18:00:50,880 INFO L272 TraceCheckUtils]: 107: Hoare triple {30394#false} call setEmailTo(outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~second~0#1); {30394#false} is VALID [2022-02-20 18:00:50,880 INFO L290 TraceCheckUtils]: 108: Hoare triple {30394#false} ~handle := #in~handle;~value := #in~value; {30394#false} is VALID [2022-02-20 18:00:50,880 INFO L290 TraceCheckUtils]: 109: Hoare triple {30394#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {30394#false} is VALID [2022-02-20 18:00:50,881 INFO L290 TraceCheckUtils]: 110: Hoare triple {30394#false} assume true; {30394#false} is VALID [2022-02-20 18:00:50,881 INFO L284 TraceCheckUtils]: 111: Hoare quadruple {30394#false} {30394#false} #1209#return; {30394#false} is VALID [2022-02-20 18:00:50,881 INFO L272 TraceCheckUtils]: 112: Hoare triple {30394#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {30394#false} is VALID [2022-02-20 18:00:50,881 INFO L290 TraceCheckUtils]: 113: Hoare triple {30394#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~12#1;havoc ~pubkey~0#1;havoc ~tmp___0~5#1; {30394#false} is VALID [2022-02-20 18:00:50,881 INFO L272 TraceCheckUtils]: 114: Hoare triple {30394#false} call #t~ret50#1 := getEmailTo(~msg#1); {30394#false} is VALID [2022-02-20 18:00:50,881 INFO L290 TraceCheckUtils]: 115: Hoare triple {30394#false} ~handle := #in~handle;havoc ~retValue_acc~36; {30394#false} is VALID [2022-02-20 18:00:50,881 INFO L290 TraceCheckUtils]: 116: Hoare triple {30394#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {30394#false} is VALID [2022-02-20 18:00:50,881 INFO L290 TraceCheckUtils]: 117: Hoare triple {30394#false} assume true; {30394#false} is VALID [2022-02-20 18:00:50,882 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {30394#false} {30394#false} #1235#return; {30394#false} is VALID [2022-02-20 18:00:50,882 INFO L290 TraceCheckUtils]: 119: Hoare triple {30394#false} assume -2147483648 <= #t~ret50#1 && #t~ret50#1 <= 2147483647;~tmp~12#1 := #t~ret50#1;havoc #t~ret50#1;~receiver~0#1 := ~tmp~12#1; {30394#false} is VALID [2022-02-20 18:00:50,882 INFO L272 TraceCheckUtils]: 120: Hoare triple {30394#false} call #t~ret51#1 := findPublicKey(~client#1, ~receiver~0#1); {30394#false} is VALID [2022-02-20 18:00:50,882 INFO L290 TraceCheckUtils]: 121: Hoare triple {30394#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~16; {30394#false} is VALID [2022-02-20 18:00:50,882 INFO L290 TraceCheckUtils]: 122: Hoare triple {30394#false} assume 1 == ~handle; {30394#false} is VALID [2022-02-20 18:00:50,882 INFO L290 TraceCheckUtils]: 123: Hoare triple {30394#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~16 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~16; {30394#false} is VALID [2022-02-20 18:00:50,882 INFO L290 TraceCheckUtils]: 124: Hoare triple {30394#false} assume true; {30394#false} is VALID [2022-02-20 18:00:50,882 INFO L284 TraceCheckUtils]: 125: Hoare quadruple {30394#false} {30394#false} #1237#return; {30394#false} is VALID [2022-02-20 18:00:50,883 INFO L290 TraceCheckUtils]: 126: Hoare triple {30394#false} assume -2147483648 <= #t~ret51#1 && #t~ret51#1 <= 2147483647;~tmp___0~5#1 := #t~ret51#1;havoc #t~ret51#1;~pubkey~0#1 := ~tmp___0~5#1; {30394#false} is VALID [2022-02-20 18:00:50,883 INFO L290 TraceCheckUtils]: 127: Hoare triple {30394#false} assume !(0 != ~pubkey~0#1); {30394#false} is VALID [2022-02-20 18:00:50,883 INFO L290 TraceCheckUtils]: 128: Hoare triple {30394#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret49#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~11#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~11#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~18#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~18#1; {30394#false} is VALID [2022-02-20 18:00:50,883 INFO L290 TraceCheckUtils]: 129: Hoare triple {30394#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~18#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~18#1; {30394#false} is VALID [2022-02-20 18:00:50,883 INFO L290 TraceCheckUtils]: 130: Hoare triple {30394#false} outgoing__wrappee__Keys_#t~ret49#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret49#1 && outgoing__wrappee__Keys_#t~ret49#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~11#1 := outgoing__wrappee__Keys_#t~ret49#1;havoc outgoing__wrappee__Keys_#t~ret49#1; {30394#false} is VALID [2022-02-20 18:00:50,883 INFO L272 TraceCheckUtils]: 131: Hoare triple {30394#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~11#1); {30394#false} is VALID [2022-02-20 18:00:50,883 INFO L290 TraceCheckUtils]: 132: Hoare triple {30394#false} ~handle := #in~handle;~value := #in~value; {30394#false} is VALID [2022-02-20 18:00:50,883 INFO L290 TraceCheckUtils]: 133: Hoare triple {30394#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {30394#false} is