./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec6_product12.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec6_product12.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 6a023004d1923934c700fbd43377f50b99f9b3dcadd2a9eb1f89b20b18aa1436 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:00:19,848 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:00:19,850 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:00:19,911 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:00:19,911 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:00:19,913 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:00:19,914 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:00:19,916 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:00:19,918 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:00:19,921 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:00:19,921 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:00:19,922 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:00:19,923 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:00:19,924 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:00:19,925 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:00:19,927 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:00:19,944 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:00:19,945 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:00:19,947 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:00:19,951 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:00:19,952 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:00:19,952 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:00:19,954 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:00:19,954 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:00:19,959 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:00:19,959 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:00:19,960 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:00:19,961 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:00:19,961 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:00:19,962 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:00:19,962 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:00:19,963 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:00:19,964 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:00:19,964 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:00:19,965 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:00:19,965 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:00:19,966 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:00:19,966 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:00:19,966 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:00:19,967 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:00:19,967 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:00:19,968 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 18:00:20,003 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:00:20,003 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:00:20,004 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:00:20,004 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:00:20,019 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:00:20,020 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:00:20,021 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:00:20,021 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:00:20,021 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:00:20,021 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:00:20,022 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:00:20,022 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 18:00:20,022 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:00:20,022 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:00:20,023 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:00:20,023 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:00:20,023 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:00:20,023 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:00:20,023 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:00:20,023 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:00:20,023 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:00:20,024 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:00:20,024 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:00:20,024 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:00:20,024 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:00:20,024 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:00:20,024 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:00:20,024 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:00:20,025 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 18:00:20,025 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 18:00:20,025 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:00:20,025 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:00:20,025 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:00:20,025 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 6a023004d1923934c700fbd43377f50b99f9b3dcadd2a9eb1f89b20b18aa1436 [2022-02-20 18:00:20,350 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:00:20,401 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:00:20,403 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:00:20,404 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:00:20,404 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:00:20,405 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec6_product12.cil.c [2022-02-20 18:00:20,498 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/5dfcd41a1/b5a1ad2a740c45d897da4c4058a9fa4a/FLAG3e917118e [2022-02-20 18:00:21,251 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:00:21,252 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec6_product12.cil.c [2022-02-20 18:00:21,285 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/5dfcd41a1/b5a1ad2a740c45d897da4c4058a9fa4a/FLAG3e917118e [2022-02-20 18:00:21,499 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/5dfcd41a1/b5a1ad2a740c45d897da4c4058a9fa4a [2022-02-20 18:00:21,501 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:00:21,502 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:00:21,503 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:00:21,503 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:00:21,517 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:00:21,518 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:00:21" (1/1) ... [2022-02-20 18:00:21,519 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@3317c2b0 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:00:21, skipping insertion in model container [2022-02-20 18:00:21,519 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:00:21" (1/1) ... [2022-02-20 18:00:21,524 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:00:21,611 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:00:22,330 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec6_product12.cil.c[52000,52013] [2022-02-20 18:00:22,394 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:00:22,404 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:00:22,534 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec6_product12.cil.c[52000,52013] [2022-02-20 18:00:22,566 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:00:22,602 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:00:22,603 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:00:22 WrapperNode [2022-02-20 18:00:22,603 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:00:22,604 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:00:22,604 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:00:22,604 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:00:22,609 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:00:22" (1/1) ... [2022-02-20 18:00:22,659 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:00:22" (1/1) ... [2022-02-20 18:00:22,738 INFO L137 Inliner]: procedures = 123, calls = 193, calls flagged for inlining = 49, calls inlined = 39, statements flattened = 807 [2022-02-20 18:00:22,764 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:00:22,765 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:00:22,765 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:00:22,765 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:00:22,771 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:00:22" (1/1) ... [2022-02-20 18:00:22,771 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:00:22" (1/1) ... [2022-02-20 18:00:22,781 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:00:22" (1/1) ... [2022-02-20 18:00:22,794 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:00:22" (1/1) ... [2022-02-20 18:00:22,817 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:00:22" (1/1) ... [2022-02-20 18:00:22,822 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:00:22" (1/1) ... [2022-02-20 18:00:22,842 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:00:22" (1/1) ... [2022-02-20 18:00:22,855 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:00:22,868 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:00:22,868 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:00:22,868 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:00:22,869 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:00:22" (1/1) ... [2022-02-20 18:00:22,883 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:00:22,891 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:00:22,933 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:00:22,967 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:00:22,992 INFO L130 BoogieDeclarations]: Found specification of procedure getClientPrivateKey [2022-02-20 18:00:22,992 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientPrivateKey [2022-02-20 18:00:22,992 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailEncryptionKey [2022-02-20 18:00:22,993 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailEncryptionKey [2022-02-20 18:00:22,993 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailEncryptionKey [2022-02-20 18:00:22,993 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailEncryptionKey [2022-02-20 18:00:22,993 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2022-02-20 18:00:22,993 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2022-02-20 18:00:22,993 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2022-02-20 18:00:22,993 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2022-02-20 18:00:22,993 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2022-02-20 18:00:22,994 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2022-02-20 18:00:22,994 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailIsEncrypted [2022-02-20 18:00:22,994 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailIsEncrypted [2022-02-20 18:00:22,994 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2022-02-20 18:00:22,994 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2022-02-20 18:00:22,994 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2022-02-20 18:00:22,994 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2022-02-20 18:00:22,994 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2022-02-20 18:00:22,994 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:00:22,995 INFO L130 BoogieDeclarations]: Found specification of procedure isKeyPairValid [2022-02-20 18:00:22,995 INFO L138 BoogieDeclarations]: Found implementation of procedure isKeyPairValid [2022-02-20 18:00:22,995 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2022-02-20 18:00:22,995 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2022-02-20 18:00:22,995 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2022-02-20 18:00:22,995 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2022-02-20 18:00:22,995 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2022-02-20 18:00:22,995 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2022-02-20 18:00:22,996 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2022-02-20 18:00:22,996 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2022-02-20 18:00:22,996 INFO L130 BoogieDeclarations]: Found specification of procedure isEncrypted [2022-02-20 18:00:22,996 INFO L138 BoogieDeclarations]: Found implementation of procedure isEncrypted [2022-02-20 18:00:22,996 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2022-02-20 18:00:22,996 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2022-02-20 18:00:22,996 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 18:00:22,997 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2022-02-20 18:00:22,997 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2022-02-20 18:00:22,997 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:00:22,997 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:00:23,216 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:00:23,217 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:00:23,893 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:00:23,908 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:00:23,908 INFO L299 CfgBuilder]: Removed 1 assume(true) statements. [2022-02-20 18:00:23,910 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:00:23 BoogieIcfgContainer [2022-02-20 18:00:23,910 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:00:23,912 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:00:23,912 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:00:23,915 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:00:23,915 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:00:21" (1/3) ... [2022-02-20 18:00:23,915 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@7ea6e6d8 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:00:23, skipping insertion in model container [2022-02-20 18:00:23,916 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:00:22" (2/3) ... [2022-02-20 18:00:23,916 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@7ea6e6d8 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:00:23, skipping insertion in model container [2022-02-20 18:00:23,916 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:00:23" (3/3) ... [2022-02-20 18:00:23,917 INFO L111 eAbstractionObserver]: Analyzing ICFG email_spec6_product12.cil.c [2022-02-20 18:00:23,921 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:00:23,921 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:00:23,957 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:00:23,963 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:00:23,963 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:00:23,993 INFO L276 IsEmpty]: Start isEmpty. Operand has 274 states, 212 states have (on average 1.5377358490566038) internal successors, (326), 216 states have internal predecessors, (326), 43 states have call successors, (43), 17 states have call predecessors, (43), 17 states have return successors, (43), 43 states have call predecessors, (43), 43 states have call successors, (43) [2022-02-20 18:00:24,013 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 112 [2022-02-20 18:00:24,014 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:00:24,015 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:00:24,015 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:00:24,020 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:00:24,020 INFO L85 PathProgramCache]: Analyzing trace with hash 950381241, now seen corresponding path program 1 times [2022-02-20 18:00:24,026 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:00:24,027 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1145623787] [2022-02-20 18:00:24,027 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:24,027 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:00:24,189 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:24,268 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:00:24,271 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:24,280 INFO L290 TraceCheckUtils]: 0: Hoare triple {336#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {277#true} is VALID [2022-02-20 18:00:24,281 INFO L290 TraceCheckUtils]: 1: Hoare triple {277#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {277#true} is VALID [2022-02-20 18:00:24,281 INFO L290 TraceCheckUtils]: 2: Hoare triple {277#true} assume true; {277#true} is VALID [2022-02-20 18:00:24,281 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {277#true} {277#true} #829#return; {277#true} is VALID [2022-02-20 18:00:24,288 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:00:24,291 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:24,299 INFO L290 TraceCheckUtils]: 0: Hoare triple {337#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {277#true} is VALID [2022-02-20 18:00:24,299 INFO L290 TraceCheckUtils]: 1: Hoare triple {277#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {277#true} is VALID [2022-02-20 18:00:24,300 INFO L290 TraceCheckUtils]: 2: Hoare triple {277#true} assume true; {277#true} is VALID [2022-02-20 18:00:24,300 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {277#true} {277#true} #831#return; {277#true} is VALID [2022-02-20 18:00:24,300 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:00:24,303 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:24,319 INFO L290 TraceCheckUtils]: 0: Hoare triple {336#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {338#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:24,320 INFO L290 TraceCheckUtils]: 1: Hoare triple {338#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {339#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:24,320 INFO L290 TraceCheckUtils]: 2: Hoare triple {339#(= |setClientId_#in~handle| 1)} assume true; {339#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:24,321 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {339#(= |setClientId_#in~handle| 1)} {287#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #833#return; {278#false} is VALID [2022-02-20 18:00:24,321 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:00:24,323 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:24,326 INFO L290 TraceCheckUtils]: 0: Hoare triple {337#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {277#true} is VALID [2022-02-20 18:00:24,326 INFO L290 TraceCheckUtils]: 1: Hoare triple {277#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {277#true} is VALID [2022-02-20 18:00:24,326 INFO L290 TraceCheckUtils]: 2: Hoare triple {277#true} assume true; {277#true} is VALID [2022-02-20 18:00:24,326 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {277#true} {278#false} #835#return; {278#false} is VALID [2022-02-20 18:00:24,327 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:00:24,329 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:24,332 INFO L290 TraceCheckUtils]: 0: Hoare triple {336#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {277#true} is VALID [2022-02-20 18:00:24,332 INFO L290 TraceCheckUtils]: 1: Hoare triple {277#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {277#true} is VALID [2022-02-20 18:00:24,332 INFO L290 TraceCheckUtils]: 2: Hoare triple {277#true} assume true; {277#true} is VALID [2022-02-20 18:00:24,332 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {277#true} {278#false} #837#return; {278#false} is VALID [2022-02-20 18:00:24,333 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:00:24,334 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:24,337 INFO L290 TraceCheckUtils]: 0: Hoare triple {337#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {277#true} is VALID [2022-02-20 18:00:24,337 INFO L290 TraceCheckUtils]: 1: Hoare triple {277#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {277#true} is VALID [2022-02-20 18:00:24,337 INFO L290 TraceCheckUtils]: 2: Hoare triple {277#true} assume true; {277#true} is VALID [2022-02-20 18:00:24,337 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {277#true} {278#false} #839#return; {278#false} is VALID [2022-02-20 18:00:24,343 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2022-02-20 18:00:24,345 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:24,347 INFO L290 TraceCheckUtils]: 0: Hoare triple {340#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {277#true} is VALID [2022-02-20 18:00:24,347 INFO L290 TraceCheckUtils]: 1: Hoare triple {277#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {277#true} is VALID [2022-02-20 18:00:24,368 INFO L290 TraceCheckUtils]: 2: Hoare triple {277#true} assume true; {277#true} is VALID [2022-02-20 18:00:24,368 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {277#true} {278#false} #825#return; {278#false} is VALID [2022-02-20 18:00:24,369 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:00:24,370 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:24,373 INFO L290 TraceCheckUtils]: 0: Hoare triple {277#true} ~handle := #in~handle;havoc ~retValue_acc~30; {277#true} is VALID [2022-02-20 18:00:24,373 INFO L290 TraceCheckUtils]: 1: Hoare triple {277#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {277#true} is VALID [2022-02-20 18:00:24,373 INFO L290 TraceCheckUtils]: 2: Hoare triple {277#true} assume true; {277#true} is VALID [2022-02-20 18:00:24,373 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {277#true} {278#false} #787#return; {278#false} is VALID [2022-02-20 18:00:24,374 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 71 [2022-02-20 18:00:24,375 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:24,377 INFO L290 TraceCheckUtils]: 0: Hoare triple {340#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {277#true} is VALID [2022-02-20 18:00:24,377 INFO L290 TraceCheckUtils]: 1: Hoare triple {277#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {277#true} is VALID [2022-02-20 18:00:24,378 INFO L290 TraceCheckUtils]: 2: Hoare triple {277#true} assume true; {277#true} is VALID [2022-02-20 18:00:24,378 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {277#true} {278#false} #793#return; {278#false} is VALID [2022-02-20 18:00:24,378 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 18:00:24,379 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:24,382 INFO L290 TraceCheckUtils]: 0: Hoare triple {277#true} ~handle := #in~handle;havoc ~retValue_acc~33; {277#true} is VALID [2022-02-20 18:00:24,382 INFO L290 TraceCheckUtils]: 1: Hoare triple {277#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~33; {277#true} is VALID [2022-02-20 18:00:24,382 INFO L290 TraceCheckUtils]: 2: Hoare triple {277#true} assume true; {277#true} is VALID [2022-02-20 18:00:24,382 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {277#true} {278#false} #795#return; {278#false} is VALID [2022-02-20 18:00:24,383 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 18:00:24,384 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:24,386 INFO L290 TraceCheckUtils]: 0: Hoare triple {277#true} ~handle := #in~handle;havoc ~retValue_acc~30; {277#true} is VALID [2022-02-20 18:00:24,386 INFO L290 TraceCheckUtils]: 1: Hoare triple {277#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {277#true} is VALID [2022-02-20 18:00:24,386 INFO L290 TraceCheckUtils]: 2: Hoare triple {277#true} assume true; {277#true} is VALID [2022-02-20 18:00:24,387 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {277#true} {278#false} #797#return; {278#false} is VALID [2022-02-20 18:00:24,387 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91 [2022-02-20 18:00:24,388 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:24,390 INFO L290 TraceCheckUtils]: 0: Hoare triple {277#true} ~handle := #in~handle;havoc ~retValue_acc~19; {277#true} is VALID [2022-02-20 18:00:24,390 INFO L290 TraceCheckUtils]: 1: Hoare triple {277#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {277#true} is VALID [2022-02-20 18:00:24,390 INFO L290 TraceCheckUtils]: 2: Hoare triple {277#true} assume true; {277#true} is VALID [2022-02-20 18:00:24,391 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {277#true} {278#false} #799#return; {278#false} is VALID [2022-02-20 18:00:24,391 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 97 [2022-02-20 18:00:24,392 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:24,394 INFO L290 TraceCheckUtils]: 0: Hoare triple {277#true} ~handle := #in~handle;havoc ~retValue_acc~34; {277#true} is VALID [2022-02-20 18:00:24,394 INFO L290 TraceCheckUtils]: 1: Hoare triple {277#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~34; {277#true} is VALID [2022-02-20 18:00:24,394 INFO L290 TraceCheckUtils]: 2: Hoare triple {277#true} assume true; {277#true} is VALID [2022-02-20 18:00:24,395 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {277#true} {278#false} #801#return; {278#false} is VALID [2022-02-20 18:00:24,395 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-02-20 18:00:24,396 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:24,399 INFO L290 TraceCheckUtils]: 0: Hoare triple {277#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~42;havoc ~__cil_tmp4~4.base, ~__cil_tmp4~4.offset;~__cil_tmp4~4.base, ~__cil_tmp4~4.offset := 32, 0;havoc #t~nondet76; {277#true} is VALID [2022-02-20 18:00:24,399 INFO L290 TraceCheckUtils]: 1: Hoare triple {277#true} assume 0 == ~publicKey;~retValue_acc~42 := 0;#res := ~retValue_acc~42; {277#true} is VALID [2022-02-20 18:00:24,399 INFO L290 TraceCheckUtils]: 2: Hoare triple {277#true} assume true; {277#true} is VALID [2022-02-20 18:00:24,399 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {277#true} {278#false} #803#return; {278#false} is VALID [2022-02-20 18:00:24,400 INFO L290 TraceCheckUtils]: 0: Hoare triple {277#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(21, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(44, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(11, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(100, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(20, 32);call #Ultimate.allocInit(13, 33);call #Ultimate.allocInit(19, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(19, 36);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(115, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_encrypted~0 := -1; {277#true} is VALID [2022-02-20 18:00:24,401 INFO L290 TraceCheckUtils]: 1: Hoare triple {277#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~9#1, main_~tmp~7#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {277#true} is VALID [2022-02-20 18:00:24,401 INFO L290 TraceCheckUtils]: 2: Hoare triple {277#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {277#true} is VALID [2022-02-20 18:00:24,401 INFO L290 TraceCheckUtils]: 3: Hoare triple {277#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {277#true} is VALID [2022-02-20 18:00:24,401 INFO L290 TraceCheckUtils]: 4: Hoare triple {277#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {277#true} is VALID [2022-02-20 18:00:24,402 INFO L290 TraceCheckUtils]: 5: Hoare triple {277#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {277#true} is VALID [2022-02-20 18:00:24,403 INFO L272 TraceCheckUtils]: 6: Hoare triple {277#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {336#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:24,403 INFO L290 TraceCheckUtils]: 7: Hoare triple {336#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {277#true} is VALID [2022-02-20 18:00:24,403 INFO L290 TraceCheckUtils]: 8: Hoare triple {277#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {277#true} is VALID [2022-02-20 18:00:24,403 INFO L290 TraceCheckUtils]: 9: Hoare triple {277#true} assume true; {277#true} is VALID [2022-02-20 18:00:24,403 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {277#true} {277#true} #829#return; {277#true} is VALID [2022-02-20 18:00:24,404 INFO L290 TraceCheckUtils]: 11: Hoare triple {277#true} assume { :end_inline_setup_bob__wrappee__Base } true; {277#true} is VALID [2022-02-20 18:00:24,404 INFO L272 TraceCheckUtils]: 12: Hoare triple {277#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {337#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:24,405 INFO L290 TraceCheckUtils]: 13: Hoare triple {337#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {277#true} is VALID [2022-02-20 18:00:24,405 INFO L290 TraceCheckUtils]: 14: Hoare triple {277#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {277#true} is VALID [2022-02-20 18:00:24,405 INFO L290 TraceCheckUtils]: 15: Hoare triple {277#true} assume true; {277#true} is VALID [2022-02-20 18:00:24,405 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {277#true} {277#true} #831#return; {277#true} is VALID [2022-02-20 18:00:24,406 INFO L290 TraceCheckUtils]: 17: Hoare triple {277#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 24, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {287#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:00:24,407 INFO L272 TraceCheckUtils]: 18: Hoare triple {287#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {336#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:24,407 INFO L290 TraceCheckUtils]: 19: Hoare triple {336#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {338#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:24,408 INFO L290 TraceCheckUtils]: 20: Hoare triple {338#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {339#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:24,408 INFO L290 TraceCheckUtils]: 21: Hoare triple {339#(= |setClientId_#in~handle| 1)} assume true; {339#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:24,409 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {339#(= |setClientId_#in~handle| 1)} {287#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #833#return; {278#false} is VALID [2022-02-20 18:00:24,409 INFO L290 TraceCheckUtils]: 23: Hoare triple {278#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {278#false} is VALID [2022-02-20 18:00:24,409 INFO L272 TraceCheckUtils]: 24: Hoare triple {278#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {337#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:24,409 INFO L290 TraceCheckUtils]: 25: Hoare triple {337#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {277#true} is VALID [2022-02-20 18:00:24,410 INFO L290 TraceCheckUtils]: 26: Hoare triple {277#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {277#true} is VALID [2022-02-20 18:00:24,410 INFO L290 TraceCheckUtils]: 27: Hoare triple {277#true} assume true; {277#true} is VALID [2022-02-20 18:00:24,410 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {277#true} {278#false} #835#return; {278#false} is VALID [2022-02-20 18:00:24,410 INFO L290 TraceCheckUtils]: 29: Hoare triple {278#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 25, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {278#false} is VALID [2022-02-20 18:00:24,411 INFO L272 TraceCheckUtils]: 30: Hoare triple {278#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {336#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:24,411 INFO L290 TraceCheckUtils]: 31: Hoare triple {336#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {277#true} is VALID [2022-02-20 18:00:24,411 INFO L290 TraceCheckUtils]: 32: Hoare triple {277#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {277#true} is VALID [2022-02-20 18:00:24,411 INFO L290 TraceCheckUtils]: 33: Hoare triple {277#true} assume true; {277#true} is VALID [2022-02-20 18:00:24,411 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {277#true} {278#false} #837#return; {278#false} is VALID [2022-02-20 18:00:24,412 INFO L290 TraceCheckUtils]: 35: Hoare triple {278#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {278#false} is VALID [2022-02-20 18:00:24,412 INFO L272 TraceCheckUtils]: 36: Hoare triple {278#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {337#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:24,412 INFO L290 TraceCheckUtils]: 37: Hoare triple {337#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {277#true} is VALID [2022-02-20 18:00:24,412 INFO L290 TraceCheckUtils]: 38: Hoare triple {277#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {277#true} is VALID [2022-02-20 18:00:24,412 INFO L290 TraceCheckUtils]: 39: Hoare triple {277#true} assume true; {277#true} is VALID [2022-02-20 18:00:24,413 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {277#true} {278#false} #839#return; {278#false} is VALID [2022-02-20 18:00:24,413 INFO L290 TraceCheckUtils]: 41: Hoare triple {278#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 26, 0;havoc setup_#t~nondet49#1; {278#false} is VALID [2022-02-20 18:00:24,413 INFO L290 TraceCheckUtils]: 42: Hoare triple {278#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {278#false} is VALID [2022-02-20 18:00:24,413 INFO L290 TraceCheckUtils]: 43: Hoare triple {278#false} assume !true; {278#false} is VALID [2022-02-20 18:00:24,414 INFO L290 TraceCheckUtils]: 44: Hoare triple {278#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret42#1 := puts(22, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {278#false} is VALID [2022-02-20 18:00:24,414 INFO L272 TraceCheckUtils]: 45: Hoare triple {278#false} call sendEmail(~bob~0, ~rjh~0); {278#false} is VALID [2022-02-20 18:00:24,414 INFO L290 TraceCheckUtils]: 46: Hoare triple {278#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~5#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~5#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {278#false} is VALID [2022-02-20 18:00:24,414 INFO L272 TraceCheckUtils]: 47: Hoare triple {278#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {340#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:24,415 INFO L290 TraceCheckUtils]: 48: Hoare triple {340#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {277#true} is VALID [2022-02-20 18:00:24,415 INFO L290 TraceCheckUtils]: 49: Hoare triple {277#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {277#true} is VALID [2022-02-20 18:00:24,415 INFO L290 TraceCheckUtils]: 50: Hoare triple {277#true} assume true; {277#true} is VALID [2022-02-20 18:00:24,415 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {277#true} {278#false} #825#return; {278#false} is VALID [2022-02-20 18:00:24,415 INFO L290 TraceCheckUtils]: 52: Hoare triple {278#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {278#false} is VALID [2022-02-20 18:00:24,416 INFO L290 TraceCheckUtils]: 53: Hoare triple {278#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {278#false} is VALID [2022-02-20 18:00:24,416 INFO L290 TraceCheckUtils]: 54: Hoare triple {278#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~5#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~5#1; {278#false} is VALID [2022-02-20 18:00:24,416 INFO L290 TraceCheckUtils]: 55: Hoare triple {278#false} #t~ret75#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret75#1 && #t~ret75#1 <= 2147483647;~tmp~16#1 := #t~ret75#1;havoc #t~ret75#1;~email~0#1 := ~tmp~16#1; {278#false} is VALID [2022-02-20 18:00:24,416 INFO L272 TraceCheckUtils]: 56: Hoare triple {278#false} call outgoing(~sender#1, ~email~0#1); {278#false} is VALID [2022-02-20 18:00:24,416 INFO L290 TraceCheckUtils]: 57: Hoare triple {278#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~13#1;havoc ~pubkey~0#1;havoc ~tmp___0~4#1; {278#false} is VALID [2022-02-20 18:00:24,417 INFO L272 TraceCheckUtils]: 58: Hoare triple {278#false} call #t~ret67#1 := getEmailTo(~msg#1); {277#true} is VALID [2022-02-20 18:00:24,417 INFO L290 TraceCheckUtils]: 59: Hoare triple {277#true} ~handle := #in~handle;havoc ~retValue_acc~30; {277#true} is VALID [2022-02-20 18:00:24,417 INFO L290 TraceCheckUtils]: 60: Hoare triple {277#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {277#true} is VALID [2022-02-20 18:00:24,417 INFO L290 TraceCheckUtils]: 61: Hoare triple {277#true} assume true; {277#true} is VALID [2022-02-20 18:00:24,418 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {277#true} {278#false} #787#return; {278#false} is VALID [2022-02-20 18:00:24,418 INFO L290 TraceCheckUtils]: 63: Hoare triple {278#false} assume -2147483648 <= #t~ret67#1 && #t~ret67#1 <= 2147483647;~tmp~13#1 := #t~ret67#1;havoc #t~ret67#1;~receiver~0#1 := ~tmp~13#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~24#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~24#1; {278#false} is VALID [2022-02-20 18:00:24,418 INFO L290 TraceCheckUtils]: 64: Hoare triple {278#false} assume 1 == findPublicKey_~handle#1; {278#false} is VALID [2022-02-20 18:00:24,418 INFO L290 TraceCheckUtils]: 65: Hoare triple {278#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~24#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~24#1; {278#false} is VALID [2022-02-20 18:00:24,418 INFO L290 TraceCheckUtils]: 66: Hoare triple {278#false} #t~ret68#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret68#1 && #t~ret68#1 <= 2147483647;~tmp___0~4#1 := #t~ret68#1;havoc #t~ret68#1;~pubkey~0#1 := ~tmp___0~4#1; {278#false} is VALID [2022-02-20 18:00:24,419 INFO L290 TraceCheckUtils]: 67: Hoare triple {278#false} assume !(0 != ~pubkey~0#1); {278#false} is VALID [2022-02-20 18:00:24,419 INFO L290 TraceCheckUtils]: 68: Hoare triple {278#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret66#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~12#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {278#false} is VALID [2022-02-20 18:00:24,419 INFO L290 TraceCheckUtils]: 69: Hoare triple {278#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {278#false} is VALID [2022-02-20 18:00:24,419 INFO L290 TraceCheckUtils]: 70: Hoare triple {278#false} outgoing__wrappee__Keys_#t~ret66#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret66#1 && outgoing__wrappee__Keys_#t~ret66#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~12#1 := outgoing__wrappee__Keys_#t~ret66#1;havoc outgoing__wrappee__Keys_#t~ret66#1; {278#false} is VALID [2022-02-20 18:00:24,420 INFO L272 TraceCheckUtils]: 71: Hoare triple {278#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1); {340#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:24,420 INFO L290 TraceCheckUtils]: 72: Hoare triple {340#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {277#true} is VALID [2022-02-20 18:00:24,420 INFO L290 TraceCheckUtils]: 73: Hoare triple {277#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {277#true} is VALID [2022-02-20 18:00:24,420 INFO L290 TraceCheckUtils]: 74: Hoare triple {277#true} assume true; {277#true} is VALID [2022-02-20 18:00:24,420 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {277#true} {278#false} #793#return; {278#false} is VALID [2022-02-20 18:00:24,421 INFO L290 TraceCheckUtils]: 76: Hoare triple {278#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret64#1, mail_#t~ret65#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~11#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~11#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 := puts(33, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1; {278#false} is VALID [2022-02-20 18:00:24,421 INFO L272 TraceCheckUtils]: 77: Hoare triple {278#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {277#true} is VALID [2022-02-20 18:00:24,421 INFO L290 TraceCheckUtils]: 78: Hoare triple {277#true} ~handle := #in~handle;havoc ~retValue_acc~33; {277#true} is VALID [2022-02-20 18:00:24,421 INFO L290 TraceCheckUtils]: 79: Hoare triple {277#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~33; {277#true} is VALID [2022-02-20 18:00:24,422 INFO L290 TraceCheckUtils]: 80: Hoare triple {277#true} assume true; {277#true} is VALID [2022-02-20 18:00:24,422 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {277#true} {278#false} #795#return; {278#false} is VALID [2022-02-20 18:00:24,422 INFO L290 TraceCheckUtils]: 82: Hoare triple {278#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset := 34, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1; {278#false} is VALID [2022-02-20 18:00:24,422 INFO L290 TraceCheckUtils]: 83: Hoare triple {278#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret64#1 := puts(30, 0);assume -2147483648 <= mail_#t~ret64#1 && mail_#t~ret64#1 <= 2147483647;havoc mail_#t~ret64#1; {278#false} is VALID [2022-02-20 18:00:24,422 INFO L272 TraceCheckUtils]: 84: Hoare triple {278#false} call mail_#t~ret65#1 := getEmailTo(mail_~msg#1); {277#true} is VALID [2022-02-20 18:00:24,423 INFO L290 TraceCheckUtils]: 85: Hoare triple {277#true} ~handle := #in~handle;havoc ~retValue_acc~30; {277#true} is VALID [2022-02-20 18:00:24,423 INFO L290 TraceCheckUtils]: 86: Hoare triple {277#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {277#true} is VALID [2022-02-20 18:00:24,423 INFO L290 TraceCheckUtils]: 87: Hoare triple {277#true} assume true; {277#true} is VALID [2022-02-20 18:00:24,423 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {277#true} {278#false} #797#return; {278#false} is VALID [2022-02-20 18:00:24,424 INFO L290 TraceCheckUtils]: 89: Hoare triple {278#false} assume -2147483648 <= mail_#t~ret65#1 && mail_#t~ret65#1 <= 2147483647;mail_~tmp~11#1 := mail_#t~ret65#1;havoc mail_#t~ret65#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~11#1, mail_~msg#1;havoc incoming_#t~ret70#1, incoming_#t~ret71#1, incoming_#t~ret72#1, incoming_#t~ret73#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~14#1, incoming_~tmp___0~5#1, incoming_~tmp___1~2#1, incoming_~tmp___2~1#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~14#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~2#1;havoc incoming_~tmp___2~1#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 := puts(35, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset := 36, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1; {278#false} is VALID [2022-02-20 18:00:24,424 INFO L290 TraceCheckUtils]: 90: Hoare triple {278#false} assume 1 == ~sent_encrypted~0; {278#false} is VALID [2022-02-20 18:00:24,424 INFO L272 TraceCheckUtils]: 91: Hoare triple {278#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {277#true} is VALID [2022-02-20 18:00:24,424 INFO L290 TraceCheckUtils]: 92: Hoare triple {277#true} ~handle := #in~handle;havoc ~retValue_acc~19; {277#true} is VALID [2022-02-20 18:00:24,425 INFO L290 TraceCheckUtils]: 93: Hoare triple {277#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {277#true} is VALID [2022-02-20 18:00:24,425 INFO L290 TraceCheckUtils]: 94: Hoare triple {277#true} assume true; {277#true} is VALID [2022-02-20 18:00:24,425 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {277#true} {278#false} #799#return; {278#false} is VALID [2022-02-20 18:00:24,425 INFO L290 TraceCheckUtils]: 96: Hoare triple {278#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~17#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1; {278#false} is VALID [2022-02-20 18:00:24,425 INFO L272 TraceCheckUtils]: 97: Hoare triple {278#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {277#true} is VALID [2022-02-20 18:00:24,426 INFO L290 TraceCheckUtils]: 98: Hoare triple {277#true} ~handle := #in~handle;havoc ~retValue_acc~34; {277#true} is VALID [2022-02-20 18:00:24,426 INFO L290 TraceCheckUtils]: 99: Hoare triple {277#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~34; {277#true} is VALID [2022-02-20 18:00:24,426 INFO L290 TraceCheckUtils]: 100: Hoare triple {277#true} assume true; {277#true} is VALID [2022-02-20 18:00:24,426 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {277#true} {278#false} #801#return; {278#false} is VALID [2022-02-20 18:00:24,426 INFO L290 TraceCheckUtils]: 102: Hoare triple {278#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1; {278#false} is VALID [2022-02-20 18:00:24,427 INFO L272 TraceCheckUtils]: 103: Hoare triple {278#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1); {277#true} is VALID [2022-02-20 18:00:24,427 INFO L290 TraceCheckUtils]: 104: Hoare triple {277#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~42;havoc ~__cil_tmp4~4.base, ~__cil_tmp4~4.offset;~__cil_tmp4~4.base, ~__cil_tmp4~4.offset := 32, 0;havoc #t~nondet76; {277#true} is VALID [2022-02-20 18:00:24,427 INFO L290 TraceCheckUtils]: 105: Hoare triple {277#true} assume 0 == ~publicKey;~retValue_acc~42 := 0;#res := ~retValue_acc~42; {277#true} is VALID [2022-02-20 18:00:24,427 INFO L290 TraceCheckUtils]: 106: Hoare triple {277#true} assume true; {277#true} is VALID [2022-02-20 18:00:24,427 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {277#true} {278#false} #803#return; {278#false} is VALID [2022-02-20 18:00:24,428 INFO L290 TraceCheckUtils]: 108: Hoare triple {278#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1; {278#false} is VALID [2022-02-20 18:00:24,428 INFO L290 TraceCheckUtils]: 109: Hoare triple {278#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1);assume { :begin_inline___automaton_fail } true; {278#false} is VALID [2022-02-20 18:00:24,428 INFO L290 TraceCheckUtils]: 110: Hoare triple {278#false} assume !false; {278#false} is VALID [2022-02-20 18:00:24,429 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 26 trivial. 0 not checked. [2022-02-20 18:00:24,429 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:00:24,430 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1145623787] [2022-02-20 18:00:24,430 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1145623787] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:00:24,430 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [554480395] [2022-02-20 18:00:24,431 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:24,431 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:00:24,431 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:00:24,447 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:00:24,492 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 18:00:24,689 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:24,694 INFO L263 TraceCheckSpWp]: Trace formula consists of 1025 conjuncts, 1 conjunts are in the unsatisfiable core [2022-02-20 18:00:24,746 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:24,752 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:00:24,964 INFO L290 TraceCheckUtils]: 0: Hoare triple {277#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(21, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(44, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(11, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(100, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(20, 32);call #Ultimate.allocInit(13, 33);call #Ultimate.allocInit(19, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(19, 36);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(115, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_encrypted~0 := -1; {277#true} is VALID [2022-02-20 18:00:24,964 INFO L290 TraceCheckUtils]: 1: Hoare triple {277#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~9#1, main_~tmp~7#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {277#true} is VALID [2022-02-20 18:00:24,965 INFO L290 TraceCheckUtils]: 2: Hoare triple {277#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {277#true} is VALID [2022-02-20 18:00:24,965 INFO L290 TraceCheckUtils]: 3: Hoare triple {277#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {277#true} is VALID [2022-02-20 18:00:24,965 INFO L290 TraceCheckUtils]: 4: Hoare triple {277#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {277#true} is VALID [2022-02-20 18:00:24,965 INFO L290 TraceCheckUtils]: 5: Hoare triple {277#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {277#true} is VALID [2022-02-20 18:00:24,965 INFO L272 TraceCheckUtils]: 6: Hoare triple {277#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {277#true} is VALID [2022-02-20 18:00:24,965 INFO L290 TraceCheckUtils]: 7: Hoare triple {277#true} ~handle := #in~handle;~value := #in~value; {277#true} is VALID [2022-02-20 18:00:24,966 INFO L290 TraceCheckUtils]: 8: Hoare triple {277#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {277#true} is VALID [2022-02-20 18:00:24,966 INFO L290 TraceCheckUtils]: 9: Hoare triple {277#true} assume true; {277#true} is VALID [2022-02-20 18:00:24,966 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {277#true} {277#true} #829#return; {277#true} is VALID [2022-02-20 18:00:24,966 INFO L290 TraceCheckUtils]: 11: Hoare triple {277#true} assume { :end_inline_setup_bob__wrappee__Base } true; {277#true} is VALID [2022-02-20 18:00:24,966 INFO L272 TraceCheckUtils]: 12: Hoare triple {277#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {277#true} is VALID [2022-02-20 18:00:24,966 INFO L290 TraceCheckUtils]: 13: Hoare triple {277#true} ~handle := #in~handle;~value := #in~value; {277#true} is VALID [2022-02-20 18:00:24,967 INFO L290 TraceCheckUtils]: 14: Hoare triple {277#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {277#true} is VALID [2022-02-20 18:00:24,967 INFO L290 TraceCheckUtils]: 15: Hoare triple {277#true} assume true; {277#true} is VALID [2022-02-20 18:00:24,967 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {277#true} {277#true} #831#return; {277#true} is VALID [2022-02-20 18:00:24,967 