VALID [2022-02-20 18:00:50,883 INFO L290 TraceCheckUtils]: 134: Hoare triple {30394#false} assume true; {30394#false} is VALID [2022-02-20 18:00:50,884 INFO L284 TraceCheckUtils]: 135: Hoare quadruple {30394#false} {30394#false} #1243#return; {30394#false} is VALID [2022-02-20 18:00:50,884 INFO L290 TraceCheckUtils]: 136: Hoare triple {30394#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret47#1, mail_#t~ret48#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~10#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~10#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret76#1, __utac_acc__SignForward_spec__1_#t~ret77#1, __utac_acc__SignForward_spec__1_#t~ret78#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~21#1, __utac_acc__SignForward_spec__1_~tmp___0~9#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~21#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~9#1;call __utac_acc__SignForward_spec__1_#t~ret76#1 := puts(27, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret76#1 && __utac_acc__SignForward_spec__1_#t~ret76#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret76#1; {30394#false} is VALID [2022-02-20 18:00:50,884 INFO L272 TraceCheckUtils]: 137: Hoare triple {30394#false} call __utac_acc__SignForward_spec__1_#t~ret77#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {30394#false} is VALID [2022-02-20 18:00:50,884 INFO L290 TraceCheckUtils]: 138: Hoare triple {30394#false} ~handle := #in~handle;havoc ~retValue_acc~41; {30394#false} is VALID [2022-02-20 18:00:50,884 INFO L290 TraceCheckUtils]: 139: Hoare triple {30394#false} assume 1 == ~handle;~retValue_acc~41 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~41; {30394#false} is VALID [2022-02-20 18:00:50,884 INFO L290 TraceCheckUtils]: 140: Hoare triple {30394#false} assume true; {30394#false} is VALID [2022-02-20 18:00:50,884 INFO L284 TraceCheckUtils]: 141: Hoare quadruple {30394#false} {30394#false} #1245#return; {30394#false} is VALID [2022-02-20 18:00:50,884 INFO L290 TraceCheckUtils]: 142: Hoare triple {30394#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret77#1 && __utac_acc__SignForward_spec__1_#t~ret77#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~9#1 := __utac_acc__SignForward_spec__1_#t~ret77#1;havoc __utac_acc__SignForward_spec__1_#t~ret77#1; {30394#false} is VALID [2022-02-20 18:00:50,885 INFO L290 TraceCheckUtils]: 143: Hoare triple {30394#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~9#1; {30394#false} is VALID [2022-02-20 18:00:50,885 INFO L272 TraceCheckUtils]: 144: Hoare triple {30394#false} call __utac_acc__SignForward_spec__1_#t~ret78#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {30394#false} is VALID [2022-02-20 18:00:50,885 INFO L290 TraceCheckUtils]: 145: Hoare triple {30394#false} ~handle := #in~handle;havoc ~retValue_acc~11; {30394#false} is VALID [2022-02-20 18:00:50,885 INFO L290 TraceCheckUtils]: 146: Hoare triple {30394#false} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {30394#false} is VALID [2022-02-20 18:00:50,885 INFO L290 TraceCheckUtils]: 147: Hoare triple {30394#false} assume true; {30394#false} is VALID [2022-02-20 18:00:50,885 INFO L284 TraceCheckUtils]: 148: Hoare quadruple {30394#false} {30394#false} #1247#return; {30394#false} is VALID [2022-02-20 18:00:50,885 INFO L290 TraceCheckUtils]: 149: Hoare triple {30394#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret78#1 && __utac_acc__SignForward_spec__1_#t~ret78#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~21#1 := __utac_acc__SignForward_spec__1_#t~ret78#1;havoc __utac_acc__SignForward_spec__1_#t~ret78#1; {30394#false} is VALID [2022-02-20 18:00:50,885 INFO L290 TraceCheckUtils]: 150: Hoare triple {30394#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~21#1;assume { :begin_inline___automaton_fail } true; {30394#false} is VALID [2022-02-20 18:00:50,886 INFO L290 TraceCheckUtils]: 151: Hoare triple {30394#false} assume !false; {30394#false} is VALID [2022-02-20 18:00:50,886 INFO L134 CoverageAnalysis]: Checked inductivity of 44 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 42 trivial. 