INFO L290 TraceCheckUtils]: 17: Hoare triple {277#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 24, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {277#true} is VALID [2022-02-20 18:00:24,967 INFO L272 TraceCheckUtils]: 18: Hoare triple {277#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {277#true} is VALID [2022-02-20 18:00:24,967 INFO L290 TraceCheckUtils]: 19: Hoare triple {277#true} ~handle := #in~handle;~value := #in~value; {277#true} is VALID [2022-02-20 18:00:24,968 INFO L290 TraceCheckUtils]: 20: Hoare triple {277#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {277#true} is VALID [2022-02-20 18:00:24,968 INFO L290 TraceCheckUtils]: 21: Hoare triple {277#true} assume true; {277#true} is VALID [2022-02-20 18:00:24,968 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {277#true} {277#true} #833#return; {277#true} is VALID [2022-02-20 18:00:24,968 INFO L290 TraceCheckUtils]: 23: Hoare triple {277#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {277#true} is VALID [2022-02-20 18:00:24,968 INFO L272 TraceCheckUtils]: 24: Hoare triple {277#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {277#true} is VALID [2022-02-20 18:00:24,968 INFO L290 TraceCheckUtils]: 25: Hoare triple {277#true} ~handle := #in~handle;~value := #in~value; {277#true} is VALID [2022-02-20 18:00:24,969 INFO L290 TraceCheckUtils]: 26: Hoare triple {277#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {277#true} is VALID [2022-02-20 18:00:24,969 INFO L290 TraceCheckUtils]: 27: Hoare triple {277#true} assume true; {277#true} is VALID [2022-02-20 18:00:24,969 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {277#true} {277#true} #835#return; {277#true} is VALID [2022-02-20 18:00:24,969 INFO L290 TraceCheckUtils]: 29: Hoare triple {277#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 25, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {277#true} is VALID [2022-02-20 18:00:24,969 INFO L272 TraceCheckUtils]: 30: Hoare triple {277#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {277#true} is VALID [2022-02-20 18:00:24,969 INFO L290 TraceCheckUtils]: 31: Hoare triple {277#true} ~handle := #in~handle;~value := #in~value; {277#true} is VALID [2022-02-20 18:00:24,970 INFO L290 TraceCheckUtils]: 32: Hoare triple {277#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {277#true} is VALID [2022-02-20 18:00:24,970 INFO L290 TraceCheckUtils]: 33: Hoare triple {277#true} assume true; {277#true} is VALID [2022-02-20 18:00:24,970 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {277#true} {277#true} #837#return; {277#true} is VALID [2022-02-20 18:00:24,970 INFO L290 TraceCheckUtils]: 35: Hoare triple {277#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {277#true} is VALID [2022-02-20 18:00:24,970 INFO L272 TraceCheckUtils]: 36: Hoare triple {277#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {277#true} is VALID [2022-02-20 18:00:24,970 INFO L290 TraceCheckUtils]: 37: Hoare triple {277#true} ~handle := #in~handle;~value := #in~value; {277#true} is VALID [2022-02-20 18:00:24,971 INFO L290 TraceCheckUtils]: 38: Hoare triple {277#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {277#true} is VALID [2022-02-20 18:00:24,971 INFO L290 TraceCheckUtils]: 39: Hoare triple {277#true} assume true; {277#true} is VALID [2022-02-20 18:00:24,971 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {277#true} {277#true} #839#return; {277#true} is VALID [2022-02-20 18:00:24,971 INFO L290 TraceCheckUtils]: 41: Hoare triple {277#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 26, 0;havoc setup_#t~nondet49#1; {277#true} is VALID [2022-02-20 18:00:24,971 INFO L290 TraceCheckUtils]: 42: Hoare triple {277#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {277#true} is VALID [2022-02-20 18:00:24,972 INFO L290 TraceCheckUtils]: 43: Hoare triple {277#true} assume !true; {278#false} is VALID [2022-02-20 18:00:24,972 INFO L290 TraceCheckUtils]: 44: Hoare triple {278#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret42#1 := puts(22, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {278#false} is VALID [2022-02-20 18:00:24,972 INFO L272 TraceCheckUtils]: 45: Hoare triple {278#false} call sendEmail(~bob~0, ~rjh~0); {278#false} is VALID [2022-02-20 18:00:24,972 INFO L290 TraceCheckUtils]: 46: Hoare triple {278#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~5#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~5#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {278#false} is VALID [2022-02-20 18:00:24,972 INFO L272 TraceCheckUtils]: 47: Hoare triple {278#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {278#false} is VALID [2022-02-20 18:00:24,973 INFO L290 TraceCheckUtils]: 48: Hoare triple {278#false} ~handle := #in~handle;~value := #in~value; {278#false} is VALID [2022-02-20 18:00:24,973 INFO L290 TraceCheckUtils]: 49: Hoare triple {278#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {278#false} is VALID [2022-02-20 18:00:24,973 INFO L290 TraceCheckUtils]: 50: Hoare triple {278#false} assume true; {278#false} is VALID [2022-02-20 18:00:24,973 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {278#false} {278#false} #825#return; {278#false} is VALID [2022-02-20 18:00:24,973 INFO L290 TraceCheckUtils]: 52: Hoare triple {278#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {278#false} is VALID [2022-02-20 18:00:24,973 INFO L290 TraceCheckUtils]: 53: Hoare triple {278#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {278#false} is VALID [2022-02-20 18:00:24,974 INFO L290 TraceCheckUtils]: 54: Hoare triple {278#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~5#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~5#1; {278#false} is VALID [2022-02-20 18:00:24,974 INFO L290 TraceCheckUtils]: 55: Hoare triple {278#false} #t~ret75#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret75#1 && #t~ret75#1 <= 2147483647;~tmp~16#1 := #t~ret75#1;havoc #t~ret75#1;~email~0#1 := ~tmp~16#1; {278#false} is VALID [2022-02-20 18:00:24,974 INFO L272 TraceCheckUtils]: 56: Hoare triple {278#false} call outgoing(~sender#1, ~email~0#1); {278#false} is VALID [2022-02-20 18:00:24,974 INFO L290 TraceCheckUtils]: 57: Hoare triple {278#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~13#1;havoc ~pubkey~0#1;havoc ~tmp___0~4#1; {278#false} is VALID [2022-02-20 18:00:24,974 INFO L272 TraceCheckUtils]: 58: Hoare triple {278#false} call #t~ret67#1 := getEmailTo(~msg#1); {278#false} is VALID [2022-02-20 18:00:24,974 INFO L290 TraceCheckUtils]: 59: Hoare triple {278#false} ~handle := #in~handle;havoc ~retValue_acc~30; {278#false} is VALID [2022-02-20 18:00:24,975 INFO L290 TraceCheckUtils]: 60: Hoare triple {278#false} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {278#false} is VALID [2022-02-20 18:00:24,975 INFO L290 TraceCheckUtils]: 61: Hoare triple {278#false} assume true; {278#false} is VALID [2022-02-20 18:00:24,975 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {278#false} {278#false} #787#return; {278#false} is VALID [2022-02-20 18:00:24,975 INFO L290 TraceCheckUtils]: 63: Hoare triple {278#false} assume -2147483648 <= #t~ret67#1 && #t~ret67#1 <= 2147483647;~tmp~13#1 := #t~ret67#1;havoc #t~ret67#1;~receiver~0#1 := ~tmp~13#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~24#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~24#1; {278#false} is VALID [2022-02-20 18:00:24,975 INFO L290 TraceCheckUtils]: 64: Hoare triple {278#false} assume 1 == findPublicKey_~handle#1; {278#false} is VALID [2022-02-20 18:00:24,975 INFO L290 TraceCheckUtils]: 65: Hoare triple {278#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~24#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~24#1; {278#false} is VALID [2022-02-20 18:00:24,976 INFO L290 TraceCheckUtils]: 66: Hoare triple {278#false} #t~ret68#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret68#1 && #t~ret68#1 <= 2147483647;~tmp___0~4#1 := #t~ret68#1;havoc #t~ret68#1;~pubkey~0#1 := ~tmp___0~4#1; {278#false} is VALID [2022-02-20 18:00:24,976 INFO L290 TraceCheckUtils]: 67: Hoare triple {278#false} assume !(0 != ~pubkey~0#1); {278#false} is VALID [2022-02-20 18:00:24,976 INFO L290 TraceCheckUtils]: 68: Hoare triple {278#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret66#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~12#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {278#false} is VALID [2022-02-20 18:00:24,976 INFO L290 TraceCheckUtils]: 69: Hoare triple {278#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {278#false} is VALID [2022-02-20 18:00:24,976 INFO L290 TraceCheckUtils]: 70: Hoare triple {278#false} outgoing__wrappee__Keys_#t~ret66#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret66#1 && outgoing__wrappee__Keys_#t~ret66#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~12#1 := outgoing__wrappee__Keys_#t~ret66#1;havoc outgoing__wrappee__Keys_#t~ret66#1; {278#false} is VALID [2022-02-20 18:00:24,976 INFO L272 TraceCheckUtils]: 71: Hoare triple {278#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1); {278#false} is VALID [2022-02-20 18:00:24,977 INFO L290 TraceCheckUtils]: 72: Hoare triple {278#false} ~handle := #in~handle;~value := #in~value; {278#false} is VALID [2022-02-20 18:00:24,977 INFO L290 TraceCheckUtils]: 73: Hoare triple {278#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {278#false} is VALID [2022-02-20 18:00:24,977 INFO L290 TraceCheckUtils]: 74: Hoare triple {278#false} assume true; {278#false} is VALID [2022-02-20 18:00:24,977 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {278#false} {278#false} #793#return; {278#false} is VALID [2022-02-20 18:00:24,977 INFO L290 TraceCheckUtils]: 76: Hoare triple {278#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret64#1, mail_#t~ret65#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~11#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~11#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 := puts(33, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1; {278#false} is VALID [2022-02-20 18:00:24,977 INFO L272 TraceCheckUtils]: 77: Hoare triple {278#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {278#false} is VALID [2022-02-20 18:00:24,977 INFO L290 TraceCheckUtils]: 78: Hoare triple {278#false} ~handle := #in~handle;havoc ~retValue_acc~33; {278#false} is VALID [2022-02-20 18:00:24,978 INFO L290 TraceCheckUtils]: 79: Hoare triple {278#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~33; {278#false} is VALID [2022-02-20 18:00:24,978 INFO L290 TraceCheckUtils]: 80: Hoare triple {278#false} assume true; {278#false} is VALID [2022-02-20 18:00:24,978 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {278#false} {278#false} #795#return; {278#false} is VALID [2022-02-20 18:00:24,978 INFO L290 TraceCheckUtils]: 82: Hoare triple {278#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset := 34, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1; {278#false} is VALID [2022-02-20 18:00:24,978 INFO L290 TraceCheckUtils]: 83: Hoare triple {278#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret64#1 := puts(30, 0);assume -2147483648 <= mail_#t~ret64#1 && mail_#t~ret64#1 <= 2147483647;havoc mail_#t~ret64#1; {278#false} is VALID [2022-02-20 18:00:24,978 INFO L272 TraceCheckUtils]: 84: Hoare triple {278#false} call mail_#t~ret65#1 := getEmailTo(mail_~msg#1); {278#false} is VALID [2022-02-20 18:00:24,979 INFO L290 TraceCheckUtils]: 85: Hoare triple {278#false} ~handle := #in~handle;havoc ~retValue_acc~30; {278#false} is VALID [2022-02-20 18:00:24,979 INFO L290 TraceCheckUtils]: 86: Hoare triple {278#false} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {278#false} is VALID [2022-02-20 18:00:24,979 INFO L290 TraceCheckUtils]: 87: Hoare triple {278#false} assume true; {278#false} is VALID [2022-02-20 18:00:24,979 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {278#false} {278#false} #797#return; {278#false} is VALID [2022-02-20 18:00:24,979 INFO L290 TraceCheckUtils]: 89: Hoare triple {278#false} assume -2147483648 <= mail_#t~ret65#1 && mail_#t~ret65#1 <= 2147483647;mail_~tmp~11#1 := mail_#t~ret65#1;havoc mail_#t~ret65#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~11#1, mail_~msg#1;havoc incoming_#t~ret70#1, incoming_#t~ret71#1, incoming_#t~ret72#1, incoming_#t~ret73#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~14#1, incoming_~tmp___0~5#1, incoming_~tmp___1~2#1, incoming_~tmp___2~1#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~14#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~2#1;havoc incoming_~tmp___2~1#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 := puts(35, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset := 36, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1; {278#false} is VALID [2022-02-20 18:00:24,979 INFO L290 TraceCheckUtils]: 90: Hoare triple {278#false} assume 1 == ~sent_encrypted~0; {278#false} is VALID [2022-02-20 18:00:24,980 INFO L272 TraceCheckUtils]: 91: Hoare triple {278#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {278#false} is VALID [2022-02-20 18:00:24,980 INFO L290 TraceCheckUtils]: 92: Hoare triple {278#false} ~handle := #in~handle;havoc ~retValue_acc~19; {278#false} is VALID [2022-02-20 18:00:24,980 INFO L290 TraceCheckUtils]: 93: Hoare triple {278#false} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {278#false} is VALID [2022-02-20 18:00:24,980 INFO L290 TraceCheckUtils]: 94: Hoare triple {278#false} assume true; {278#false} is VALID [2022-02-20 18:00:24,980 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {278#false} {278#false} #799#return; {278#false} is VALID [2022-02-20 18:00:24,980 INFO L290 TraceCheckUtils]: 96: Hoare triple {278#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~17#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1; {278#false} is VALID [2022-02-20 18:00:24,981 INFO L272 TraceCheckUtils]: 97: Hoare triple {278#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {278#false} is VALID [2022-02-20 18:00:24,981 INFO L290 TraceCheckUtils]: 98: Hoare triple {278#false} ~handle := #in~handle;havoc ~retValue_acc~34; {278#false} is VALID [2022-02-20 18:00:24,981 INFO L290 TraceCheckUtils]: 99: Hoare triple {278#false} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~34; {278#false} is VALID [2022-02-20 18:00:24,981 INFO L290 TraceCheckUtils]: 100: Hoare triple {278#false} assume true; {278#false} is VALID [2022-02-20 18:00:24,981 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {278#false} {278#false} #801#return; {278#false} is VALID [2022-02-20 18:00:24,981 INFO L290 TraceCheckUtils]: 102: Hoare triple {278#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1; {278#false} is VALID [2022-02-20 18:00:24,982 INFO L272 TraceCheckUtils]: 103: Hoare triple {278#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1); {278#false} is VALID [2022-02-20 18:00:24,982 INFO L290 TraceCheckUtils]: 104: Hoare triple {278#false} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~42;havoc ~__cil_tmp4~4.base, ~__cil_tmp4~4.offset;~__cil_tmp4~4.base, ~__cil_tmp4~4.offset := 32, 0;havoc #t~nondet76; {278#false} is VALID [2022-02-20 18:00:24,982 INFO L290 TraceCheckUtils]: 105: Hoare triple {278#false} assume 0 == ~publicKey;~retValue_acc~42 := 0;#res := ~retValue_acc~42; {278#false} is VALID [2022-02-20 18:00:24,982 INFO L290 TraceCheckUtils]: 106: Hoare triple {278#false} assume true; {278#false} is VALID [2022-02-20 18:00:24,982 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {278#false} {278#false} #803#return; {278#false} is VALID [2022-02-20 18:00:24,982 INFO L290 TraceCheckUtils]: 108: Hoare triple {278#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1; {278#false} is VALID [2022-02-20 18:00:24,983 INFO L290 TraceCheckUtils]: 109: Hoare triple {278#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1);assume { :begin_inline___automaton_fail } true; {278#false} is VALID [2022-02-20 18:00:24,983 INFO L290 TraceCheckUtils]: 110: Hoare triple {278#false} assume !false; {278#false} is VALID [2022-02-20 18:00:24,983 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 32 trivial. 0 not checked. [2022-02-20 18:00:24,983 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:00:24,984 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [554480395] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:00:24,984 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:00:24,984 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [8] total 8 [2022-02-20 18:00:24,985 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1709303547] [2022-02-20 18:00:24,986 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:00:24,989 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 31.5) internal successors, (63), 2 states have internal predecessors, (63), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) Word has length 111 [2022-02-20 18:00:24,991 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:00:24,993 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 31.5) internal successors, (63), 2 states have internal predecessors, (63), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:00:25,062 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 93 edges. 93 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:25,063 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 18:00:25,063 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:00:25,075 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 18:00:25,076 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:00:25,079 INFO L87 Difference]: Start difference. First operand has 274 states, 212 states have (on average 1.5377358490566038) internal successors, (326), 216 states have internal predecessors, (326), 43 states have call successors, (43), 17 states have call predecessors, (43), 17 states have return successors, (43), 43 states have call predecessors, (43), 43 states have call successors, (43) Second operand has 2 states, 2 states have (on average 31.5) internal successors, (63), 2 states have internal predecessors, (63), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:00:25,296 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:25,296 INFO L93 Difference]: Finished difference Result 399 states and 586 transitions. [2022-02-20 18:00:25,297 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 18:00:25,297 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 31.5) internal successors, (63), 2 states have internal predecessors, (63), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) Word has length 111 [2022-02-20 18:00:25,297 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:00:25,298 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 31.5) internal successors, (63), 2 states have internal predecessors, (63), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:00:25,310 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 586 transitions. [2022-02-20 18:00:25,311 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 31.5) internal successors, (63), 2 states have internal predecessors, (63), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:00:25,323 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 586 transitions. [2022-02-20 18:00:25,323 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 586 transitions. [2022-02-20 18:00:25,732 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 586 edges. 586 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:25,756 INFO L225 Difference]: With dead ends: 399 [2022-02-20 18:00:25,757 INFO L226 Difference]: Without dead ends: 267 [2022-02-20 18:00:25,762 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 142 GetRequests, 136 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:00:25,766 INFO L933 BasicCegarLoop]: 408 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 408 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:00:25,767 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 408 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:00:25,780 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 267 states. [2022-02-20 18:00:25,811 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 267 to 267. [2022-02-20 18:00:25,811 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:00:25,813 INFO L82 GeneralOperation]: Start isEquivalent. First operand 267 states. Second operand has 267 states, 206 states have (on average 1.529126213592233) internal successors, (315), 209 states have internal predecessors, (315), 43 states have call successors, (43), 17 states have call predecessors, (43), 17 states have return successors, (42), 42 states have call predecessors, (42), 42 states have call successors, (42) [2022-02-20 18:00:25,814 INFO L74 IsIncluded]: Start isIncluded. First operand 267 states. Second operand has 267 states, 206 states have (on average 1.529126213592233) internal successors, (315), 209 states have internal predecessors, (315), 43 states have call successors, (43), 17 states have call predecessors, (43), 17 states have return successors, (42), 42 states have call predecessors, (42), 42 states have call successors, (42) [2022-02-20 18:00:25,815 INFO L87 Difference]: Start difference. First operand 267 states. Second operand has 267 states, 206 states have (on average 1.529126213592233) internal successors, (315), 209 states have internal predecessors, (315), 43 states have call successors, (43), 17 states have call predecessors, (43), 17 states have return successors, (42), 42 states have call predecessors, (42), 42 states have call successors, (42) [2022-02-20 18:00:25,827 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:25,827 INFO L93 Difference]: Finished difference Result 267 states and 400 transitions. [2022-02-20 18:00:25,827 INFO L276 IsEmpty]: Start isEmpty. Operand 267 states and 400 transitions. [2022-02-20 18:00:25,829 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:25,829 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:25,830 INFO L74 IsIncluded]: Start isIncluded. First operand has 267 states, 206 states have (on average 1.529126213592233) internal successors, (315), 209 states have internal predecessors, (315), 43 states have call successors, (43), 17 states have call predecessors, (43), 17 states have return successors, (42), 42 states have call predecessors, (42), 42 states have call successors, (42) Second operand 267 states. [2022-02-20 18:00:25,831 INFO L87 Difference]: Start difference. First operand has 267 states, 206 states have (on average 1.529126213592233) internal successors, (315), 209 states have internal predecessors, (315), 43 states have call successors, (43), 17 states have call predecessors, (43), 17 states have return successors, (42), 42 states have call predecessors, (42), 42 states have call successors, (42) Second operand 267 states. [2022-02-20 18:00:25,841 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:25,841 INFO L93 Difference]: Finished difference Result 267 states and 400 transitions. [2022-02-20 18:00:25,841 INFO L276 IsEmpty]: Start isEmpty. Operand 267 states and 400 transitions. [2022-02-20 18:00:25,842 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:25,842 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:25,842 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:00:25,842 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:00:25,843 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 267 states, 206 states have (on average 1.529126213592233) internal successors, (315), 209 states have internal predecessors, (315), 43 states have call successors, (43), 17 states have call predecessors, (43), 17 states have return successors, (42), 42 states have call predecessors, (42), 42 states have call successors, (42) [2022-02-20 18:00:25,853 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 267 states to 267 states and 400 transitions. [2022-02-20 18:00:25,854 INFO L78 Accepts]: Start accepts. Automaton has 267 states and 400 transitions. Word has length 111 [2022-02-20 18:00:25,854 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:00:25,854 INFO L470 AbstractCegarLoop]: Abstraction has 267 states and 400 transitions. [2022-02-20 18:00:25,855 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 31.5) internal successors, (63), 2 states have internal predecessors, (63), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:00:25,855 INFO L276 IsEmpty]: Start isEmpty. Operand 267 states and 400 transitions. [2022-02-20 18:00:25,856 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 113 [2022-02-20 18:00:25,856 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:00:25,857 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:00:25,888 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-02-20 18:00:26,072 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable0 [2022-02-20 18:00:26,072 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:00:26,073 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:00:26,073 INFO L85 PathProgramCache]: Analyzing trace with hash -347138604, now seen corresponding path program 1 times [2022-02-20 18:00:26,073 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:00:26,073 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1174964549] [2022-02-20 18:00:26,073 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:26,073 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:00:26,149 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:26,232 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:00:26,234 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:26,236 INFO L290 TraceCheckUtils]: 0: Hoare triple {2193#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2134#true} is VALID [2022-02-20 18:00:26,236 INFO L290 TraceCheckUtils]: 1: Hoare triple {2134#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2134#true} is VALID [2022-02-20 18:00:26,236 INFO L290 TraceCheckUtils]: 2: Hoare triple {2134#true} assume true; {2134#true} is VALID [2022-02-20 18:00:26,236 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2134#true} {2134#true} #829#return; {2134#true} is VALID [2022-02-20 18:00:26,241 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:00:26,243 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:26,260 INFO L290 TraceCheckUtils]: 0: Hoare triple {2194#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2134#true} is VALID [2022-02-20 18:00:26,260 INFO L290 TraceCheckUtils]: 1: Hoare triple {2134#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2134#true} is VALID [2022-02-20 18:00:26,260 INFO L290 TraceCheckUtils]: 2: Hoare triple {2134#true} assume true; {2134#true} is VALID [2022-02-20 18:00:26,260 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2134#true} {2134#true} #831#return; {2134#true} is VALID [2022-02-20 18:00:26,260 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:00:26,262 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:26,283 INFO L290 TraceCheckUtils]: 0: Hoare triple {2193#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2195#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:26,284 INFO L290 TraceCheckUtils]: 1: Hoare triple {2195#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2196#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:26,284 INFO L290 TraceCheckUtils]: 2: Hoare triple {2196#(= |setClientId_#in~handle| 1)} assume true; {2196#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:26,285 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2196#(= |setClientId_#in~handle| 1)} {2144#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #833#return; {2135#false} is VALID [2022-02-20 18:00:26,285 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:00:26,287 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:26,289 INFO L290 TraceCheckUtils]: 0: Hoare triple {2194#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2134#true} is VALID [2022-02-20 18:00:26,289 INFO L290 TraceCheckUtils]: 1: Hoare triple {2134#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2134#true} is VALID [2022-02-20 18:00:26,289 INFO L290 TraceCheckUtils]: 2: Hoare triple {2134#true} assume true; {2134#true} is VALID [2022-02-20 18:00:26,289 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2134#true} {2135#false} #835#return; {2135#false} is VALID [2022-02-20 18:00:26,289 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:00:26,291 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:26,293 INFO L290 TraceCheckUtils]: 0: Hoare triple {2193#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2134#true} is VALID [2022-02-20 18:00:26,293 INFO L290 TraceCheckUtils]: 1: Hoare triple {2134#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2134#true} is VALID [2022-02-20 18:00:26,293 INFO L290 TraceCheckUtils]: 2: Hoare triple {2134#true} assume true; {2134#true} is VALID [2022-02-20 18:00:26,293 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2134#true} {2135#false} #837#return; {2135#false} is VALID [2022-02-20 18:00:26,294 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:00:26,295 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:26,308 INFO L290 TraceCheckUtils]: 0: Hoare triple {2194#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2134#true} is VALID [2022-02-20 18:00:26,308 INFO L290 TraceCheckUtils]: 1: Hoare triple {2134#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2134#true} is VALID [2022-02-20 18:00:26,308 INFO L290 TraceCheckUtils]: 2: Hoare triple {2134#true} assume true; {2134#true} is VALID [2022-02-20 18:00:26,308 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2134#true} {2135#false} #839#return; {2135#false} is VALID [2022-02-20 18:00:26,322 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-02-20 18:00:26,323 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:26,325 INFO L290 TraceCheckUtils]: 0: Hoare triple {2197#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2134#true} is VALID [2022-02-20 18:00:26,325 INFO L290 TraceCheckUtils]: 1: Hoare triple {2134#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2134#true} is VALID [2022-02-20 18:00:26,325 INFO L290 TraceCheckUtils]: 2: Hoare triple {2134#true} assume true; {2134#true} is VALID [2022-02-20 18:00:26,325 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2134#true} {2135#false} #825#return; {2135#false} is VALID [2022-02-20 18:00:26,325 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 18:00:26,326 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:26,328 INFO L290 TraceCheckUtils]: 0: Hoare triple {2134#true} ~handle := #in~handle;havoc ~retValue_acc~30; {2134#true} is VALID [2022-02-20 18:00:26,328 INFO L290 TraceCheckUtils]: 1: Hoare triple {2134#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {2134#true} is VALID [2022-02-20 18:00:26,328 INFO L290 TraceCheckUtils]: 2: Hoare triple {2134#true} assume true; {2134#true} is VALID [2022-02-20 18:00:26,328 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2134#true} {2135#false} #787#return; {2135#false} is VALID [2022-02-20 18:00:26,328 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 18:00:26,329 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:26,330 INFO L290 TraceCheckUtils]: 0: Hoare triple {2197#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2134#true} is VALID [2022-02-20 18:00:26,330 INFO L290 TraceCheckUtils]: 1: Hoare triple {2134#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2134#true} is VALID [2022-02-20 18:00:26,330 INFO L290 TraceCheckUtils]: 2: Hoare triple {2134#true} assume true; {2134#true} is VALID [2022-02-20 18:00:26,330 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2134#true} {2135#false} #793#return; {2135#false} is VALID [2022-02-20 18:00:26,330 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 18:00:26,331 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:26,344 INFO L290 TraceCheckUtils]: 0: Hoare triple {2134#true} ~handle := #in~handle;havoc ~retValue_acc~33; {2134#true} is VALID [2022-02-20 18:00:26,344 INFO L290 TraceCheckUtils]: 1: Hoare triple {2134#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~33; {2134#true} is VALID [2022-02-20 18:00:26,344 INFO L290 TraceCheckUtils]: 2: Hoare triple {2134#true} assume true; {2134#true} is VALID [2022-02-20 18:00:26,344 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2134#true} {2135#false} #795#return; {2135#false} is VALID [2022-02-20 18:00:26,344 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 18:00:26,346 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:26,347 INFO L290 TraceCheckUtils]: 0: Hoare triple {2134#true} ~handle := #in~handle;havoc ~retValue_acc~30; {2134#true} is VALID [2022-02-20 18:00:26,348 INFO L290 TraceCheckUtils]: 1: Hoare triple {2134#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {2134#true} is VALID [2022-02-20 18:00:26,348 INFO L290 TraceCheckUtils]: 2: Hoare triple {2134#true} assume true; {2134#true} is VALID [2022-02-20 18:00:26,348 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2134#true} {2135#false} #797#return; {2135#false} is VALID [2022-02-20 18:00:26,348 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:00:26,348 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:26,350 INFO L290 TraceCheckUtils]: 0: Hoare triple {2134#true} ~handle := #in~handle;havoc ~retValue_acc~19; {2134#true} is VALID [2022-02-20 18:00:26,350 INFO L290 TraceCheckUtils]: 1: Hoare triple {2134#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {2134#true} is VALID [2022-02-20 18:00:26,350 INFO L290 TraceCheckUtils]: 2: Hoare triple {2134#true} assume true; {2134#true} is VALID [2022-02-20 18:00:26,350 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2134#true} {2135#false} #799#return; {2135#false} is VALID [2022-02-20 18:00:26,350 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 18:00:26,351 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:26,352 INFO L290 TraceCheckUtils]: 0: Hoare triple {2134#true} ~handle := #in~handle;havoc ~retValue_acc~34; {2134#true} is VALID [2022-02-20 18:00:26,352 INFO L290 TraceCheckUtils]: 1: Hoare triple {2134#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~34; {2134#true} is VALID [2022-02-20 18:00:26,352 INFO L290 TraceCheckUtils]: 2: Hoare triple {2134#true} assume true; {2134#true} is VALID [2022-02-20 18:00:26,352 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2134#true} {2135#false} #801#return; {2135#false} is VALID [2022-02-20 18:00:26,353 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 104 [2022-02-20 18:00:26,353 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:26,368 INFO L290 TraceCheckUtils]: 0: Hoare triple {2134#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~42;havoc ~__cil_tmp4~4.base, ~__cil_tmp4~4.offset;~__cil_tmp4~4.base, ~__cil_tmp4~4.offset := 32, 0;havoc #t~nondet76; {2134#true} is VALID [2022-02-20 18:00:26,368 INFO L290 TraceCheckUtils]: 1: Hoare triple {2134#true} assume 0 == ~publicKey;~retValue_acc~42 := 0;#res := ~retValue_acc~42; {2134#true} is VALID [2022-02-20 18:00:26,368 INFO L290 TraceCheckUtils]: 2: Hoare triple {2134#true} assume true; {2134#true} is VALID [2022-02-20 18:00:26,368 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2134#true} {2135#false} #803#return; {2135#false} is VALID [2022-02-20 18:00:26,368 INFO L290 TraceCheckUtils]: 0: Hoare triple {2134#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(21, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(44, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(11, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(100, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(20, 32);call #Ultimate.allocInit(13, 33);call #Ultimate.allocInit(19, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(19, 36);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(115, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_encrypted~0 := -1; {2134#true} is VALID [2022-02-20 18:00:26,369 INFO L290 TraceCheckUtils]: 1: Hoare triple {2134#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~9#1, main_~tmp~7#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {2134#true} is VALID [2022-02-20 18:00:26,369 INFO L290 TraceCheckUtils]: 2: Hoare triple {2134#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2134#true} is VALID [2022-02-20 18:00:26,369 INFO L290 TraceCheckUtils]: 3: Hoare triple {2134#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {2134#true} is VALID [2022-02-20 18:00:26,369 INFO L290 TraceCheckUtils]: 4: Hoare triple {2134#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {2134#true} is VALID [2022-02-20 18:00:26,369 INFO L290 TraceCheckUtils]: 5: Hoare triple {2134#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2134#true} is VALID [2022-02-20 18:00:26,369 INFO L272 TraceCheckUtils]: 6: Hoare triple {2134#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2193#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:26,370 INFO L290 TraceCheckUtils]: 7: Hoare triple {2193#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2134#true} is VALID [2022-02-20 18:00:26,370 INFO L290 TraceCheckUtils]: 8: Hoare triple {2134#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2134#true} is VALID [2022-02-20 18:00:26,370 INFO L290 TraceCheckUtils]: 9: Hoare triple {2134#true} assume true; {2134#true} is VALID [2022-02-20 18:00:26,370 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2134#true} {2134#true} #829#return; {2134#true} is VALID [2022-02-20 18:00:26,370 INFO L290 TraceCheckUtils]: 11: Hoare triple {2134#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2134#true} is VALID [2022-02-20 18:00:26,370 INFO L272 TraceCheckUtils]: 12: Hoare triple {2134#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2194#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:26,370 INFO L290 TraceCheckUtils]: 13: Hoare triple {2194#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2134#true} is VALID [2022-02-20 18:00:26,371 INFO L290 TraceCheckUtils]: 14: Hoare triple {2134#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2134#true} is VALID [2022-02-20 18:00:26,371 INFO L290 TraceCheckUtils]: 15: Hoare triple {2134#true} assume true; {2134#true} is VALID [2022-02-20 18:00:26,371 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2134#true} {2134#true} #831#return; {2134#true} is VALID [2022-02-20 18:00:26,371 INFO L290 TraceCheckUtils]: 17: Hoare triple {2134#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 24, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2144#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:00:26,372 INFO L272 TraceCheckUtils]: 18: Hoare triple {2144#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2193#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:26,372 INFO L290 TraceCheckUtils]: 19: Hoare triple {2193#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2195#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:26,372 INFO L290 TraceCheckUtils]: 20: Hoare triple {2195#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2196#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:26,373 INFO L290 TraceCheckUtils]: 21: Hoare triple {2196#(= |setClientId_#in~handle| 1)} assume true; {2196#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:26,373 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {2196#(= |setClientId_#in~handle| 1)} {2144#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #833#return; {2135#false} is VALID [2022-02-20 18:00:26,373 INFO L290 TraceCheckUtils]: 23: Hoare triple {2135#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {2135#false} is VALID [2022-02-20 18:00:26,373 INFO L272 TraceCheckUtils]: 24: Hoare triple {2135#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2194#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:26,373 INFO L290 TraceCheckUtils]: 25: Hoare triple {2194#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2134#true} is VALID [2022-02-20 18:00:26,374 INFO L290 TraceCheckUtils]: 26: Hoare triple {2134#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2134#true} is VALID [2022-02-20 18:00:26,374 INFO L290 TraceCheckUtils]: 27: Hoare triple {2134#true} assume true; {2134#true} is VALID [2022-02-20 18:00:26,374 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2134#true} {2135#false} #835#return; {2135#false} is VALID [2022-02-20 18:00:26,374 INFO L290 TraceCheckUtils]: 29: Hoare triple {2135#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 25, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2135#false} is VALID [2022-02-20 18:00:26,374 INFO L272 TraceCheckUtils]: 30: Hoare triple {2135#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2193#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:26,374 INFO L290 TraceCheckUtils]: 31: Hoare triple {2193#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2134#true} is VALID [2022-02-20 18:00:26,374 INFO L290 TraceCheckUtils]: 32: Hoare triple {2134#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2134#true} is VALID [2022-02-20 18:00:26,374 INFO L290 TraceCheckUtils]: 33: Hoare triple {2134#true} assume true; {2134#true} is VALID [2022-02-20 18:00:26,374 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {2134#true} {2135#false} #837#return; {2135#false} is VALID [2022-02-20 18:00:26,374 INFO L290 TraceCheckUtils]: 35: Hoare triple {2135#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {2135#false} is VALID [2022-02-20 18:00:26,374 INFO L272 TraceCheckUtils]: 36: Hoare triple {2135#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2194#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:26,374 INFO L290 TraceCheckUtils]: 37: Hoare triple {2194#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2134#true} is VALID [2022-02-20 18:00:26,374 INFO L290 TraceCheckUtils]: 38: Hoare triple {2134#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2134#true} is VALID [2022-02-20 18:00:26,374 INFO L290 TraceCheckUtils]: 39: Hoare triple {2134#true} assume true; {2134#true} is VALID [2022-02-20 18:00:26,374 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2134#true} {2135#false} #839#return; {2135#false} is VALID [2022-02-20 18:00:26,374 INFO L290 TraceCheckUtils]: 41: Hoare triple {2135#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 26, 0;havoc setup_#t~nondet49#1; {2135#false} is VALID [2022-02-20 18:00:26,375 INFO L290 TraceCheckUtils]: 42: Hoare triple {2135#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {2135#false} is VALID [2022-02-20 18:00:26,375 INFO L290 TraceCheckUtils]: 43: Hoare triple {2135#false} assume !false; {2135#false} is VALID [2022-02-20 18:00:26,375 INFO L290 TraceCheckUtils]: 44: Hoare triple {2135#false} assume !(test_~splverifierCounter~0#1 < 4); {2135#false} is VALID [2022-02-20 18:00:26,375 INFO L290 TraceCheckUtils]: 45: Hoare triple {2135#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret42#1 := puts(22, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {2135#false} is VALID [2022-02-20 18:00:26,375 INFO L272 TraceCheckUtils]: 46: Hoare triple {2135#false} call sendEmail(~bob~0, ~rjh~0); {2135#false} is VALID [2022-02-20 18:00:26,375 INFO L290 TraceCheckUtils]: 47: Hoare triple {2135#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~5#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~5#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2135#false} is VALID [2022-02-20 18:00:26,375 INFO L272 TraceCheckUtils]: 48: Hoare triple {2135#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2197#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:26,375 INFO L290 TraceCheckUtils]: 49: Hoare triple {2197#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2134#true} is VALID [2022-02-20 18:00:26,375 INFO L290 TraceCheckUtils]: 50: Hoare triple {2134#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2134#true} is VALID [2022-02-20 18:00:26,375 INFO L290 TraceCheckUtils]: 51: Hoare triple {2134#true} assume true; {2134#true} is VALID [2022-02-20 18:00:26,375 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {2134#true} {2135#false} #825#return; {2135#false} is VALID [2022-02-20 18:00:26,375 INFO L290 TraceCheckUtils]: 53: Hoare triple {2135#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {2135#false} is VALID [2022-02-20 18:00:26,375 INFO L290 TraceCheckUtils]: 54: Hoare triple {2135#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {2135#false} is VALID [2022-02-20 18:00:26,375 INFO L290 TraceCheckUtils]: 55: Hoare triple {2135#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~5#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~5#1; {2135#false} is VALID [2022-02-20 18:00:26,375 INFO L290 TraceCheckUtils]: 56: Hoare triple {2135#false} #t~ret75#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret75#1 && #t~ret75#1 <= 2147483647;~tmp~16#1 := #t~ret75#1;havoc #t~ret75#1;~email~0#1 := ~tmp~16#1; {2135#false} is VALID [2022-02-20 18:00:26,375 INFO L272 TraceCheckUtils]: 57: Hoare triple {2135#false} call outgoing(~sender#1, ~email~0#1); {2135#false} is VALID [2022-02-20 18:00:26,376 INFO L290 TraceCheckUtils]: 58: Hoare triple {2135#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~13#1;havoc ~pubkey~0#1;havoc ~tmp___0~4#1; {2135#false} is VALID [2022-02-20 18:00:26,376 INFO L272 TraceCheckUtils]: 59: Hoare triple {2135#false} call #t~ret67#1 := getEmailTo(~msg#1); {2134#true} is VALID [2022-02-20 18:00:26,376 INFO L290 TraceCheckUtils]: 60: Hoare triple {2134#true} ~handle := #in~handle;havoc ~retValue_acc~30; {2134#true} is VALID [2022-02-20 18:00:26,376 INFO L290 TraceCheckUtils]: 61: Hoare triple {2134#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {2134#true} is VALID [2022-02-20 18:00:26,376 INFO L290 TraceCheckUtils]: 62: Hoare triple {2134#true} assume true; {2134#true} is VALID [2022-02-20 18:00:26,376 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {2134#true} {2135#false} #787#return; {2135#false} is VALID [2022-02-20 18:00:26,376 INFO L290 TraceCheckUtils]: 64: Hoare triple {2135#false} assume -2147483648 <= #t~ret67#1 && #t~ret67#1 <= 2147483647;~tmp~13#1 := #t~ret67#1;havoc #t~ret67#1;~receiver~0#1 := ~tmp~13#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~24#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~24#1; {2135#false} is VALID [2022-02-20 18:00:26,376 INFO L290 TraceCheckUtils]: 65: Hoare triple {2135#false} assume 1 == findPublicKey_~handle#1; {2135#false} is VALID [2022-02-20 18:00:26,376 INFO L290 TraceCheckUtils]: 66: Hoare triple {2135#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~24#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~24#1; {2135#false} is VALID [2022-02-20 18:00:26,376 INFO L290 TraceCheckUtils]: 67: Hoare triple {2135#false} #t~ret68#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret68#1 && #t~ret68#1 <= 2147483647;~tmp___0~4#1 := #t~ret68#1;havoc #t~ret68#1;~pubkey~0#1 := ~tmp___0~4#1; {2135#false} is VALID [2022-02-20 18:00:26,376 INFO L290 TraceCheckUtils]: 68: Hoare triple {2135#false} assume !