0 not checked. [2022-02-20 18:00:50,886 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 18:00:51,261 INFO L290 TraceCheckUtils]: 151: Hoare triple {30394#false} assume !false; {30394#false} is VALID [2022-02-20 18:00:51,261 INFO L290 TraceCheckUtils]: 150: Hoare triple {30394#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~21#1;assume { :begin_inline___automaton_fail } true; {30394#false} is VALID [2022-02-20 18:00:51,261 INFO L290 TraceCheckUtils]: 149: Hoare triple {30394#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret78#1 && __utac_acc__SignForward_spec__1_#t~ret78#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~21#1 := __utac_acc__SignForward_spec__1_#t~ret78#1;havoc __utac_acc__SignForward_spec__1_#t~ret78#1; {30394#false} is VALID [2022-02-20 18:00:51,261 INFO L284 TraceCheckUtils]: 148: Hoare quadruple {30393#true} {30394#false} #1247#return; {30394#false} is VALID [2022-02-20 18:00:51,261 INFO L290 TraceCheckUtils]: 147: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:51,261 INFO L290 TraceCheckUtils]: 146: Hoare triple {30393#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {30393#true} is VALID [2022-02-20 18:00:51,262 INFO L290 TraceCheckUtils]: 145: Hoare triple {30393#true} ~handle := #in~handle;havoc ~retValue_acc~11; {30393#true} is VALID [2022-02-20 18:00:51,262 INFO L272 TraceCheckUtils]: 144: Hoare triple {30394#false} call __utac_acc__SignForward_spec__1_#t~ret78#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {30393#true} is VALID [2022-02-20 18:00:51,262 INFO L290 TraceCheckUtils]: 143: Hoare triple {30394#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~9#1; {30394#false} is VALID [2022-02-20 18:00:51,262 INFO L290 TraceCheckUtils]: 142: Hoare triple {30394#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret77#1 && __utac_acc__SignForward_spec__1_#t~ret77#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~9#1 := __utac_acc__SignForward_spec__1_#t~ret77#1;havoc __utac_acc__SignForward_spec__1_#t~ret77#1; {30394#false} is VALID [2022-02-20 18:00:51,262 INFO L284 TraceCheckUtils]: 141: Hoare quadruple {30393#true} {30394#false} #1245#return; {30394#false} is VALID [2022-02-20 18:00:51,262 INFO L290 TraceCheckUtils]: 140: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:51,262 INFO L290 TraceCheckUtils]: 139: Hoare triple {30393#true} assume 1 == ~handle;~retValue_acc~41 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~41; {30393#true} is VALID [2022-02-20 18:00:51,262 INFO L290 TraceCheckUtils]: 138: Hoare triple {30393#true} ~handle := #in~handle;havoc ~retValue_acc~41; {30393#true} is VALID [2022-02-20 18:00:51,262 INFO L272 TraceCheckUtils]: 137: Hoare triple {30394#false} call __utac_acc__SignForward_spec__1_#t~ret77#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {30393#true} is VALID [2022-02-20 18:00:51,262 INFO L290 TraceCheckUtils]: 136: Hoare triple {30394#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret47#1, mail_#t~ret48#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~10#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~10#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret76#1, __utac_acc__SignForward_spec__1_#t~ret77#1, __utac_acc__SignForward_spec__1_#t~ret78#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~21#1, __utac_acc__SignForward_spec__1_~tmp___0~9#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~21#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~9#1;call __utac_acc__SignForward_spec__1_#t~ret76#1 := puts(27, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret76#1 && __utac_acc__SignForward_spec__1_#t~ret76#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret76#1; {30394#false} is VALID [2022-02-20 18:00:51,275 INFO L284 TraceCheckUtils]: 135: Hoare quadruple {30393#true} {30394#false} #1243#return; {30394#false} is VALID [2022-02-20 18:00:51,275 INFO L290 TraceCheckUtils]: 134: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:51,275 INFO L290 TraceCheckUtils]: 133: Hoare triple {30393#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {30393#true} is VALID [2022-02-20 18:00:51,275 INFO L290 TraceCheckUtils]: 132: Hoare triple {30393#true} ~handle := #in~handle;~value := #in~value; {30393#true} is VALID [2022-02-20 18:00:51,275 INFO L272 TraceCheckUtils]: 131: Hoare triple {30394#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~11#1); {30393#true} is VALID [2022-02-20 18:00:51,275 INFO L290 TraceCheckUtils]: 130: Hoare triple {30394#false} outgoing__wrappee__Keys_#t~ret49#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret49#1 && outgoing__wrappee__Keys_#t~ret49#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~11#1 := outgoing__wrappee__Keys_#t~ret49#1;havoc outgoing__wrappee__Keys_#t~ret49#1; {30394#false} is VALID [2022-02-20 18:00:51,275 INFO L290 TraceCheckUtils]: 129: Hoare triple {30394#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~18#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~18#1; {30394#false} is VALID [2022-02-20 18:00:51,275 INFO L290 TraceCheckUtils]: 128: Hoare triple {30394#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret49#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~11#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~11#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~18#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~18#1; {30394#false} is VALID [2022-02-20 18:00:51,275 INFO L290 TraceCheckUtils]: 127: Hoare triple {30394#false} assume !