(0 != ~pubkey~0#1); {2135#false} is VALID [2022-02-20 18:00:26,376 INFO L290 TraceCheckUtils]: 69: Hoare triple {2135#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret66#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~12#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {2135#false} is VALID [2022-02-20 18:00:26,376 INFO L290 TraceCheckUtils]: 70: Hoare triple {2135#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {2135#false} is VALID [2022-02-20 18:00:26,376 INFO L290 TraceCheckUtils]: 71: Hoare triple {2135#false} outgoing__wrappee__Keys_#t~ret66#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret66#1 && outgoing__wrappee__Keys_#t~ret66#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~12#1 := outgoing__wrappee__Keys_#t~ret66#1;havoc outgoing__wrappee__Keys_#t~ret66#1; {2135#false} is VALID [2022-02-20 18:00:26,376 INFO L272 TraceCheckUtils]: 72: Hoare triple {2135#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1); {2197#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:26,376 INFO L290 TraceCheckUtils]: 73: Hoare triple {2197#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2134#true} is VALID [2022-02-20 18:00:26,376 INFO L290 TraceCheckUtils]: 74: Hoare triple {2134#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2134#true} is VALID [2022-02-20 18:00:26,376 INFO L290 TraceCheckUtils]: 75: Hoare triple {2134#true} assume true; {2134#true} is VALID [2022-02-20 18:00:26,377 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {2134#true} {2135#false} #793#return; {2135#false} is VALID [2022-02-20 18:00:26,377 INFO L290 TraceCheckUtils]: 77: Hoare triple {2135#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret64#1, mail_#t~ret65#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~11#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~11#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 := puts(33, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1; {2135#false} is VALID [2022-02-20 18:00:26,377 INFO L272 TraceCheckUtils]: 78: Hoare triple {2135#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {2134#true} is VALID [2022-02-20 18:00:26,377 INFO L290 TraceCheckUtils]: 79: Hoare triple {2134#true} ~handle := #in~handle;havoc ~retValue_acc~33; {2134#true} is VALID [2022-02-20 18:00:26,377 INFO L290 TraceCheckUtils]: 80: Hoare triple {2134#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~33; {2134#true} is VALID [2022-02-20 18:00:26,377 INFO L290 TraceCheckUtils]: 81: Hoare triple {2134#true} assume true; {2134#true} is VALID [2022-02-20 18:00:26,377 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {2134#true} {2135#false} #795#return; {2135#false} is VALID [2022-02-20 18:00:26,377 INFO L290 TraceCheckUtils]: 83: Hoare triple {2135#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset := 34, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1; {2135#false} is VALID [2022-02-20 18:00:26,377 INFO L290 TraceCheckUtils]: 84: Hoare triple {2135#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret64#1 := puts(30, 0);assume -2147483648 <= mail_#t~ret64#1 && mail_#t~ret64#1 <= 2147483647;havoc mail_#t~ret64#1; {2135#false} is VALID [2022-02-20 18:00:26,377 INFO L272 TraceCheckUtils]: 85: Hoare triple {2135#false} call mail_#t~ret65#1 := getEmailTo(mail_~msg#1); {2134#true} is VALID [2022-02-20 18:00:26,377 INFO L290 TraceCheckUtils]: 86: Hoare triple {2134#true} ~handle := #in~handle;havoc ~retValue_acc~30; {2134#true} is VALID [2022-02-20 18:00:26,377 INFO L290 TraceCheckUtils]: 87: Hoare triple {2134#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {2134#true} is VALID [2022-02-20 18:00:26,377 INFO L290 TraceCheckUtils]: 88: Hoare triple {2134#true} assume true; {2134#true} is VALID [2022-02-20 18:00:26,377 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {2134#true} {2135#false} #797#return; {2135#false} is VALID [2022-02-20 18:00:26,377 INFO L290 TraceCheckUtils]: 90: Hoare triple {2135#false} assume -2147483648 <= mail_#t~ret65#1 && mail_#t~ret65#1 <= 2147483647;mail_~tmp~11#1 := mail_#t~ret65#1;havoc mail_#t~ret65#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~11#1, mail_~msg#1;havoc incoming_#t~ret70#1, incoming_#t~ret71#1, incoming_#t~ret72#1, incoming_#t~ret73#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~14#1, incoming_~tmp___0~5#1, incoming_~tmp___1~2#1, incoming_~tmp___2~1#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~14#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~2#1;havoc incoming_~tmp___2~1#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 := puts(35, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset := 36, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1; {2135#false} is VALID [2022-02-20 18:00:26,378 INFO L290 TraceCheckUtils]: 91: Hoare triple {2135#false} assume 1 == ~sent_encrypted~0; {2135#false} is VALID [2022-02-20 18:00:26,378 INFO L272 TraceCheckUtils]: 92: Hoare triple {2135#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {2134#true} is VALID [2022-02-20 18:00:26,378 INFO L290 TraceCheckUtils]: 93: Hoare triple {2134#true} ~handle := #in~handle;havoc ~retValue_acc~19; {2134#true} is VALID [2022-02-20 18:00:26,378 INFO L290 TraceCheckUtils]: 94: Hoare triple {2134#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {2134#true} is VALID [2022-02-20 18:00:26,378 INFO L290 TraceCheckUtils]: 95: Hoare triple {2134#true} assume true; {2134#true} is VALID [2022-02-20 18:00:26,378 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {2134#true} {2135#false} #799#return; {2135#false} is VALID [2022-02-20 18:00:26,378 INFO L290 TraceCheckUtils]: 97: Hoare triple {2135#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~17#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1; {2135#false} is VALID [2022-02-20 18:00:26,378 INFO L272 TraceCheckUtils]: 98: Hoare triple {2135#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {2134#true} is VALID [2022-02-20 18:00:26,378 INFO L290 TraceCheckUtils]: 99: Hoare triple {2134#true} ~handle := #in~handle;havoc ~retValue_acc~34; {2134#true} is VALID [2022-02-20 18:00:26,378 INFO L290 TraceCheckUtils]: 100: Hoare triple {2134#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~34; {2134#true} is VALID [2022-02-20 18:00:26,378 INFO L290 TraceCheckUtils]: 101: Hoare triple {2134#true} assume true; {2134#true} is VALID [2022-02-20 18:00:26,378 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {2134#true} {2135#false} #801#return; {2135#false} is VALID [2022-02-20 18:00:26,378 INFO L290 TraceCheckUtils]: 103: Hoare triple {2135#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1; {2135#false} is VALID [2022-02-20 18:00:26,378 INFO L272 TraceCheckUtils]: 104: Hoare triple {2135#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1); {2134#true} is VALID [2022-02-20 18:00:26,378 INFO L290 TraceCheckUtils]: 105: Hoare triple {2134#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~42;havoc ~__cil_tmp4~4.base, ~__cil_tmp4~4.offset;~__cil_tmp4~4.base, ~__cil_tmp4~4.offset := 32, 0;havoc #t~nondet76; {2134#true} is VALID [2022-02-20 18:00:26,379 INFO L290 TraceCheckUtils]: 106: Hoare triple {2134#true} assume 0 == ~publicKey;~retValue_acc~42 := 0;#res := ~retValue_acc~42; {2134#true} is VALID [2022-02-20 18:00:26,379 INFO L290 TraceCheckUtils]: 107: Hoare triple {2134#true} assume true; {2134#true} is VALID [2022-02-20 18:00:26,379 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {2134#true} {2135#false} #803#return; {2135#false} is VALID [2022-02-20 18:00:26,379 INFO L290 TraceCheckUtils]: 109: Hoare triple {2135#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1; {2135#false} is VALID [2022-02-20 18:00:26,379 INFO L290 TraceCheckUtils]: 110: Hoare triple {2135#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1);assume { :begin_inline___automaton_fail } true; {2135#false} is VALID [2022-02-20 18:00:26,379 INFO L290 TraceCheckUtils]: 111: Hoare triple {2135#false} assume !false; {2135#false} is VALID [2022-02-20 18:00:26,379 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 26 trivial. 0 not checked. [2022-02-20 18:00:26,379 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:00:26,379 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1174964549] [2022-02-20 18:00:26,380 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1174964549] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:00:26,380 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2146691624] [2022-02-20 18:00:26,380 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:26,380 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:00:26,380 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:00:26,383 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:00:26,396 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 18:00:26,582 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:26,585 INFO L263 TraceCheckSpWp]: Trace formula consists of 1026 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 18:00:26,661 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:26,663 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:00:26,938 INFO L290 TraceCheckUtils]: 0: Hoare triple {2134#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(21, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(44, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(11, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(100, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(20, 32);call #Ultimate.allocInit(13, 33);call #Ultimate.allocInit(19, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(19, 36);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(115, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_encrypted~0 := -1; {2134#true} is VALID [2022-02-20 18:00:26,939 INFO L290 TraceCheckUtils]: 1: Hoare triple {2134#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~9#1, main_~tmp~7#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {2134#true} is VALID [2022-02-20 18:00:26,939 INFO L290 TraceCheckUtils]: 2: Hoare triple {2134#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2134#true} is VALID [2022-02-20 18:00:26,939 INFO L290 TraceCheckUtils]: 3: Hoare triple {2134#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {2134#true} is VALID [2022-02-20 18:00:26,939 INFO L290 TraceCheckUtils]: 4: Hoare triple {2134#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {2134#true} is VALID [2022-02-20 18:00:26,939 INFO L290 TraceCheckUtils]: 5: Hoare triple {2134#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2134#true} is VALID [2022-02-20 18:00:26,939 INFO L272 TraceCheckUtils]: 6: Hoare triple {2134#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2134#true} is VALID [2022-02-20 18:00:26,939 INFO L290 TraceCheckUtils]: 7: Hoare triple {2134#true} ~handle := #in~handle;~value := #in~value; {2134#true} is VALID [2022-02-20 18:00:26,939 INFO L290 TraceCheckUtils]: 8: Hoare triple {2134#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2134#true} is VALID [2022-02-20 18:00:26,939 INFO L290 TraceCheckUtils]: 9: Hoare triple {2134#true} assume true; {2134#true} is VALID [2022-02-20 18:00:26,939 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2134#true} {2134#true} #829#return; {2134#true} is VALID [2022-02-20 18:00:26,939 INFO L290 TraceCheckUtils]: 11: Hoare triple {2134#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2134#true} is VALID [2022-02-20 18:00:26,939 INFO L272 TraceCheckUtils]: 12: Hoare triple {2134#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2134#true} is VALID [2022-02-20 18:00:26,939 INFO L290 TraceCheckUtils]: 13: Hoare triple {2134#true} ~handle := #in~handle;~value := #in~value; {2134#true} is VALID [2022-02-20 18:00:26,940 INFO L290 TraceCheckUtils]: 14: Hoare triple {2134#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2134#true} is VALID [2022-02-20 18:00:26,940 INFO L290 TraceCheckUtils]: 15: Hoare triple {2134#true} assume true; {2134#true} is VALID [2022-02-20 18:00:26,940 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2134#true} {2134#true} #831#return; {2134#true} is VALID [2022-02-20 18:00:26,940 INFO L290 TraceCheckUtils]: 17: Hoare triple {2134#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 24, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2134#true} is VALID [2022-02-20 18:00:26,940 INFO L272 TraceCheckUtils]: 18: Hoare triple {2134#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2134#true} is VALID [2022-02-20 18:00:26,940 INFO L290 TraceCheckUtils]: 19: Hoare triple {2134#true} ~handle := #in~handle;~value := #in~value; {2134#true} is VALID [2022-02-20 18:00:26,940 INFO L290 TraceCheckUtils]: 20: Hoare triple {2134#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2134#true} is VALID [2022-02-20 18:00:26,940 INFO L290 TraceCheckUtils]: 21: Hoare triple {2134#true} assume true; {2134#true} is VALID [2022-02-20 18:00:26,940 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {2134#true} {2134#true} #833#return; {2134#true} is VALID [2022-02-20 18:00:26,940 INFO L290 TraceCheckUtils]: 23: Hoare triple {2134#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {2134#true} is VALID [2022-02-20 18:00:26,940 INFO L272 TraceCheckUtils]: 24: Hoare triple {2134#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2134#true} is VALID [2022-02-20 18:00:26,940 INFO L290 TraceCheckUtils]: 25: Hoare triple {2134#true} ~handle := #in~handle;~value := #in~value; {2134#true} is VALID [2022-02-20 18:00:26,940 INFO L290 TraceCheckUtils]: 26: Hoare triple {2134#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2134#true} is VALID [2022-02-20 18:00:26,940 INFO L290 TraceCheckUtils]: 27: Hoare triple {2134#true} assume true; {2134#true} is VALID [2022-02-20 18:00:26,941 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2134#true} {2134#true} #835#return; {2134#true} is VALID [2022-02-20 18:00:26,941 INFO L290 TraceCheckUtils]: 29: Hoare triple {2134#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 25, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2134#true} is VALID [2022-02-20 18:00:26,941 INFO L272 TraceCheckUtils]: 30: Hoare triple {2134#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2134#true} is VALID [2022-02-20 18:00:26,941 INFO L290 TraceCheckUtils]: 31: Hoare triple {2134#true} ~handle := #in~handle;~value := #in~value; {2134#true} is VALID [2022-02-20 18:00:26,941 INFO L290 TraceCheckUtils]: 32: Hoare triple {2134#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2134#true} is VALID [2022-02-20 18:00:26,941 INFO L290 TraceCheckUtils]: 33: Hoare triple {2134#true} assume true; {2134#true} is VALID [2022-02-20 18:00:26,941 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {2134#true} {2134#true} #837#return; {2134#true} is VALID [2022-02-20 18:00:26,941 INFO L290 TraceCheckUtils]: 35: Hoare triple {2134#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {2134#true} is VALID [2022-02-20 18:00:26,941 INFO L272 TraceCheckUtils]: 36: Hoare triple {2134#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2134#true} is VALID [2022-02-20 18:00:26,941 INFO L290 TraceCheckUtils]: 37: Hoare triple {2134#true} ~handle := #in~handle;~value := #in~value; {2134#true} is VALID [2022-02-20 18:00:26,941 INFO L290 TraceCheckUtils]: 38: Hoare triple {2134#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2134#true} is VALID [2022-02-20 18:00:26,941 INFO L290 TraceCheckUtils]: 39: Hoare triple {2134#true} assume true; {2134#true} is VALID [2022-02-20 18:00:26,941 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2134#true} {2134#true} #839#return; {2134#true} is VALID [2022-02-20 18:00:26,941 INFO L290 TraceCheckUtils]: 41: Hoare triple {2134#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 26, 0;havoc setup_#t~nondet49#1; {2134#true} is VALID [2022-02-20 18:00:26,949 INFO L290 TraceCheckUtils]: 42: Hoare triple {2134#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {2327#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:00:26,949 INFO L290 TraceCheckUtils]: 43: Hoare triple {2327#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {2327#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:00:26,950 INFO L290 TraceCheckUtils]: 44: Hoare triple {2327#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {2135#false} is VALID [2022-02-20 18:00:26,950 INFO L290 TraceCheckUtils]: 45: Hoare triple {2135#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret42#1 := puts(22, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {2135#false} is VALID [2022-02-20 18:00:26,950 INFO L272 TraceCheckUtils]: 46: Hoare triple {2135#false} call sendEmail(~bob~0, ~rjh~0); {2135#false} is VALID [2022-02-20 18:00:26,950 INFO L290 TraceCheckUtils]: 47: Hoare triple {2135#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~5#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~5#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2135#false} is VALID [2022-02-20 18:00:26,950 INFO L272 TraceCheckUtils]: 48: Hoare triple {2135#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2135#false} is VALID [2022-02-20 18:00:26,950 INFO L290 TraceCheckUtils]: 49: Hoare triple {2135#false} ~handle := #in~handle;~value := #in~value; {2135#false} is VALID [2022-02-20 18:00:26,950 INFO L290 TraceCheckUtils]: 50: Hoare triple {2135#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2135#false} is VALID [2022-02-20 18:00:26,950 INFO L290 TraceCheckUtils]: 51: Hoare triple {2135#false} assume true; {2135#false} is VALID [2022-02-20 18:00:26,950 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {2135#false} {2135#false} #825#return; {2135#false} is VALID [2022-02-20 18:00:26,950 INFO L290 TraceCheckUtils]: 53: Hoare triple {2135#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {2135#false} is VALID [2022-02-20 18:00:26,950 INFO L290 TraceCheckUtils]: 54: Hoare triple {2135#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {2135#false} is VALID [2022-02-20 18:00:26,951 INFO L290 TraceCheckUtils]: 55: Hoare triple {2135#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~5#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~5#1; {2135#false} is VALID [2022-02-20 18:00:26,951 INFO L290 TraceCheckUtils]: 56: Hoare triple {2135#false} #t~ret75#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret75#1 && #t~ret75#1 <= 2147483647;~tmp~16#1 := #t~ret75#1;havoc #t~ret75#1;~email~0#1 := ~tmp~16#1; {2135#false} is VALID [2022-02-20 18:00:26,951 INFO L272 TraceCheckUtils]: 57: Hoare triple {2135#false} call outgoing(~sender#1, ~email~0#1); {2135#false} is VALID [2022-02-20 18:00:26,951 INFO L290 TraceCheckUtils]: 58: Hoare triple {2135#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~13#1;havoc ~pubkey~0#1;havoc ~tmp___0~4#1; {2135#false} is VALID [2022-02-20 18:00:26,951 INFO L272 TraceCheckUtils]: 59: Hoare triple {2135#false} call #t~ret67#1 := getEmailTo(~msg#1); {2135#false} is VALID [2022-02-20 18:00:26,951 INFO L290 TraceCheckUtils]: 60: Hoare triple {2135#false} ~handle := #in~handle;havoc ~retValue_acc~30; {2135#false} is VALID [2022-02-20 18:00:26,951 INFO L290 TraceCheckUtils]: 61: Hoare triple {2135#false} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {2135#false} is VALID [2022-02-20 18:00:26,951 INFO L290 TraceCheckUtils]: 62: Hoare triple {2135#false} assume true; {2135#false} is VALID [2022-02-20 18:00:26,951 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {2135#false} {2135#false} #787#return; {2135#false} is VALID [2022-02-20 18:00:26,951 INFO L290 TraceCheckUtils]: 64: Hoare triple {2135#false} assume -2147483648 <= #t~ret67#1 && #t~ret67#1 <= 2147483647;~tmp~13#1 := #t~ret67#1;havoc #t~ret67#1;~receiver~0#1 := ~tmp~13#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~24#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~24#1; {2135#false} is VALID [2022-02-20 18:00:26,951 INFO L290 TraceCheckUtils]: 65: Hoare triple {2135#false} assume 1 == findPublicKey_~handle#1; {2135#false} is VALID [2022-02-20 18:00:26,951 INFO L290 TraceCheckUtils]: 66: Hoare triple {2135#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~24#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~24#1; {2135#false} is VALID [2022-02-20 18:00:26,951 INFO L290 TraceCheckUtils]: 67: Hoare triple {2135#false} #t~ret68#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret68#1 && #t~ret68#1 <= 2147483647;~tmp___0~4#1 := #t~ret68#1;havoc #t~ret68#1;~pubkey~0#1 := ~tmp___0~4#1; {2135#false} is VALID [2022-02-20 18:00:26,951 INFO L290 TraceCheckUtils]: 68: Hoare triple {2135#false} assume !(0 != ~pubkey~0#1); {2135#false} is VALID [2022-02-20 18:00:26,951 INFO L290 TraceCheckUtils]: 69: Hoare triple {2135#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret66#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~12#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {2135#false} is VALID [2022-02-20 18:00:26,951 INFO L290 TraceCheckUtils]: 70: Hoare triple {2135#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {2135#false} is VALID [2022-02-20 18:00:26,952 INFO L290 TraceCheckUtils]: 71: Hoare triple {2135#false} outgoing__wrappee__Keys_#t~ret66#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret66#1 && outgoing__wrappee__Keys_#t~ret66#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~12#1 := outgoing__wrappee__Keys_#t~ret66#1;havoc outgoing__wrappee__Keys_#t~ret66#1; {2135#false} is VALID [2022-02-20 18:00:26,952 INFO L272 TraceCheckUtils]: 72: Hoare triple {2135#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1); {2135#false} is VALID [2022-02-20 18:00:26,952 INFO L290 TraceCheckUtils]: 73: Hoare triple {2135#false} ~handle := #in~handle;~value := #in~value; {2135#false} is VALID [2022-02-20 18:00:26,952 INFO L290 TraceCheckUtils]: 74: Hoare triple {2135#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2135#false} is VALID [2022-02-20 18:00:26,952 INFO L290 TraceCheckUtils]: 75: Hoare triple {2135#false} assume true; {2135#false} is VALID [2022-02-20 18:00:26,952 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {2135#false} {2135#false} #793#return; {2135#false} is VALID [2022-02-20 18:00:26,952 INFO L290 TraceCheckUtils]: 77: Hoare triple {2135#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret64#1, mail_#t~ret65#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~11#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~11#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 := puts(33, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1; {2135#false} is VALID [2022-02-20 18:00:26,952 INFO L272 TraceCheckUtils]: 78: Hoare triple {2135#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {2135#false} is VALID [2022-02-20 18:00:26,952 INFO L290 TraceCheckUtils]: 79: Hoare triple {2135#false} ~handle := #in~handle;havoc ~retValue_acc~33; {2135#false} is VALID [2022-02-20 18:00:26,952 INFO L290 TraceCheckUtils]: 80: Hoare triple {2135#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~33; {2135#false} is VALID [2022-02-20 18:00:26,952 INFO L290 TraceCheckUtils]: 81: Hoare triple {2135#false} assume true; {2135#false} is VALID [2022-02-20 18:00:26,952 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {2135#false} {2135#false} #795#return; {2135#false} is VALID [2022-02-20 18:00:26,952 INFO L290 TraceCheckUtils]: 83: Hoare triple {2135#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset := 34, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1; {2135#false} is VALID [2022-02-20 18:00:26,952 INFO L290 TraceCheckUtils]: 84: Hoare triple {2135#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret64#1 := puts(30, 0);assume -2147483648 <= mail_#t~ret64#1 && mail_#t~ret64#1 <= 2147483647;havoc mail_#t~ret64#1; {2135#false} is VALID [2022-02-20 18:00:26,952 INFO L272 TraceCheckUtils]: 85: Hoare triple {2135#false} call mail_#t~ret65#1 := getEmailTo(mail_~msg#1); {2135#false} is VALID [2022-02-20 18:00:26,952 INFO L290 TraceCheckUtils]: 86: Hoare triple {2135#false} ~handle := #in~handle;havoc ~retValue_acc~30; {2135#false} is VALID [2022-02-20 18:00:26,952 INFO L290 TraceCheckUtils]: 87: Hoare triple {2135#false} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {2135#false} is VALID [2022-02-20 18:00:26,953 INFO L290 TraceCheckUtils]: 88: Hoare triple {2135#false} assume true; {2135#false} is VALID [2022-02-20 18:00:26,953 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {2135#false} {2135#false} #797#return; {2135#false} is VALID [2022-02-20 18:00:26,953 INFO L290 TraceCheckUtils]: 90: Hoare triple {2135#false} assume -2147483648 <= mail_#t~ret65#1 && mail_#t~ret65#1 <= 2147483647;mail_~tmp~11#1 := mail_#t~ret65#1;havoc mail_#t~ret65#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~11#1, mail_~msg#1;havoc incoming_#t~ret70#1, incoming_#t~ret71#1, incoming_#t~ret72#1, incoming_#t~ret73#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~14#1, incoming_~tmp___0~5#1, incoming_~tmp___1~2#1, incoming_~tmp___2~1#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~14#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~2#1;havoc incoming_~tmp___2~1#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 := puts(35, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset := 36, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1; {2135#false} is VALID [2022-02-20 18:00:26,953 INFO L290 TraceCheckUtils]: 91: Hoare triple {2135#false} assume 1 == ~sent_encrypted~0; {2135#false} is VALID [2022-02-20 18:00:26,953 INFO L272 TraceCheckUtils]: 92: Hoare triple {2135#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {2135#false} is VALID [2022-02-20 18:00:26,953 INFO L290 TraceCheckUtils]: 93: Hoare triple {2135#false} ~handle := #in~handle;havoc ~retValue_acc~19; {2135#false} is VALID [2022-02-20 18:00:26,953 INFO L290 TraceCheckUtils]: 94: Hoare triple {2135#false} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {2135#false} is VALID [2022-02-20 18:00:26,953 INFO L290 TraceCheckUtils]: 95: Hoare triple {2135#false} assume true; {2135#false} is VALID [2022-02-20 18:00:26,953 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {2135#false} {2135#false} #799#return; {2135#false} is VALID [2022-02-20 18:00:26,953 INFO L290 TraceCheckUtils]: 97: Hoare triple {2135#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~17#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1; {2135#false} is VALID [2022-02-20 18:00:26,953 INFO L272 TraceCheckUtils]: 98: Hoare triple {2135#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {2135#false} is VALID [2022-02-20 18:00:26,953 INFO L290 TraceCheckUtils]: 99: Hoare triple {2135#false} ~handle := #in~handle;havoc ~retValue_acc~34; {2135#false} is VALID [2022-02-20 18:00:26,953 INFO L290 TraceCheckUtils]: 100: Hoare triple {2135#false} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~34; {2135#false} is VALID [2022-02-20 18:00:26,953 INFO L290 TraceCheckUtils]: 101: Hoare triple {2135#false} assume true; {2135#false} is VALID [2022-02-20 18:00:26,953 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {2135#false} {2135#false} #801#return; {2135#false} is VALID [2022-02-20 18:00:26,953 INFO L290 TraceCheckUtils]: 103: Hoare triple {2135#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1; {2135#false} is VALID [2022-02-20 18:00:26,954 INFO L272 TraceCheckUtils]: 104: Hoare triple {2135#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1); {2135#false} is VALID [2022-02-20 18:00:26,954 INFO L290 TraceCheckUtils]: 105: Hoare triple {2135#false} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~42;havoc ~__cil_tmp4~4.base, ~__cil_tmp4~4.offset;~__cil_tmp4~4.base, ~__cil_tmp4~4.offset := 32, 0;havoc #t~nondet76; {2135#false} is VALID [2022-02-20 18:00:26,954 INFO L290 TraceCheckUtils]: 106: Hoare triple {2135#false} assume 0 == ~publicKey;~retValue_acc~42 := 0;#res := ~retValue_acc~42; {2135#false} is VALID [2022-02-20 18:00:26,954 INFO L290 TraceCheckUtils]: 107: Hoare triple {2135#false} assume true; {2135#false} is VALID [2022-02-20 18:00:26,954 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {2135#false} {2135#false} #803#return; {2135#false} is VALID [2022-02-20 18:00:26,954 INFO L290 TraceCheckUtils]: 109: Hoare triple {2135#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1; {2135#false} is VALID [2022-02-20 18:00:26,954 INFO L290 TraceCheckUtils]: 110: Hoare triple {2135#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1);assume { :begin_inline___automaton_fail } true; {2135#false} is VALID [2022-02-20 18:00:26,954 INFO L290 TraceCheckUtils]: 111: Hoare triple {2135#false} assume !false; {2135#false} is VALID [2022-02-20 18:00:26,954 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 32 trivial. 