(0 != ~pubkey~0#1); {30394#false} is VALID [2022-02-20 18:00:51,275 INFO L290 TraceCheckUtils]: 126: Hoare triple {30394#false} assume -2147483648 <= #t~ret51#1 && #t~ret51#1 <= 2147483647;~tmp___0~5#1 := #t~ret51#1;havoc #t~ret51#1;~pubkey~0#1 := ~tmp___0~5#1; {30394#false} is VALID [2022-02-20 18:00:51,279 INFO L284 TraceCheckUtils]: 125: Hoare quadruple {30393#true} {30394#false} #1237#return; {30394#false} is VALID [2022-02-20 18:00:51,279 INFO L290 TraceCheckUtils]: 124: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:51,279 INFO L290 TraceCheckUtils]: 123: Hoare triple {30393#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~16 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~16; {30393#true} is VALID [2022-02-20 18:00:51,279 INFO L290 TraceCheckUtils]: 122: Hoare triple {30393#true} assume 1 == ~handle; {30393#true} is VALID [2022-02-20 18:00:51,279 INFO L290 TraceCheckUtils]: 121: Hoare triple {30393#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~16; {30393#true} is VALID [2022-02-20 18:00:51,280 INFO L272 TraceCheckUtils]: 120: Hoare triple {30394#false} call #t~ret51#1 := findPublicKey(~client#1, ~receiver~0#1); {30393#true} is VALID [2022-02-20 18:00:51,280 INFO L290 TraceCheckUtils]: 119: Hoare triple {30394#false} assume -2147483648 <= #t~ret50#1 && #t~ret50#1 <= 2147483647;~tmp~12#1 := #t~ret50#1;havoc #t~ret50#1;~receiver~0#1 := ~tmp~12#1; {30394#false} is VALID [2022-02-20 18:00:51,280 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {30393#true} {30394#false} #1235#return; {30394#false} is VALID [2022-02-20 18:00:51,280 INFO L290 TraceCheckUtils]: 117: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:51,280 INFO L290 TraceCheckUtils]: 116: Hoare triple {30393#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {30393#true} is VALID [2022-02-20 18:00:51,280 INFO L290 TraceCheckUtils]: 115: Hoare triple {30393#true} ~handle := #in~handle;havoc ~retValue_acc~36; {30393#true} is VALID [2022-02-20 18:00:51,280 INFO L272 TraceCheckUtils]: 114: Hoare triple {30394#false} call #t~ret50#1 := getEmailTo(~msg#1); {30393#true} is VALID [2022-02-20 18:00:51,280 INFO L290 TraceCheckUtils]: 113: Hoare triple {30394#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~12#1;havoc ~pubkey~0#1;havoc ~tmp___0~5#1; {30394#false} is VALID [2022-02-20 18:00:51,280 INFO L272 TraceCheckUtils]: 112: Hoare triple {30394#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {30394#false} is VALID [2022-02-20 18:00:51,281 INFO L284 TraceCheckUtils]: 111: Hoare quadruple {30393#true} {30394#false} #1209#return; {30394#false} is VALID [2022-02-20 18:00:51,281 INFO L290 TraceCheckUtils]: 110: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:51,281 INFO L290 TraceCheckUtils]: 109: Hoare triple {30393#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {30393#true} is VALID [2022-02-20 18:00:51,281 INFO L290 TraceCheckUtils]: 108: Hoare triple {30393#true} ~handle := #in~handle;~value := #in~value; {30393#true} is VALID [2022-02-20 18:00:51,281 INFO L272 TraceCheckUtils]: 107: Hoare triple {30394#false} call setEmailTo(outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~second~0#1); {30393#true} is VALID [2022-02-20 18:00:51,281 INFO L290 TraceCheckUtils]: 106: Hoare triple {30394#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret56#1 && outgoing__wrappee__AddressBook_#t~ret56#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___1~2#1 := outgoing__wrappee__AddressBook_#t~ret56#1;havoc outgoing__wrappee__AddressBook_#t~ret56#1;outgoing__wrappee__AddressBook_~second~0#1 := outgoing__wrappee__AddressBook_~tmp___1~2#1; {30394#false} is VALID [2022-02-20 18:00:51,281 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {30393#true} {30394#false} #1207#return; {30394#false} is VALID [2022-02-20 18:00:51,281 INFO L290 TraceCheckUtils]: 104: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:51,282 INFO L290 TraceCheckUtils]: 103: Hoare triple {30393#true} assume 0 == ~index;~retValue_acc~9 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~9; {30393#true} is VALID [2022-02-20 18:00:51,282 INFO L290 TraceCheckUtils]: 102: Hoare triple {30393#true} assume 1 == ~handle; {30393#true} is VALID [2022-02-20 18:00:51,282 INFO L290 TraceCheckUtils]: 101: Hoare triple {30393#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~9; {30393#true} is VALID [2022-02-20 18:00:51,282 INFO L272 TraceCheckUtils]: 100: Hoare triple {30394#false} call outgoing__wrappee__AddressBook_#t~ret56#1 := getClientAddressBookAddress(outgoing__wrappee__AddressBook_~client#1, 1); {30393#true} is VALID [2022-02-20 18:00:51,282 INFO L290 TraceCheckUtils]: 99: Hoare triple {30394#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret54#1 && outgoing__wrappee__AddressBook_#t~ret54#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___0~6#1 := outgoing__wrappee__AddressBook_#t~ret54#1;havoc outgoing__wrappee__AddressBook_#t~ret54#1;outgoing__wrappee__AddressBook_~receiver~1#1 := outgoing__wrappee__AddressBook_~tmp___0~6#1;call outgoing__wrappee__AddressBook_#t~ret55#1 := puts(23, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret55#1 && outgoing__wrappee__AddressBook_#t~ret55#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret55#1; {30394#false} is VALID [2022-02-20 18:00:51,282 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {30393#true} {30394#false} #1205#return; {30394#false} is VALID [2022-02-20 18:00:51,282 INFO L290 TraceCheckUtils]: 97: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:51,282 INFO L290 TraceCheckUtils]: 96: Hoare triple {30393#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {30393#true} is VALID [2022-02-20 18:00:51,282 INFO L290 TraceCheckUtils]: 95: Hoare triple {30393#true} ~handle := #in~handle;havoc ~retValue_acc~36; {30393#true} is VALID [2022-02-20 18:00:51,283 INFO L272 TraceCheckUtils]: 94: Hoare triple {30394#false} call outgoing__wrappee__AddressBook_#t~ret54#1 := getEmailTo(outgoing__wrappee__AddressBook_~msg#1); {30393#true} is VALID [2022-02-20 18:00:51,283 INFO L290 TraceCheckUtils]: 93: Hoare triple {30394#false} assume { :end_inline_sendToAddressBook } true;call outgoing__wrappee__AddressBook_#t~ret53#1 := puts(22, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret53#1 && outgoing__wrappee__AddressBook_#t~ret53#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret53#1; {30394#false} is VALID [2022-02-20 18:00:51,283 INFO L290 TraceCheckUtils]: 92: Hoare triple {30394#false} assume 0 != outgoing__wrappee__AddressBook_~size~2#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {30394#false} is VALID [2022-02-20 18:00:51,283 INFO L290 TraceCheckUtils]: 91: Hoare triple {30394#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret52#1 && outgoing__wrappee__AddressBook_#t~ret52#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~13#1 := outgoing__wrappee__AddressBook_#t~ret52#1;havoc outgoing__wrappee__AddressBook_#t~ret52#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~13#1; {30394#false} is VALID [2022-02-20 18:00:51,283 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {30393#true} {30394#false} #1203#return; {30394#false} is VALID [2022-02-20 18:00:51,283 INFO L290 TraceCheckUtils]: 89: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:51,283 INFO L290 TraceCheckUtils]: 88: Hoare triple {30393#true} assume 1 == ~handle;~retValue_acc~5 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~5; {30393#true} is VALID [2022-02-20 18:00:51,283 INFO L290 TraceCheckUtils]: 87: Hoare triple {30393#true} ~handle := #in~handle;havoc ~retValue_acc~5; {30393#true} is VALID [2022-02-20 18:00:51,284 INFO L272 TraceCheckUtils]: 86: Hoare triple {30394#false} call outgoing__wrappee__AddressBook_#t~ret52#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {30393#true} is VALID [2022-02-20 18:00:51,284 INFO L290 TraceCheckUtils]: 85: Hoare triple {30394#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret52#1, outgoing__wrappee__AddressBook_#t~ret53#1, outgoing__wrappee__AddressBook_#t~ret54#1, outgoing__wrappee__AddressBook_#t~ret55#1, outgoing__wrappee__AddressBook_#t~ret56#1, outgoing__wrappee__AddressBook_#t~ret57#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~13#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~6#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~13#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~6#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {30394#false} is VALID [2022-02-20 18:00:51,284 INFO L290 TraceCheckUtils]: 84: Hoare triple {30394#false} assume 0 == sign_~privkey~1#1; {30394#false} is VALID [2022-02-20 18:00:51,284 INFO L290 TraceCheckUtils]: 83: Hoare triple {30394#false} assume -2147483648 <= sign_#t~ret69#1 && sign_#t~ret69#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret69#1;havoc sign_#t~ret69#1;sign_~privkey~1#1 := sign_~tmp~19#1; {30394#false} is VALID [2022-02-20 18:00:51,284 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {30393#true} {30394#false} #1201#return; {30394#false} is VALID [2022-02-20 18:00:51,284 INFO L290 TraceCheckUtils]: 81: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:51,284 INFO L290 TraceCheckUtils]: 80: Hoare triple {30393#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~11; {30393#true} is VALID [2022-02-20 18:00:51,284 INFO L290 TraceCheckUtils]: 79: Hoare triple {30393#true} ~handle := #in~handle;havoc ~retValue_acc~11; {30393#true} is VALID [2022-02-20 18:00:51,285 INFO L272 TraceCheckUtils]: 78: Hoare triple {30394#false} call sign_#t~ret69#1 := getClientPrivateKey(sign_~client#1); {30393#true} is VALID [2022-02-20 18:00:51,285 INFO L290 TraceCheckUtils]: 77: Hoare triple {30394#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret69#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~19#1; {30394#false} is VALID [2022-02-20 18:00:51,285 INFO L272 TraceCheckUtils]: 76: Hoare triple {30394#false} call outgoing(~sender#1, ~email~0#1); {30394#false} is VALID [2022-02-20 18:00:51,285 INFO L290 TraceCheckUtils]: 75: Hoare triple {30394#false} #t~ret65#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret65#1 && #t~ret65#1 <= 2147483647;~tmp~17#1 := #t~ret65#1;havoc #t~ret65#1;~email~0#1 := ~tmp~17#1; {30394#false} is VALID [2022-02-20 18:00:51,285 INFO L290 TraceCheckUtils]: 74: Hoare triple {30394#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {30394#false} is VALID [2022-02-20 18:00:51,285 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {30393#true} {30394#false} #1223#return; {30394#false} is VALID [2022-02-20 18:00:51,285 INFO L290 TraceCheckUtils]: 72: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:51,285 INFO L290 TraceCheckUtils]: 71: Hoare triple {30393#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {30393#true} is VALID [2022-02-20 18:00:51,285 INFO L290 TraceCheckUtils]: 70: Hoare triple {30393#true} ~handle := #in~handle;~value := #in~value; {30393#true} is VALID [2022-02-20 18:00:51,286 INFO L272 TraceCheckUtils]: 69: Hoare triple {30394#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {30393#true} is VALID [2022-02-20 18:00:51,286 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {30393#true} {30394#false} #1221#return; {30394#false} is VALID [2022-02-20 18:00:51,286 INFO L290 TraceCheckUtils]: 67: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:51,286 INFO L290 TraceCheckUtils]: 66: Hoare triple {30393#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {30393#true} is VALID [2022-02-20 18:00:51,286 INFO L290 TraceCheckUtils]: 65: Hoare triple {30393#true} ~handle := #in~handle;~value := #in~value; {30393#true} is VALID [2022-02-20 18:00:51,286 INFO L272 TraceCheckUtils]: 64: Hoare triple {30394#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {30393#true} is VALID [2022-02-20 18:00:51,286 INFO L290 TraceCheckUtils]: 63: Hoare triple {30394#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {30394#false} is VALID [2022-02-20 18:00:51,286 INFO L272 TraceCheckUtils]: 62: Hoare triple {30394#false} call sendEmail(~bob~0, ~rjh~0); {30394#false} is VALID [2022-02-20 18:00:51,286 INFO L290 TraceCheckUtils]: 61: Hoare triple {30394#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_#t~ret10#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret7#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret7#1 && bobToRjh_#t~ret7#1 <= 2147483647;havoc bobToRjh_#t~ret7#1; {30394#false} is VALID [2022-02-20 18:00:51,287 INFO L290 TraceCheckUtils]: 60: Hoare triple {31215#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(test_~splverifierCounter~0#1 < 4); {30394#false} is VALID [2022-02-20 18:00:51,287 INFO L290 TraceCheckUtils]: 59: Hoare triple {31215#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !false; {31215#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:00:51,287 INFO L290 TraceCheckUtils]: 58: Hoare triple {31215#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {31215#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:00:51,288 INFO L290 TraceCheckUtils]: 57: Hoare triple {31215#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume { :end_inline_setClientAutoResponse } true; {31215#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:00:51,288 INFO L290 TraceCheckUtils]: 56: Hoare triple {31215#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {31215#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:00:51,288 INFO L290 TraceCheckUtils]: 55: Hoare triple {31215#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {31215#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:00:51,289 INFO L290 TraceCheckUtils]: 54: Hoare triple {31215#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet104#1 && test_#t~nondet104#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet104#1;havoc test_#t~nondet104#1; {31215#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:00:51,289 INFO L290 TraceCheckUtils]: 53: Hoare triple {31215#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(0 != test_~tmp___9~0#1); {31215#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:00:51,289 INFO L290 TraceCheckUtils]: 52: Hoare triple {31215#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet103#1 && test_#t~nondet103#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet103#1;havoc test_#t~nondet103#1; {31215#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:00:51,290 INFO L290 TraceCheckUtils]: 51: Hoare triple {31243#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {31215#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:00:51,290 INFO L290 TraceCheckUtils]: 50: Hoare triple {31243#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume test_~splverifierCounter~0#1 < 4; {31243#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 18:00:51,290 INFO L290 TraceCheckUtils]: 49: Hoare triple {31243#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume !false; {31243#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 18:00:51,290 INFO L290 TraceCheckUtils]: 48: Hoare triple {30393#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_#t~nondet107#1, test_#t~nondet108#1, test_#t~nondet109#1, test_#t~nondet110#1, test_#t~nondet111#1, test_#t~nondet112#1, test_#t~nondet113#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~25#1, test_~tmp___0~10#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~25#1;havoc test_~tmp___0~10#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {31243#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 18:00:51,291 INFO L290 TraceCheckUtils]: 47: Hoare triple {30393#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 8, 0;havoc setup_#t~nondet14#1; {30393#true} is VALID [2022-02-20 18:00:51,291 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {30393#true} {30393#true} #1289#return; {30393#true} is VALID [2022-02-20 18:00:51,291 INFO L290 TraceCheckUtils]: 45: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:51,291 INFO L290 TraceCheckUtils]: 44: Hoare triple {30393#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {30393#true} is VALID [2022-02-20 18:00:51,291 INFO L290 TraceCheckUtils]: 43: Hoare triple {30393#true} assume !(2 == ~handle); {30393#true} is VALID [2022-02-20 18:00:51,291 INFO L290 TraceCheckUtils]: 42: Hoare triple {30393#true} assume !(1 == ~handle); {30393#true} is VALID [2022-02-20 18:00:51,291 INFO L290 TraceCheckUtils]: 41: Hoare triple {30393#true} ~handle := #in~handle;~value := #in~value; {30393#true} is VALID [2022-02-20 18:00:51,291 INFO L272 TraceCheckUtils]: 40: Hoare triple {30393#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {30393#true} is VALID [2022-02-20 18:00:51,292 INFO L290 TraceCheckUtils]: 39: Hoare triple {30393#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {30393#true} is VALID [2022-02-20 18:00:51,292 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {30393#true} {30393#true} #1287#return; {30393#true} is VALID [2022-02-20 18:00:51,292 INFO L290 TraceCheckUtils]: 37: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:51,292 INFO L290 TraceCheckUtils]: 36: Hoare triple {30393#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {30393#true} is VALID [2022-02-20 18:00:51,292 INFO L290 TraceCheckUtils]: 35: Hoare triple {30393#true} assume !(2 == ~handle); {30393#true} is VALID [2022-02-20 18:00:51,292 INFO L290 TraceCheckUtils]: 34: Hoare triple {30393#true} assume !(1 == ~handle); {30393#true} is VALID [2022-02-20 18:00:51,292 INFO L290 TraceCheckUtils]: 33: Hoare triple {30393#true} ~handle := #in~handle;~value := #in~value; {30393#true} is VALID [2022-02-20 18:00:51,292 INFO L272 TraceCheckUtils]: 32: Hoare triple {30393#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {30393#true} is VALID [2022-02-20 18:00:51,292 INFO L290 TraceCheckUtils]: 31: Hoare triple {30393#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet13#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {30393#true} is VALID [2022-02-20 18:00:51,293 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {30393#true} {30393#true} #1285#return; {30393#true} is VALID [2022-02-20 18:00:51,293 INFO L290 TraceCheckUtils]: 29: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:51,293 INFO L290 TraceCheckUtils]: 28: Hoare triple {30393#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {30393#true} is VALID [2022-02-20 18:00:51,293 INFO L290 TraceCheckUtils]: 27: Hoare triple {30393#true} assume !(1 == ~handle); {30393#true} is VALID [2022-02-20 18:00:51,293 INFO L290 TraceCheckUtils]: 26: Hoare triple {30393#true} ~handle := #in~handle;~value := #in~value; {30393#true} is VALID [2022-02-20 18:00:51,293 INFO L272 TraceCheckUtils]: 25: Hoare triple {30393#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {30393#true} is VALID [2022-02-20 18:00:51,293 INFO L290 TraceCheckUtils]: 24: Hoare triple {30393#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {30393#true} is VALID [2022-02-20 18:00:51,293 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {30393#true} {30393#true} #1283#return; {30393#true} is VALID [2022-02-20 18:00:51,293 INFO L290 TraceCheckUtils]: 22: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:51,294 INFO L290 TraceCheckUtils]: 21: Hoare triple {30393#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {30393#true} is VALID [2022-02-20 18:00:51,294 INFO L290 TraceCheckUtils]: 20: Hoare triple {30393#true} assume !(1 == ~handle); {30393#true} is VALID [2022-02-20 18:00:51,294 INFO L290 TraceCheckUtils]: 19: Hoare triple {30393#true} ~handle := #in~handle;~value := #in~value; {30393#true} is VALID [2022-02-20 18:00:51,294 INFO L272 TraceCheckUtils]: 18: Hoare triple {30393#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {30393#true} is VALID [2022-02-20 18:00:51,294 INFO L290 TraceCheckUtils]: 17: Hoare triple {30393#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet12#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {30393#true} is VALID [2022-02-20 18:00:51,294 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {30393#true} {30393#true} #1281#return; {30393#true} is VALID [2022-02-20 18:00:51,294 INFO L290 TraceCheckUtils]: 15: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:51,294 INFO L290 TraceCheckUtils]: 14: Hoare triple {30393#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {30393#true} is VALID [2022-02-20 18:00:51,295 INFO L290 TraceCheckUtils]: 13: Hoare triple {30393#true} ~handle := #in~handle;~value := #in~value; {30393#true} is VALID [2022-02-20 18:00:51,295 INFO L272 TraceCheckUtils]: 12: Hoare triple {30393#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {30393#true} is VALID [2022-02-20 18:00:51,295 INFO L290 TraceCheckUtils]: 11: Hoare triple {30393#true} assume { :end_inline_setup_bob__wrappee__Base } true; {30393#true} is VALID [2022-02-20 18:00:51,295 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {30393#true} {30393#true} #1279#return; {30393#true} is VALID [2022-02-20 18:00:51,295 INFO L290 TraceCheckUtils]: 9: Hoare triple {30393#true} assume true; {30393#true} is VALID [2022-02-20 18:00:51,295 INFO L290 TraceCheckUtils]: 8: Hoare triple {30393#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30393#true} is VALID [2022-02-20 18:00:51,295 INFO L290 TraceCheckUtils]: 7: Hoare triple {30393#true} ~handle := #in~handle;~value := #in~value; {30393#true} is VALID [2022-02-20 18:00:51,295 INFO L272 TraceCheckUtils]: 6: Hoare triple {30393#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {30393#true} is VALID [2022-02-20 18:00:51,295 INFO L290 TraceCheckUtils]: 5: Hoare triple {30393#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet12#1, setup_#t~nondet13#1, setup_#t~nondet14#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {30393#true} is VALID [2022-02-20 18:00:51,296 INFO L290 TraceCheckUtils]: 4: Hoare triple {30393#true} main_#t~ret15#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret15#1 && main_#t~ret15#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret15#1;havoc main_#t~ret15#1; {30393#true} is VALID [2022-02-20 18:00:51,296 INFO L290 TraceCheckUtils]: 3: Hoare triple {30393#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {30393#true} is VALID [2022-02-20 18:00:51,296 INFO L290 TraceCheckUtils]: 2: Hoare triple {30393#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {30393#true} is VALID [2022-02-20 18:00:51,296 INFO L290 TraceCheckUtils]: 1: Hoare triple {30393#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret15#1, main_~retValue_acc~19#1, main_~tmp~3#1;havoc main_~retValue_acc~19#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {30393#true} is VALID [2022-02-20 18:00:51,296 INFO L290 TraceCheckUtils]: 0: Hoare triple {30393#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(13, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(34, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(20, 25);call #Ultimate.allocInit(22, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {30393#true} is VALID [2022-02-20 18:00:51,296 INFO L134 CoverageAnalysis]: Checked inductivity of 44 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 42 trivial. 0 not checked. [2022-02-20 18:00:51,297 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1234235769] provided 0 perfect and 2 imperfect interpolant sequences [2022-02-20 18:00:51,297 INFO L191 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-02-20 18:00:51,297 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [11, 4, 4] total 15 [2022-02-20 18:00:51,297 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [588725163] [2022-02-20 18:00:51,297 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-02-20 18:00:51,298 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 14 states have (on average 11.142857142857142) internal successors, (156), 11 states have internal predecessors, (156), 4 states have call successors, (43), 6 states have call predecessors, (43), 3 states have return successors, (34), 3 states have call predecessors, (34), 4 states have call successors, (34) Word has length 152