0 not checked. [2022-02-20 18:00:26,954 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:00:26,954 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [2146691624] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:00:26,954 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:00:26,955 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [8] total 9 [2022-02-20 18:00:26,955 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1991881019] [2022-02-20 18:00:26,955 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:00:26,956 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 21.333333333333332) internal successors, (64), 3 states have internal predecessors, (64), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) Word has length 112 [2022-02-20 18:00:26,956 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:00:26,956 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 21.333333333333332) internal successors, (64), 3 states have internal predecessors, (64), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:00:27,036 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 94 edges. 94 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:27,036 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:00:27,036 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:00:27,036 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:00:27,036 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:00:27,037 INFO L87 Difference]: Start difference. First operand 267 states and 400 transitions. Second operand has 3 states, 3 states have (on average 21.333333333333332) internal successors, (64), 3 states have internal predecessors, (64), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:00:27,336 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:27,336 INFO L93 Difference]: Finished difference Result 389 states and 567 transitions. [2022-02-20 18:00:27,337 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:00:27,337 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 21.333333333333332) internal successors, (64), 3 states have internal predecessors, (64), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) Word has length 112 [2022-02-20 18:00:27,337 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:00:27,337 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 21.333333333333332) internal successors, (64), 3 states have internal predecessors, (64), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:00:27,354 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 567 transitions. [2022-02-20 18:00:27,354 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 21.333333333333332) internal successors, (64), 3 states have internal predecessors, (64), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:00:27,360 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 567 transitions. [2022-02-20 18:00:27,360 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 567 transitions. [2022-02-20 18:00:27,733 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 567 edges. 567 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:27,739 INFO L225 Difference]: With dead ends: 389 [2022-02-20 18:00:27,739 INFO L226 Difference]: Without dead ends: 270 [2022-02-20 18:00:27,740 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 143 GetRequests, 136 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:00:27,740 INFO L933 BasicCegarLoop]: 398 mSDtfsCounter, 1 mSDsluCounter, 396 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 794 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:00:27,741 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 794 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:00:27,741 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 270 states. [2022-02-20 18:00:27,768 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 270 to 269. [2022-02-20 18:00:27,769 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:00:27,769 INFO L82 GeneralOperation]: Start isEquivalent. First operand 270 states. Second operand has 269 states, 208 states have (on average 1.5240384615384615) internal successors, (317), 211 states have internal predecessors, (317), 43 states have call successors, (43), 17 states have call predecessors, (43), 17 states have return successors, (42), 42 states have call predecessors, (42), 42 states have call successors, (42) [2022-02-20 18:00:27,770 INFO L74 IsIncluded]: Start isIncluded. First operand 270 states. Second operand has 269 states, 208 states have (on average 1.5240384615384615) internal successors, (317), 211 states have internal predecessors, (317), 43 states have call successors, (43), 17 states have call predecessors, (43), 17 states have return successors, (42), 42 states have call predecessors, (42), 42 states have call successors, (42) [2022-02-20 18:00:27,771 INFO L87 Difference]: Start difference. First operand 270 states. Second operand has 269 states, 208 states have (on average 1.5240384615384615) internal successors, (317), 211 states have internal predecessors, (317), 43 states have call successors, (43), 17 states have call predecessors, (43), 17 states have return successors, (42), 42 states have call predecessors, (42), 42 states have call successors, (42) [2022-02-20 18:00:27,780 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:27,780 INFO L93 Difference]: Finished difference Result 270 states and 403 transitions. [2022-02-20 18:00:27,781 INFO L276 IsEmpty]: Start isEmpty. Operand 270 states and 403 transitions. [2022-02-20 18:00:27,781 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:27,782 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:27,782 INFO L74 IsIncluded]: Start isIncluded. First operand has 269 states, 208 states have (on average 1.5240384615384615) internal successors, (317), 211 states have internal predecessors, (317), 43 states have call successors, (43), 17 states have call predecessors, (43), 17 states have return successors, (42), 42 states have call predecessors, (42), 42 states have call successors, (42) Second operand 270 states. [2022-02-20 18:00:27,783 INFO L87 Difference]: Start difference. First operand has 269 states, 208 states have (on average 1.5240384615384615) internal successors, (317), 211 states have internal predecessors, (317), 43 states have call successors, (43), 17 states have call predecessors, (43), 17 states have return successors, (42), 42 states have call predecessors, (42), 42 states have call successors, (42) Second operand 270 states. [2022-02-20 18:00:27,791 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:27,791 INFO L93 Difference]: Finished difference Result 270 states and 403 transitions. [2022-02-20 18:00:27,791 INFO L276 IsEmpty]: Start isEmpty. Operand 270 states and 403 transitions. [2022-02-20 18:00:27,792 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:27,792 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:27,792 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:00:27,792 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:00:27,793 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 269 states, 208 states have (on average 1.5240384615384615) internal successors, (317), 211 states have internal predecessors, (317), 43 states have call successors, (43), 17 states have call predecessors, (43), 17 states have return successors, (42), 42 states have call predecessors, (42), 42 states have call successors, (42) [2022-02-20 18:00:27,801 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 269 states to 269 states and 402 transitions. [2022-02-20 18:00:27,802 INFO L78 Accepts]: Start accepts. Automaton has 269 states and 402 transitions. Word has length 112 [2022-02-20 18:00:27,802 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:00:27,802 INFO L470 AbstractCegarLoop]: Abstraction has 269 states and 402 transitions. [2022-02-20 18:00:27,802 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 21.333333333333332) internal successors, (64), 3 states have internal predecessors, (64), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:00:27,802 INFO L276 IsEmpty]: Start isEmpty. Operand 269 states and 402 transitions. [2022-02-20 18:00:27,804 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 119 [2022-02-20 18:00:27,804 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:00:27,804 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:00:27,824 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Ended with exit code 0 [2022-02-20 18:00:28,020 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable1 [2022-02-20 18:00:28,021 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:00:28,021 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:00:28,021 INFO L85 PathProgramCache]: Analyzing trace with hash -1661890211, now seen corresponding path program 1 times [2022-02-20 18:00:28,021 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:00:28,021 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [522757492] [2022-02-20 18:00:28,021 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:28,022 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:00:28,048 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:28,071 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:00:28,072 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:28,075 INFO L290 TraceCheckUtils]: 0: Hoare triple {4047#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3988#true} is VALID [2022-02-20 18:00:28,075 INFO L290 TraceCheckUtils]: 1: Hoare triple {3988#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3988#true} is VALID [2022-02-20 18:00:28,075 INFO L290 TraceCheckUtils]: 2: Hoare triple {3988#true} assume true; {3988#true} is VALID [2022-02-20 18:00:28,075 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3988#true} {3988#true} #829#return; {3988#true} is VALID [2022-02-20 18:00:28,080 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:00:28,081 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:28,083 INFO L290 TraceCheckUtils]: 0: Hoare triple {4048#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3988#true} is VALID [2022-02-20 18:00:28,083 INFO L290 TraceCheckUtils]: 1: Hoare triple {3988#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3988#true} is VALID [2022-02-20 18:00:28,083 INFO L290 TraceCheckUtils]: 2: Hoare triple {3988#true} assume true; {3988#true} is VALID [2022-02-20 18:00:28,083 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3988#true} {3988#true} #831#return; {3988#true} is VALID [2022-02-20 18:00:28,084 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:00:28,085 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:28,101 INFO L290 TraceCheckUtils]: 0: Hoare triple {4047#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4049#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:28,101 INFO L290 TraceCheckUtils]: 1: Hoare triple {4049#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4050#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:28,102 INFO L290 TraceCheckUtils]: 2: Hoare triple {4050#(= |setClientId_#in~handle| 1)} assume true; {4050#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:28,102 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4050#(= |setClientId_#in~handle| 1)} {3998#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #833#return; {3989#false} is VALID [2022-02-20 18:00:28,103 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:00:28,104 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:28,106 INFO L290 TraceCheckUtils]: 0: Hoare triple {4048#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3988#true} is VALID [2022-02-20 18:00:28,107 INFO L290 TraceCheckUtils]: 1: Hoare triple {3988#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3988#true} is VALID [2022-02-20 18:00:28,107 INFO L290 TraceCheckUtils]: 2: Hoare triple {3988#true} assume true; {3988#true} is VALID [2022-02-20 18:00:28,107 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3988#true} {3989#false} #835#return; {3989#false} is VALID [2022-02-20 18:00:28,107 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:00:28,109 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:28,111 INFO L290 TraceCheckUtils]: 0: Hoare triple {4047#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3988#true} is VALID [2022-02-20 18:00:28,111 INFO L290 TraceCheckUtils]: 1: Hoare triple {3988#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3988#true} is VALID [2022-02-20 18:00:28,111 INFO L290 TraceCheckUtils]: 2: Hoare triple {3988#true} assume true; {3988#true} is VALID [2022-02-20 18:00:28,111 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3988#true} {3989#false} #837#return; {3989#false} is VALID [2022-02-20 18:00:28,111 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:00:28,112 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:28,114 INFO L290 TraceCheckUtils]: 0: Hoare triple {4048#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3988#true} is VALID [2022-02-20 18:00:28,114 INFO L290 TraceCheckUtils]: 1: Hoare triple {3988#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3988#true} is VALID [2022-02-20 18:00:28,114 INFO L290 TraceCheckUtils]: 2: Hoare triple {3988#true} assume true; {3988#true} is VALID [2022-02-20 18:00:28,115 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3988#true} {3989#false} #839#return; {3989#false} is VALID [2022-02-20 18:00:28,120 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 54 [2022-02-20 18:00:28,121 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:28,123 INFO L290 TraceCheckUtils]: 0: Hoare triple {4051#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3988#true} is VALID [2022-02-20 18:00:28,123 INFO L290 TraceCheckUtils]: 1: Hoare triple {3988#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3988#true} is VALID [2022-02-20 18:00:28,123 INFO L290 TraceCheckUtils]: 2: Hoare triple {3988#true} assume true; {3988#true} is VALID [2022-02-20 18:00:28,123 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3988#true} {3989#false} #825#return; {3989#false} is VALID [2022-02-20 18:00:28,124 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65 [2022-02-20 18:00:28,124 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:28,126 INFO L290 TraceCheckUtils]: 0: Hoare triple {3988#true} ~handle := #in~handle;havoc ~retValue_acc~30; {3988#true} is VALID [2022-02-20 18:00:28,126 INFO L290 TraceCheckUtils]: 1: Hoare triple {3988#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {3988#true} is VALID [2022-02-20 18:00:28,126 INFO L290 TraceCheckUtils]: 2: Hoare triple {3988#true} assume true; {3988#true} is VALID [2022-02-20 18:00:28,126 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3988#true} {3989#false} #787#return; {3989#false} is VALID [2022-02-20 18:00:28,126 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 18:00:28,127 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:28,129 INFO L290 TraceCheckUtils]: 0: Hoare triple {4051#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3988#true} is VALID [2022-02-20 18:00:28,129 INFO L290 TraceCheckUtils]: 1: Hoare triple {3988#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3988#true} is VALID [2022-02-20 18:00:28,129 INFO L290 TraceCheckUtils]: 2: Hoare triple {3988#true} assume true; {3988#true} is VALID [2022-02-20 18:00:28,130 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3988#true} {3989#false} #793#return; {3989#false} is VALID [2022-02-20 18:00:28,130 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 18:00:28,130 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:28,132 INFO L290 TraceCheckUtils]: 0: Hoare triple {3988#true} ~handle := #in~handle;havoc ~retValue_acc~33; {3988#true} is VALID [2022-02-20 18:00:28,132 INFO L290 TraceCheckUtils]: 1: Hoare triple {3988#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~33; {3988#true} is VALID [2022-02-20 18:00:28,132 INFO L290 TraceCheckUtils]: 2: Hoare triple {3988#true} assume true; {3988#true} is VALID [2022-02-20 18:00:28,132 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3988#true} {3989#false} #795#return; {3989#false} is VALID [2022-02-20 18:00:28,132 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91 [2022-02-20 18:00:28,133 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:28,134 INFO L290 TraceCheckUtils]: 0: Hoare triple {3988#true} ~handle := #in~handle;havoc ~retValue_acc~30; {3988#true} is VALID [2022-02-20 18:00:28,135 INFO L290 TraceCheckUtils]: 1: Hoare triple {3988#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {3988#true} is VALID [2022-02-20 18:00:28,135 INFO L290 TraceCheckUtils]: 2: Hoare triple {3988#true} assume true; {3988#true} is VALID [2022-02-20 18:00:28,135 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3988#true} {3989#false} #797#return; {3989#false} is VALID [2022-02-20 18:00:28,135 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 18:00:28,136 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:28,137 INFO L290 TraceCheckUtils]: 0: Hoare triple {3988#true} ~handle := #in~handle;havoc ~retValue_acc~19; {3988#true} is VALID [2022-02-20 18:00:28,137 INFO L290 TraceCheckUtils]: 1: Hoare triple {3988#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {3988#true} is VALID [2022-02-20 18:00:28,137 INFO L290 TraceCheckUtils]: 2: Hoare triple {3988#true} assume true; {3988#true} is VALID [2022-02-20 18:00:28,137 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3988#true} {3989#false} #799#return; {3989#false} is VALID [2022-02-20 18:00:28,138 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 104 [2022-02-20 18:00:28,138 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:28,140 INFO L290 TraceCheckUtils]: 0: Hoare triple {3988#true} ~handle := #in~handle;havoc ~retValue_acc~34; {3988#true} is VALID [2022-02-20 18:00:28,141 INFO L290 TraceCheckUtils]: 1: Hoare triple {3988#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~34; {3988#true} is VALID [2022-02-20 18:00:28,141 INFO L290 TraceCheckUtils]: 2: Hoare triple {3988#true} assume true; {3988#true} is VALID [2022-02-20 18:00:28,141 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3988#true} {3989#false} #801#return; {3989#false} is VALID [2022-02-20 18:00:28,141 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 110 [2022-02-20 18:00:28,142 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:28,146 INFO L290 TraceCheckUtils]: 0: Hoare triple {3988#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~42;havoc ~__cil_tmp4~4.base, ~__cil_tmp4~4.offset;~__cil_tmp4~4.base, ~__cil_tmp4~4.offset := 32, 0;havoc #t~nondet76; {3988#true} is VALID [2022-02-20 18:00:28,147 INFO L290 TraceCheckUtils]: 1: Hoare triple {3988#true} assume 0 == ~publicKey;~retValue_acc~42 := 0;#res := ~retValue_acc~42; {3988#true} is VALID [2022-02-20 18:00:28,147 INFO L290 TraceCheckUtils]: 2: Hoare triple {3988#true} assume true; {3988#true} is VALID [2022-02-20 18:00:28,147 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3988#true} {3989#false} #803#return; {3989#false} is VALID [2022-02-20 18:00:28,147 INFO L290 TraceCheckUtils]: 0: Hoare triple {3988#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(21, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(44, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(11, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(100, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(20, 32);call #Ultimate.allocInit(13, 33);call #Ultimate.allocInit(19, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(19, 36);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(115, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_encrypted~0 := -1; {3988#true} is VALID [2022-02-20 18:00:28,147 INFO L290 TraceCheckUtils]: 1: Hoare triple {3988#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~9#1, main_~tmp~7#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {3988#true} is VALID [2022-02-20 18:00:28,147 INFO L290 TraceCheckUtils]: 2: Hoare triple {3988#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {3988#true} is VALID [2022-02-20 18:00:28,147 INFO L290 TraceCheckUtils]: 3: Hoare triple {3988#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {3988#true} is VALID [2022-02-20 18:00:28,147 INFO L290 TraceCheckUtils]: 4: Hoare triple {3988#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {3988#true} is VALID [2022-02-20 18:00:28,148 INFO L290 TraceCheckUtils]: 5: Hoare triple {3988#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {3988#true} is VALID [2022-02-20 18:00:28,148 INFO L272 TraceCheckUtils]: 6: Hoare triple {3988#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {4047#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:28,148 INFO L290 TraceCheckUtils]: 7: Hoare triple {4047#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3988#true} is VALID [2022-02-20 18:00:28,149 INFO L290 TraceCheckUtils]: 8: Hoare triple {3988#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3988#true} is VALID [2022-02-20 18:00:28,149 INFO L290 TraceCheckUtils]: 9: Hoare triple {3988#true} assume true; {3988#true} is VALID [2022-02-20 18:00:28,149 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {3988#true} {3988#true} #829#return; {3988#true} is VALID [2022-02-20 18:00:28,149 INFO L290 TraceCheckUtils]: 11: Hoare triple {3988#true} assume { :end_inline_setup_bob__wrappee__Base } true; {3988#true} is VALID [2022-02-20 18:00:28,153 INFO L272 TraceCheckUtils]: 12: Hoare triple {3988#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {4048#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:28,154 INFO L290 TraceCheckUtils]: 13: Hoare triple {4048#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3988#true} is VALID [2022-02-20 18:00:28,154 INFO L290 TraceCheckUtils]: 14: Hoare triple {3988#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3988#true} is VALID [2022-02-20 18:00:28,154 INFO L290 TraceCheckUtils]: 15: Hoare triple {3988#true} assume true; {3988#true} is VALID [2022-02-20 18:00:28,154 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {3988#true} {3988#true} #831#return; {3988#true} is VALID [2022-02-20 18:00:28,154 INFO L290 TraceCheckUtils]: 17: Hoare triple {3988#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 24, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {3998#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:00:28,155 INFO L272 TraceCheckUtils]: 18: Hoare triple {3998#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {4047#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:28,155 INFO L290 TraceCheckUtils]: 19: Hoare triple {4047#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4049#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:28,156 INFO L290 TraceCheckUtils]: 20: Hoare triple {4049#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4050#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:28,156 INFO L290 TraceCheckUtils]: 21: Hoare triple {4050#(= |setClientId_#in~handle| 1)} assume true; {4050#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:28,156 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {4050#(= |setClientId_#in~handle| 1)} {3998#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #833#return; {3989#false} is VALID [2022-02-20 18:00:28,156 INFO L290 TraceCheckUtils]: 23: Hoare triple {3989#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {3989#false} is VALID [2022-02-20 18:00:28,157 INFO L272 TraceCheckUtils]: 24: Hoare triple {3989#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {4048#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:28,157 INFO L290 TraceCheckUtils]: 25: Hoare triple {4048#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3988#true} is VALID [2022-02-20 18:00:28,157 INFO L290 TraceCheckUtils]: 26: Hoare triple {3988#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3988#true} is VALID [2022-02-20 18:00:28,157 INFO L290 TraceCheckUtils]: 27: Hoare triple {3988#true} assume true; {3988#true} is VALID [2022-02-20 18:00:28,157 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {3988#true} {3989#false} #835#return; {3989#false} is VALID [2022-02-20 18:00:28,157 INFO L290 TraceCheckUtils]: 29: Hoare triple {3989#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 25, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {3989#false} is VALID [2022-02-20 18:00:28,157 INFO L272 TraceCheckUtils]: 30: Hoare triple {3989#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {4047#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:28,157 INFO L290 TraceCheckUtils]: 31: Hoare triple {4047#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3988#true} is VALID [2022-02-20 18:00:28,158 INFO L290 TraceCheckUtils]: 32: Hoare triple {3988#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3988#true} is VALID [2022-02-20 18:00:28,158 INFO L290 TraceCheckUtils]: 33: Hoare triple {3988#true} assume true; {3988#true} is VALID [2022-02-20 18:00:28,158 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {3988#true} {3989#false} #837#return; {3989#false} is VALID [2022-02-20 18:00:28,158 INFO L290 TraceCheckUtils]: 35: Hoare triple {3989#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {3989#false} is VALID [2022-02-20 18:00:28,158 INFO L272 TraceCheckUtils]: 36: Hoare triple {3989#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {4048#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:28,158 INFO L290 TraceCheckUtils]: 37: Hoare triple {4048#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3988#true} is VALID [2022-02-20 18:00:28,158 INFO L290 TraceCheckUtils]: 38: Hoare triple {3988#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3988#true} is VALID [2022-02-20 18:00:28,158 INFO L290 TraceCheckUtils]: 39: Hoare triple {3988#true} assume true; {3988#true} is VALID [2022-02-20 18:00:28,159 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {3988#true} {3989#false} #839#return; {3989#false} is VALID [2022-02-20 18:00:28,159 INFO L290 TraceCheckUtils]: 41: Hoare triple {3989#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 26, 0;havoc setup_#t~nondet49#1; {3989#false} is VALID [2022-02-20 18:00:28,159 INFO L290 TraceCheckUtils]: 42: Hoare triple {3989#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {3989#false} is VALID [2022-02-20 18:00:28,159 INFO L290 TraceCheckUtils]: 43: Hoare triple {3989#false} assume !false; {3989#false} is VALID [2022-02-20 18:00:28,159 INFO L290 TraceCheckUtils]: 44: Hoare triple {3989#false} assume test_~splverifierCounter~0#1 < 4; {3989#false} is VALID [2022-02-20 18:00:28,159 INFO L290 TraceCheckUtils]: 45: Hoare triple {3989#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {3989#false} is VALID [2022-02-20 18:00:28,159 INFO L290 TraceCheckUtils]: 46: Hoare triple {3989#false} assume !(0 == test_~op1~0#1); {3989#false} is VALID [2022-02-20 18:00:28,159 INFO L290 TraceCheckUtils]: 47: Hoare triple {3989#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet87#1 && test_#t~nondet87#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet87#1;havoc test_#t~nondet87#1; {3989#false} is VALID [2022-02-20 18:00:28,160 INFO L290 TraceCheckUtils]: 48: Hoare triple {3989#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {3989#false} is VALID [2022-02-20 18:00:28,160 INFO L290 TraceCheckUtils]: 49: Hoare triple {3989#false} assume !false; {3989#false} is VALID [2022-02-20 18:00:28,160 INFO L290 TraceCheckUtils]: 50: Hoare triple {3989#false} assume !(test_~splverifierCounter~0#1 < 4); {3989#false} is VALID [2022-02-20 18:00:28,160 INFO L290 TraceCheckUtils]: 51: Hoare triple {3989#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret42#1 := puts(22, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {3989#false} is VALID [2022-02-20 18:00:28,160 INFO L272 TraceCheckUtils]: 52: Hoare triple {3989#false} call sendEmail(~bob~0, ~rjh~0); {3989#false} is VALID [2022-02-20 18:00:28,160 INFO L290 TraceCheckUtils]: 53: Hoare triple {3989#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~5#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~5#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {3989#false} is VALID [2022-02-20 18:00:28,160 INFO L272 TraceCheckUtils]: 54: Hoare triple {3989#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {4051#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:28,160 INFO L290 TraceCheckUtils]: 55: Hoare triple {4051#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3988#true} is VALID [2022-02-20 18:00:28,160 INFO L290 TraceCheckUtils]: 56: Hoare triple {3988#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3988#true} is VALID [2022-02-20 18:00:28,161 INFO L290 TraceCheckUtils]: 57: Hoare triple {3988#true} assume true; {3988#true} is VALID [2022-02-20 18:00:28,161 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {3988#true} {3989#false} #825#return; {3989#false} is VALID [2022-02-20 18:00:28,161 INFO L290 TraceCheckUtils]: 59: Hoare triple {3989#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {3989#false} is VALID [2022-02-20 18:00:28,161 INFO L290 TraceCheckUtils]: 60: Hoare triple {3989#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {3989#false} is VALID [2022-02-20 18:00:28,161 INFO L290 TraceCheckUtils]: 61: Hoare triple {3989#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~5#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~5#1; {3989#false} is VALID [2022-02-20 18:00:28,161 INFO L290 TraceCheckUtils]: 62: Hoare triple {3989#false} #t~ret75#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret75#1 && #t~ret75#1 <= 2147483647;~tmp~16#1 := #t~ret75#1;havoc #t~ret75#1;~email~0#1 := ~tmp~16#1; {3989#false} is VALID [2022-02-20 18:00:28,161 INFO L272 TraceCheckUtils]: 63: Hoare triple {3989#false} call outgoing(~sender#1, ~email~0#1); {3989#false} is VALID [2022-02-20 18:00:28,161 INFO L290 TraceCheckUtils]: 64: Hoare triple {3989#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~13#1;havoc ~pubkey~0#1;havoc ~tmp___0~4#1; {3989#false} is VALID [2022-02-20 18:00:28,161 INFO L272 TraceCheckUtils]: 65: Hoare triple {3989#false} call #t~ret67#1 := getEmailTo(~msg#1); {3988#true} is VALID [2022-02-20 18:00:28,162 INFO L290 TraceCheckUtils]: 66: Hoare triple {3988#true} ~handle := #in~handle;havoc ~retValue_acc~30; {3988#true} is VALID [2022-02-20 18:00:28,162 INFO L290 TraceCheckUtils]: 67: Hoare triple {3988#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {3988#true} is VALID [2022-02-20 18:00:28,162 INFO L290 TraceCheckUtils]: 68: Hoare triple {3988#true} assume true; {3988#true} is VALID [2022-02-20 18:00:28,162 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {3988#true} {3989#false} #787#return; {3989#false} is VALID [2022-02-20 18:00:28,162 INFO L290 TraceCheckUtils]: 70: Hoare triple {3989#false} assume -2147483648 <= #t~ret67#1 && #t~ret67#1 <= 2147483647;~tmp~13#1 := #t~ret67#1;havoc #t~ret67#1;~receiver~0#1 := ~tmp~13#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~24#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~24#1; {3989#false} is VALID [2022-02-20 18:00:28,162 INFO L290 TraceCheckUtils]: 71: Hoare triple {3989#false} assume 1 == findPublicKey_~handle#1; {3989#false} is VALID [2022-02-20 18:00:28,162 INFO L290 TraceCheckUtils]: 72: Hoare triple {3989#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~24#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~24#1; {3989#false} is VALID [2022-02-20 18:00:28,162 INFO L290 TraceCheckUtils]: 73: Hoare triple {3989#false} #t~ret68#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret68#1 && #t~ret68#1 <= 2147483647;~tmp___0~4#1 := #t~ret68#1;havoc #t~ret68#1;~pubkey~0#1 := ~tmp___0~4#1; {3989#false} is VALID [2022-02-20 18:00:28,162 INFO L290 TraceCheckUtils]: 74: Hoare triple {3989#false} assume !(0 != ~pubkey~0#1); {3989#false} is VALID [2022-02-20 18:00:28,163 INFO L290 TraceCheckUtils]: 75: Hoare triple {3989#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret66#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~12#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {3989#false} is VALID [2022-02-20 18:00:28,163 INFO L290 TraceCheckUtils]: 76: Hoare triple {3989#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {3989#false} is VALID [2022-02-20 18:00:28,163 INFO L290 TraceCheckUtils]: 77: Hoare triple {3989#false} outgoing__wrappee__Keys_#t~ret66#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret66#1 && outgoing__wrappee__Keys_#t~ret66#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~12#1 := outgoing__wrappee__Keys_#t~ret66#1;havoc outgoing__wrappee__Keys_#t~ret66#1; {3989#false} is VALID [2022-02-20 18:00:28,163 INFO L272 TraceCheckUtils]: 78: Hoare triple {3989#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1); {4051#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:28,163 INFO L290 TraceCheckUtils]: 79: Hoare triple {4051#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3988#true} is VALID [2022-02-20 18:00:28,163 INFO L290 TraceCheckUtils]: 80: Hoare triple {3988#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3988#true} is VALID [2022-02-20 18:00:28,163 INFO L290 TraceCheckUtils]: 81: Hoare triple {3988#true} assume true; {3988#true} is VALID [2022-02-20 18:00:28,163 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {3988#true} {3989#false} #793#return; {3989#false} is VALID [2022-02-20 18:00:28,163 INFO L290 TraceCheckUtils]: 83: Hoare triple {3989#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret64#1, mail_#t~ret65#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~11#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~11#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 := puts(33, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1; {3989#false} is VALID [2022-02-20 18:00:28,164 INFO L272 TraceCheckUtils]: 84: Hoare triple {3989#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {3988#true} is VALID [2022-02-20 18:00:28,164 INFO L290 TraceCheckUtils]: 85: Hoare triple {3988#true} ~handle := #in~handle;havoc ~retValue_acc~33; {3988#true} is VALID [2022-02-20 18:00:28,164 INFO L290 TraceCheckUtils]: 86: Hoare triple {3988#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~33; {3988#true} is VALID [2022-02-20 18:00:28,164 INFO L290 TraceCheckUtils]: 87: Hoare triple {3988#true} assume true; {3988#true} is VALID [2022-02-20 18:00:28,164 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {3988#true} {3989#false} #795#return; {3989#false} is VALID [2022-02-20 18:00:28,164 INFO L290 TraceCheckUtils]: 89: Hoare triple {3989#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset := 34, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1; {3989#false} is VALID [2022-02-20 18:00:28,164 INFO L290 TraceCheckUtils]: 90: Hoare triple {3989#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret64#1 := puts(30, 0);assume -2147483648 <= mail_#t~ret64#1 && mail_#t~ret64#1 <= 2147483647;havoc mail_#t~ret64#1; {3989#false} is VALID [2022-02-20 18:00:28,164 INFO L272 TraceCheckUtils]: 91: Hoare triple {3989#false} call mail_#t~ret65#1 := getEmailTo(mail_~msg#1); {3988#true} is VALID [2022-02-20 18:00:28,165 INFO L290 TraceCheckUtils]: 92: Hoare triple {3988#true} ~handle := #in~handle;havoc ~retValue_acc~30; {3988#true} is VALID [2022-02-20 18:00:28,165 INFO L290 TraceCheckUtils]: 93: Hoare triple {3988#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {3988#true} is VALID [2022-02-20 18:00:28,165 INFO L290 TraceCheckUtils]: 94: Hoare triple {3988#true} assume true; {3988#true} is VALID [2022-02-20 18:00:28,165 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {3988#true} {3989#false} #797#return; {3989#false} is VALID [2022-02-20 18:00:28,165 INFO L290 TraceCheckUtils]: 96: Hoare triple {3989#false} assume -2147483648 <= mail_#t~ret65#1 && mail_#t~ret65#1 <= 2147483647;mail_~tmp~11#1 := mail_#t~ret65#1;havoc mail_#t~ret65#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~11#1, mail_~msg#1;havoc incoming_#t~ret70#1, incoming_#t~ret71#1, incoming_#t~ret72#1, incoming_#t~ret73#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~14#1, incoming_~tmp___0~5#1, incoming_~tmp___1~2#1, incoming_~tmp___2~1#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~14#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~2#1;havoc incoming_~tmp___2~1#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 := puts(35, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset := 36, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1; {3989#false} is VALID [2022-02-20 18:00:28,165 INFO L290 TraceCheckUtils]: 97: Hoare triple {3989#false} assume 1 == ~sent_encrypted~0; {3989#false} is VALID [2022-02-20 18:00:28,165 INFO L272 TraceCheckUtils]: 98: Hoare triple {3989#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {3988#true} is VALID [2022-02-20 18:00:28,165 INFO L290 TraceCheckUtils]: 99: Hoare triple {3988#true} ~handle := #in~handle;havoc ~retValue_acc~19; {3988#true} is VALID [2022-02-20 18:00:28,165 INFO L290 TraceCheckUtils]: 100: Hoare triple {3988#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {3988#true} is VALID [2022-02-20 18:00:28,166 INFO L290 TraceCheckUtils]: 101: Hoare triple {3988#true} assume true; {3988#true} is VALID [2022-02-20 18:00:28,166 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {3988#true} {3989#false} #799#return; {3989#false} is VALID [2022-02-20 18:00:28,166 INFO L290 TraceCheckUtils]: 103: Hoare triple {3989#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~17#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1; {3989#false} is VALID [2022-02-20 18:00:28,166 INFO L272 TraceCheckUtils]: 104: Hoare triple {3989#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {3988#true} is VALID [2022-02-20 18:00:28,166 INFO L290 TraceCheckUtils]: 105: Hoare triple {3988#true} ~handle := #in~handle;havoc ~retValue_acc~34; {3988#true} is VALID [2022-02-20 18:00:28,166 INFO L290 TraceCheckUtils]: 106: Hoare triple {3988#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~34; {3988#true} is VALID [2022-02-20 18:00:28,166 INFO L290 TraceCheckUtils]: 107: Hoare triple {3988#true} assume true; {3988#true} is VALID [2022-02-20 18:00:28,166 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {3988#true} {3989#false} #801#return; {3989#false} is VALID [2022-02-20 18:00:28,166 INFO L290 TraceCheckUtils]: 109: Hoare triple {3989#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1; {3989#false} is VALID [2022-02-20 18:00:28,167 INFO L272 TraceCheckUtils]: 110: Hoare triple {3989#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1); {3988#true} is VALID [2022-02-20 18:00:28,167 INFO L290 TraceCheckUtils]: 111: Hoare triple {3988#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~42;havoc ~__cil_tmp4~4.base, ~__cil_tmp4~4.offset;~__cil_tmp4~4.base, ~__cil_tmp4~4.offset := 32, 0;havoc #t~nondet76; {3988#true} is VALID [2022-02-20 18:00:28,167 INFO L290 TraceCheckUtils]: 112: Hoare triple {3988#true} assume 0 == ~publicKey;~retValue_acc~42 := 0;#res := ~retValue_acc~42; {3988#true} is VALID [2022-02-20 18:00:28,167 INFO L290 TraceCheckUtils]: 113: Hoare triple {3988#true} assume true; {3988#true} is VALID [2022-02-20 18:00:28,167 INFO L284 TraceCheckUtils]: 114: Hoare quadruple {3988#true} {3989#false} #803#return; {3989#false} is VALID [2022-02-20 18:00:28,167 INFO L290 TraceCheckUtils]: 115: Hoare triple {3989#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1; {3989#false} is VALID [2022-02-20 18:00:28,167 INFO L290 TraceCheckUtils]: 116: Hoare triple {3989#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1);assume { :begin_inline___automaton_fail } true; {3989#false} is VALID [2022-02-20 18:00:28,167 INFO L290 TraceCheckUtils]: 117: Hoare triple {3989#false} assume !false; {3989#false} is VALID [2022-02-20 18:00:28,168 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 18:00:28,168 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:00:28,168 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [522757492] [2022-02-20 18:00:28,168 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [522757492] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:00:28,168 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1556039650] [2022-02-20 18:00:28,169 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:28,169 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:00:28,169 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:00:28,170 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:00:28,171 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-02-20 18:00:28,392 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:28,396 INFO L263 TraceCheckSpWp]: Trace formula consists of 1040 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 18:00:28,426 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:28,428 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:00:28,686 INFO L290 TraceCheckUtils]: 0: Hoare triple {3988#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(21, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(44, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(11, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(100, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(20, 32);call #Ultimate.allocInit(13, 33);call #Ultimate.allocInit(19, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(19, 36);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(115, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_encrypted~0 := -1; {3988#true} is VALID [2022-02-20 18:00:28,686 INFO L290 TraceCheckUtils]: 1: Hoare triple {3988#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~9#1, main_~tmp~7#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {3988#true} is VALID [2022-02-20 18:00:28,686 INFO L290 TraceCheckUtils]: 2: Hoare triple {3988#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {3988#true} is VALID [2022-02-20 18:00:28,686 INFO L290 TraceCheckUtils]: 3: Hoare triple {3988#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {3988#true} is VALID [2022-02-20 18:00:28,686 INFO L290 TraceCheckUtils]: 4: Hoare triple {3988#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {3988#true} is VALID [2022-02-20 18:00:28,686 INFO L290 TraceCheckUtils]: 5: Hoare triple {3988#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {3988#true} is VALID [2022-02-20 18:00:28,687 INFO L272 TraceCheckUtils]: 6: Hoare triple {3988#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {3988#true} is VALID [2022-02-20 18:00:28,687 INFO L290 TraceCheckUtils]: 7: Hoare triple {3988#true} ~handle := #in~handle;~value := #in~value; {3988#true} is VALID [2022-02-20 18:00:28,687 INFO L290 TraceCheckUtils]: 8: Hoare triple {3988#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3988#true} is VALID [2022-02-20 18:00:28,687 INFO L290 TraceCheckUtils]: 9: Hoare triple {3988#true} assume true; {3988#true} is VALID [2022-02-20 18:00:28,687 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {3988#true} {3988#true} #829#return; {3988#true} is VALID [2022-02-20 18:00:28,687 INFO L290 TraceCheckUtils]: 11: Hoare triple {3988#true} assume { :end_inline_setup_bob__wrappee__Base } true; {3988#true} is VALID [2022-02-20 18:00:28,687 INFO L272 TraceCheckUtils]: 12: Hoare triple {3988#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {3988#true} is VALID [2022-02-20 18:00:28,687 INFO L290 TraceCheckUtils]: 13: Hoare triple {3988#true} ~handle := #in~handle;~value := #in~value; {3988#true} is VALID [2022-02-20 18:00:28,687 INFO L290 TraceCheckUtils]: 14: Hoare triple {3988#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3988#true} is VALID [2022-02-20 18:00:28,688 INFO L290 TraceCheckUtils]: 15: Hoare triple {3988#true} assume true; {3988#true} is VALID [2022-02-20 18:00:28,688 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {3988#true} {3988#true} #831#return; {3988#true} is VALID [2022-02-20 18:00:28,688 INFO L290 TraceCheckUtils]: 17: Hoare triple {3988#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 24, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {3988#true} is VALID [2022-02-20 18:00:28,688 INFO L272 TraceCheckUtils]: 18: Hoare triple {3988#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {3988#true} is VALID [2022-02-20 18:00:28,688 INFO L290 TraceCheckUtils]: 19: Hoare triple {3988#true} ~handle := #in~handle;~value := #in~value; {3988#true} is VALID [2022-02-20 18:00:28,688 INFO L290 TraceCheckUtils]: 20: Hoare triple {3988#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3988#true} is VALID [2022-02-20 18:00:28,688 INFO L290 TraceCheckUtils]: 21: Hoare triple {3988#true} assume true; {3988#true} is VALID [2022-02-20 18:00:28,688 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {3988#true} {3988#true} #833#return; {3988#true} is VALID [2022-02-20 18:00:28,688 INFO L290 TraceCheckUtils]: 23: Hoare triple {3988#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {3988#true} is VALID [2022-02-20 18:00:28,688 INFO L272 TraceCheckUtils]: 24: Hoare triple {3988#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {3988#true} is VALID [2022-02-20 18:00:28,689 INFO L290 TraceCheckUtils]: 25: Hoare triple {3988#true} ~handle := #in~handle;~value := #in~value; {3988#true} is VALID [2022-02-20 18:00:28,689 INFO L290 TraceCheckUtils]: 26: Hoare triple {3988#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3988#true} is VALID [2022-02-20 18:00:28,689 INFO L290 TraceCheckUtils]: 27: Hoare triple {3988#true} assume true; {3988#true} is VALID [2022-02-20 18:00:28,689 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {3988#true} {3988#true} #835#return; {3988#true} is VALID [2022-02-20 18:00:28,689 INFO L290 TraceCheckUtils]: 29: Hoare triple {3988#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 25, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {3988#true} is VALID [2022-02-20 18:00:28,689 INFO L272 TraceCheckUtils]: 30: Hoare triple {3988#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {3988#true} is VALID [2022-02-20 18:00:28,689 INFO L290 TraceCheckUtils]: 31: Hoare triple {3988#true} ~handle := #in~handle;~value := #in~value; {3988#true} is VALID [2022-02-20 18:00:28,689 INFO L290 TraceCheckUtils]: 32: Hoare triple {3988#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3988#true} is VALID [2022-02-20 18:00:28,689 INFO L290 TraceCheckUtils]: 33: Hoare triple {3988#true} assume true; {3988#true} is VALID [2022-02-20 18:00:28,690 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {3988#true} {3988#true} #837#return; {3988#true} is VALID [2022-02-20 18:00:28,690 INFO L290 TraceCheckUtils]: 35: Hoare triple {3988#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {3988#true} is VALID [2022-02-20 18:00:28,690 INFO L272 TraceCheckUtils]: 36: Hoare triple {3988#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {3988#true} is VALID [2022-02-20 18:00:28,690 INFO L290 TraceCheckUtils]: 37: Hoare triple {3988#true} ~handle := #in~handle;~value := #in~value; {3988#true} is VALID [2022-02-20 18:00:28,690 INFO L290 TraceCheckUtils]: 38: Hoare triple {3988#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3988#true} is VALID [2022-02-20 18:00:28,690 INFO L290 TraceCheckUtils]: 39: Hoare triple {3988#true} assume true; {3988#true} is VALID [2022-02-20 18:00:28,690 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {3988#true} {3988#true} #839#return; {3988#true} is VALID [2022-02-20 18:00:28,690 INFO L290 TraceCheckUtils]: 41: Hoare triple {3988#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 26, 0;havoc setup_#t~nondet49#1; {3988#true} is VALID [2022-02-20 18:00:28,691 INFO L290 TraceCheckUtils]: 42: Hoare triple {3988#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {4181#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:00:28,691 INFO L290 TraceCheckUtils]: 43: Hoare triple {4181#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !false; {4181#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:00:28,691 INFO L290 TraceCheckUtils]: 44: Hoare triple {4181#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {4181#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:00:28,691 INFO L290 TraceCheckUtils]: 45: Hoare triple {4181#(= |ULTIMATE.start_test_~op1~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {4181#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:00:28,692 INFO L290 TraceCheckUtils]: 46: Hoare triple {4181#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !(0 == test_~op1~0#1); {3989#false} is VALID [2022-02-20 18:00:28,692 INFO L290 TraceCheckUtils]: 47: Hoare triple {3989#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet87#1 && test_#t~nondet87#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet87#1;havoc test_#t~nondet87#1; {3989#false} is VALID [2022-02-20 18:00:28,692 INFO L290 TraceCheckUtils]: 48: Hoare triple {3989#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {3989#false} is VALID [2022-02-20 18:00:28,692 INFO L290 TraceCheckUtils]: 49: Hoare triple {3989#false} assume !false; {3989#false} is VALID [2022-02-20 18:00:28,692 INFO L290 TraceCheckUtils]: 50: Hoare triple {3989#false} assume !(test_~splverifierCounter~0#1 < 4); {3989#false} is VALID [2022-02-20 18:00:28,692 INFO L290 TraceCheckUtils]: 51: Hoare triple {3989#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret42#1 := puts(22, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {3989#false} is VALID [2022-02-20 18:00:28,692 INFO L272 TraceCheckUtils]: 52: Hoare triple {3989#false} call sendEmail(~bob~0, ~rjh~0); {3989#false} is VALID [2022-02-20 18:00:28,692 INFO L290 TraceCheckUtils]: 53: Hoare triple {3989#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~5#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~5#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {3989#false} is VALID [2022-02-20 18:00:28,693 INFO L272 TraceCheckUtils]: 54: Hoare triple {3989#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {3989#false} is VALID [2022-02-20 18:00:28,693 INFO L290 TraceCheckUtils]: 55: Hoare triple {3989#false} ~handle := #in~handle;~value := #in~value; {3989#false} is VALID [2022-02-20 18:00:28,693 INFO L290 TraceCheckUtils]: 56: Hoare triple {3989#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3989#false} is VALID [2022-02-20 18:00:28,693 INFO L290 TraceCheckUtils]: 57: Hoare triple {3989#false} assume true; {3989#false} is VALID [2022-02-20 18:00:28,693 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {3989#false} {3989#false} #825#return; {3989#false} is VALID [2022-02-20 18:00:28,693 INFO L290 TraceCheckUtils]: 59: Hoare triple {3989#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {3989#false} is VALID [2022-02-20 18:00:28,693 INFO L290 TraceCheckUtils]: 60: Hoare triple {3989#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {3989#false} is VALID [2022-02-20 18:00:28,693 INFO L290 TraceCheckUtils]: 61: Hoare triple {3989#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~5#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~5#1; {3989#false} is VALID [2022-02-20 18:00:28,693 INFO L290 TraceCheckUtils]: 62: Hoare triple {3989#false} #t~ret75#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret75#1 && #t~ret75#1 <= 2147483647;~tmp~16#1 := #t~ret75#1;havoc #t~ret75#1;~email~0#1 := ~tmp~16#1; {3989#false} is VALID [2022-02-20 18:00:28,694 INFO L272 TraceCheckUtils]: 63: Hoare triple {3989#false} call outgoing(~sender#1, ~email~0#1); {3989#false} is VALID [2022-02-20 18:00:28,694 INFO L290 TraceCheckUtils]: 64: Hoare triple {3989#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~13#1;havoc ~pubkey~0#1;havoc ~tmp___0~4#1; {3989#false} is VALID [2022-02-20 18:00:28,694 INFO L272 TraceCheckUtils]: 65: Hoare triple {3989#false} call #t~ret67#1 := getEmailTo(~msg#1); {3989#false} is VALID [2022-02-20 18:00:28,694 INFO L290 TraceCheckUtils]: 66: Hoare triple {3989#false} ~handle := #in~handle;havoc ~retValue_acc~30; {3989#false} is VALID [2022-02-20 18:00:28,694 INFO L290 TraceCheckUtils]: 67: Hoare triple {3989#false} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {3989#false} is VALID [2022-02-20 18:00:28,694 INFO L290 TraceCheckUtils]: 68: Hoare triple {3989#false} assume true; {3989#false} is VALID [2022-02-20 18:00:28,694 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {3989#false} {3989#false} #787#return; {3989#false} is VALID [2022-02-20 18:00:28,694 INFO L290 TraceCheckUtils]: 70: Hoare triple {3989#false} assume -2147483648 <= #t~ret67#1 && #t~ret67#1 <= 2147483647;~tmp~13#1 := #t~ret67#1;havoc #t~ret67#1;~receiver~0#1 := ~tmp~13#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~24#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~24#1; {3989#false} is VALID [2022-02-20 18:00:28,694 INFO L290 TraceCheckUtils]: 71: Hoare triple {3989#false} assume 1 == findPublicKey_~handle#1; {3989#false} is VALID [2022-02-20 18:00:28,694 INFO L290 TraceCheckUtils]: 72: Hoare triple {3989#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~24#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~24#1; {3989#false} is VALID [2022-02-20 18:00:28,695 INFO L290 TraceCheckUtils]: 73: Hoare triple {3989#false} #t~ret68#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret68#1 && #t~ret68#1 <= 2147483647;~tmp___0~4#1 := #t~ret68#1;havoc #t~ret68#1;~pubkey~0#1 := ~tmp___0~4#1; {3989#false} is VALID [2022-02-20 18:00:28,695 INFO L290 TraceCheckUtils]: 74: Hoare triple {3989#false} assume !(0 != ~pubkey~0#1); {3989#false} is VALID [2022-02-20 18:00:28,695 INFO L290 TraceCheckUtils]: 75: Hoare triple {3989#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret66#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~12#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {3989#false} is VALID [2022-02-20 18:00:28,695 INFO L290 TraceCheckUtils]: 76: Hoare triple {3989#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {3989#false} is VALID [2022-02-20 18:00:28,695 INFO L290 TraceCheckUtils]: 77: Hoare triple {3989#false} outgoing__wrappee__Keys_#t~ret66#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret66#1 && outgoing__wrappee__Keys_#t~ret66#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~12#1 := outgoing__wrappee__Keys_#t~ret66#1;havoc outgoing__wrappee__Keys_#t~ret66#1; {3989#false} is VALID [2022-02-20 18:00:28,695 INFO L272 TraceCheckUtils]: 78: Hoare triple {3989#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1); {3989#false} is VALID [2022-02-20 18:00:28,695 INFO L290 TraceCheckUtils]: 79: Hoare triple {3989#false} ~handle := #in~handle;~value := #in~value; {3989#false} is VALID [2022-02-20 18:00:28,695 INFO L290 TraceCheckUtils]: 80: Hoare triple {3989#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3989#false} is VALID [2022-02-20 18:00:28,695 INFO L290 TraceCheckUtils]: 81: Hoare triple {3989#false} assume true; {3989#false} is VALID [2022-02-20 18:00:28,696 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {3989#false} {3989#false} #793#return; {3989#false} is VALID [2022-02-20 18:00:28,696 INFO L290 TraceCheckUtils]: 83: Hoare triple {3989#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret64#1, mail_#t~ret65#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~11#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~11#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 := puts(33, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1; {3989#false} is VALID [2022-02-20 18:00:28,696 INFO L272 TraceCheckUtils]: 84: Hoare triple {3989#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {3989#false} is VALID [2022-02-20 18:00:28,696 INFO L290 TraceCheckUtils]: 85: Hoare triple {3989#false} ~handle := #in~handle;havoc ~retValue_acc~33; {3989#false} is VALID [2022-02-20 18:00:28,696 INFO L290 TraceCheckUtils]: 86: Hoare triple {3989#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~33; {3989#false} is VALID [2022-02-20 18:00:28,696 INFO L290 TraceCheckUtils]: 87: Hoare triple {3989#false} assume true; {3989#false} is VALID [2022-02-20 18:00:28,696 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {3989#false} {3989#false} #795#return; {3989#false} is VALID [2022-02-20 18:00:28,696 INFO L290 TraceCheckUtils]: 89: Hoare triple {3989#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset := 34, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1; {3989#false} is VALID [2022-02-20 18:00:28,696 INFO L290 TraceCheckUtils]: 90: Hoare triple {3989#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret64#1 := puts(30, 0);assume -2147483648 <= mail_#t~ret64#1 && mail_#t~ret64#1 <= 2147483647;havoc mail_#t~ret64#1; {3989#false} is VALID [2022-02-20 18:00:28,697 INFO L272 TraceCheckUtils]: 91: Hoare triple {3989#false} call mail_#t~ret65#1 := getEmailTo(mail_~msg#1); {3989#false} is VALID [2022-02-20 18:00:28,697 INFO L290 TraceCheckUtils]: 92: Hoare triple {3989#false} ~handle := #in~handle;havoc ~retValue_acc~30; {3989#false} is VALID [2022-02-20 18:00:28,697 INFO L290 TraceCheckUtils]: 93: Hoare triple {3989#false} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {3989#false} is VALID [2022-02-20 18:00:28,697 INFO L290 TraceCheckUtils]: 94: Hoare triple {3989#false} assume true; {3989#false} is VALID [2022-02-20 18:00:28,697 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {3989#false} {3989#false} #797#return; {3989#false} is VALID [2022-02-20 18:00:28,697 INFO L290 TraceCheckUtils]: 96: Hoare triple {3989#false} assume -2147483648 <= mail_#t~ret65#1 && mail_#t~ret65#1 <= 2147483647;mail_~tmp~11#1 := mail_#t~ret65#1;havoc mail_#t~ret65#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~11#1, mail_~msg#1;havoc incoming_#t~ret70#1, incoming_#t~ret71#1, incoming_#t~ret72#1, incoming_#t~ret73#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~14#1, incoming_~tmp___0~5#1, incoming_~tmp___1~2#1, incoming_~tmp___2~1#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~14#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~2#1;havoc incoming_~tmp___2~1#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 := puts(35, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset := 36, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1; {3989#false} is VALID [2022-02-20 18:00:28,697 INFO L290 TraceCheckUtils]: 97: Hoare triple {3989#false} assume 1 == ~sent_encrypted~0; {3989#false} is VALID [2022-02-20 18:00:28,697 INFO L272 TraceCheckUtils]: 98: Hoare triple {3989#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {3989#false} is VALID [2022-02-20 18:00:28,697 INFO L290 TraceCheckUtils]: 99: Hoare triple {3989#false} ~handle := #in~handle;havoc ~retValue_acc~19; {3989#false} is VALID [2022-02-20 18:00:28,698 INFO L290 TraceCheckUtils]: 100: Hoare triple {3989#false} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {3989#false} is VALID [2022-02-20 18:00:28,698 INFO L290 TraceCheckUtils]: 101: Hoare triple {3989#false} assume true; {3989#false} is VALID [2022-02-20 18:00:28,698 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {3989#false} {3989#false} #799#return; {3989#false} is VALID [2022-02-20 18:00:28,698 INFO L290 TraceCheckUtils]: 103: Hoare triple {3989#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~17#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1; {3989#false} is VALID [2022-02-20 18:00:28,698 INFO L272 TraceCheckUtils]: 104: Hoare triple {3989#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {3989#false} is VALID [2022-02-20 18:00:28,698 INFO L290 TraceCheckUtils]: 105: Hoare triple {3989#false} ~handle := #in~handle;havoc ~retValue_acc~34; {3989#false} is VALID [2022-02-20 18:00:28,698 INFO L290 TraceCheckUtils]: 106: Hoare triple {3989#false} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~34; {3989#false} is VALID [2022-02-20 18:00:28,698 INFO L290 TraceCheckUtils]: 107: Hoare triple {3989#false} assume true; {3989#false} is VALID [2022-02-20 18:00:28,698 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {3989#false} {3989#false} #801#return; {3989#false} is VALID [2022-02-20 18:00:28,699 INFO L290 TraceCheckUtils]: 109: Hoare triple {3989#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1; {3989#false} is VALID [2022-02-20 18:00:28,699 INFO L272 TraceCheckUtils]: 110: Hoare triple {3989#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1); {3989#false} is VALID [2022-02-20 18:00:28,699 INFO L290 TraceCheckUtils]: 111: Hoare triple {3989#false} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~42;havoc ~__cil_tmp4~4.base, ~__cil_tmp4~4.offset;~__cil_tmp4~4.base, ~__cil_tmp4~4.offset := 32, 0;havoc #t~nondet76; {3989#false} is VALID [2022-02-20 18:00:28,699 INFO L290 TraceCheckUtils]: 112: Hoare triple {3989#false} assume 0 == ~publicKey;~retValue_acc~42 := 0;#res := ~retValue_acc~42; {3989#false} is VALID [2022-02-20 18:00:28,699 INFO L290 TraceCheckUtils]: 113: Hoare triple {3989#false} assume true; {3989#false} is VALID [2022-02-20 18:00:28,699 INFO L284 TraceCheckUtils]: 114: Hoare quadruple {3989#false} {3989#false} #803#return; {3989#false} is VALID [2022-02-20 18:00:28,699 INFO L290 TraceCheckUtils]: 115: Hoare triple {3989#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1; {3989#false} is VALID [2022-02-20 18:00:28,699 INFO L290 TraceCheckUtils]: 116: Hoare triple {3989#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1);assume { :begin_inline___automaton_fail } true; {3989#false} is VALID [2022-02-20 18:00:28,699 INFO L290 TraceCheckUtils]: 117: Hoare triple {3989#false} assume !false; {3989#false} is VALID [2022-02-20 18:00:28,700 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 32 trivial. 0 not checked. [2022-02-20 18:00:28,700 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:00:28,700 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1556039650] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:00:28,700 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:00:28,700 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [8] total 9 [2022-02-20 18:00:28,701 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [427328084] [2022-02-20 18:00:28,701 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:00:28,701 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 23.333333333333332) internal successors, (70), 3 states have internal predecessors, (70), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) Word has length 118 [2022-02-20 18:00:28,702 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:00:28,702 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 23.333333333333332) internal successors, (70), 3 states have internal predecessors, (70), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:00:28,765 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 100 edges. 100 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:28,765 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:00:28,765 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:00:28,766 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:00:28,766 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:00:28,766 INFO L87 Difference]: Start difference. First operand 269 states and 402 transitions. Second operand has 3 states, 3 states have (on average 23.333333333333332) internal successors, (70), 3 states have internal predecessors, (70), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:00:29,129 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:29,130 INFO L93 Difference]: Finished difference Result 563 states and 855 transitions. [2022-02-20 18:00:29,130 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:00:29,130 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 23.333333333333332) internal successors, (70), 3 states have internal predecessors, (70), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) Word has length 118 [2022-02-20 18:00:29,130 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:00:29,130 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 23.333333333333332) internal successors, (70), 3 states have internal predecessors, (70), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:00:29,139 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 853 transitions. [2022-02-20 18:00:29,139 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 23.333333333333332) internal successors, (70), 3 states have internal predecessors, (70), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:00:29,147 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 853 transitions. [2022-02-20 18:00:29,147 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 853 transitions. [2022-02-20 18:00:29,691 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 853 edges. 853 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:29,697 INFO L225 Difference]: With dead ends: 563 [2022-02-20 18:00:29,698 INFO L226 Difference]: Without dead ends: 321 [2022-02-20 18:00:29,698 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 149 GetRequests, 142 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:00:29,699 INFO L933 BasicCegarLoop]: 424 mSDtfsCounter, 99 mSDsluCounter, 354 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 114 SdHoareTripleChecker+Valid, 778 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:00:29,700 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [114 Valid, 778 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:00:29,700 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 321 states. [2022-02-20 18:00:29,708 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 321 to 313. [2022-02-20 18:00:29,708 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:00:29,709 INFO L82 GeneralOperation]: Start isEquivalent. First operand 321 states. Second operand has 313 states, 241 states have (on average 1.5394190871369295) internal successors, (371), 244 states have internal predecessors, (371), 54 states have call successors, (54), 17 states have call predecessors, (54), 17 states have return successors, (53), 53 states have call predecessors, (53), 53 states have call successors, (53) [2022-02-20 18:00:29,710 INFO L74 IsIncluded]: Start isIncluded. First operand 321 states. Second operand has 313 states, 241 states have (on average 1.5394190871369295) internal successors, (371), 244 states have internal predecessors, (371), 54 states have call successors, (54), 17 states have call predecessors, (54), 17 states have return successors, (53), 53 states have call predecessors, (53), 53 states have call successors, (53) [2022-02-20 18:00:29,710 INFO L87 Difference]: Start difference. First operand 321 states. Second operand has 313 states, 241 states have (on average 1.5394190871369295) internal successors, (371), 244 states have internal predecessors, (371), 54 states have call successors, (54), 17 states have call predecessors, (54), 17 states have return successors, (53), 53 states have call predecessors, (53), 53 states have call successors, (53) [2022-02-20 18:00:29,719 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:29,719 INFO L93 Difference]: Finished difference Result 321 states and 487 transitions. [2022-02-20 18:00:29,719 INFO L276 IsEmpty]: Start isEmpty. Operand 321 states and 487 transitions. [2022-02-20 18:00:29,720 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:29,720 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:29,721 INFO L74 IsIncluded]: Start isIncluded. First operand has 313 states, 241 states have (on average 1.5394190871369295) internal successors, (371), 244 states have internal predecessors, (371), 54 states have call successors, (54), 17 states have call predecessors, (54), 17 states have return successors, (53), 53 states have call predecessors, (53), 53 states have call successors, (53) Second operand 321 states. [2022-02-20 18:00:29,722 INFO L87 Difference]: Start difference. First operand has 313 states, 241 states have (on average 1.5394190871369295) internal successors, (371), 244 states have internal predecessors, (371), 54 states have call successors, (54), 17 states have call predecessors, (54), 17 states have return successors, (53), 53 states have call predecessors, (53), 53 states have call successors, (53) Second operand 321 states. [2022-02-20 18:00:29,731 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:29,731 INFO L93 Difference]: Finished difference Result 321 states and 487 transitions. [2022-02-20 18:00:29,731 INFO L276 IsEmpty]: Start isEmpty. Operand 321 states and 487 transitions. [2022-02-20 18:00:29,732 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:29,732 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:29,732 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:00:29,732 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:00:29,733 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 313 states, 241 states have (on average 1.5394190871369295) internal successors, (371), 244 states have internal predecessors, (371), 54 states have call successors, (54), 17 states have call predecessors, (54), 17 states have return successors, (53), 53 states have call predecessors, (53), 53 states have call successors, (53) [2022-02-20 18:00:29,741 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 313 states to 313 states and 478 transitions. [2022-02-20 18:00:29,742 INFO L78 Accepts]: Start accepts. Automaton has 313 states and 478 transitions. Word has length 118 [2022-02-20 18:00:29,742 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:00:29,742 INFO L470 AbstractCegarLoop]: Abstraction has 313 states and 478 transitions. [2022-02-20 18:00:29,742 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 23.333333333333332) internal successors, (70), 3 states have internal predecessors, (70), 2 states have call successors, (16), 2 states have call predecessors, (16), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:00:29,742 INFO L276 IsEmpty]: Start isEmpty. Operand 313 states and 478 transitions. [2022-02-20 18:00:29,744 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 120 [2022-02-20 18:00:29,744 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:00:29,744 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:00:29,764 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-02-20 18:00:29,960 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:00:29,960 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:00:29,960 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:00:29,960 INFO L85 PathProgramCache]: Analyzing trace with hash 1202284878, now seen corresponding path program 1 times [2022-02-20 18:00:29,960 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:00:29,960 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [487911451] [2022-02-20 18:00:29,960 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:29,961 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:00:29,999 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:30,019 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:00:30,021 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:30,022 INFO L290 TraceCheckUtils]: 0: Hoare triple {6343#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {6284#true} is VALID [2022-02-20 18:00:30,022 INFO L290 TraceCheckUtils]: 1: Hoare triple {6284#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6284#true} is VALID [2022-02-20 18:00:30,022 INFO L290 TraceCheckUtils]: 2: Hoare triple {6284#true} assume true; {6284#true} is VALID [2022-02-20 18:00:30,023 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6284#true} {6284#true} #829#return; {6284#true} is VALID [2022-02-20 18:00:30,027 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:00:30,028 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:30,030 INFO L290 TraceCheckUtils]: 0: Hoare triple {6344#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {6284#true} is VALID [2022-02-20 18:00:30,030 INFO L290 TraceCheckUtils]: 1: Hoare triple {6284#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6284#true} is VALID [2022-02-20 18:00:30,030 INFO L290 TraceCheckUtils]: 2: Hoare triple {6284#true} assume true; {6284#true} is VALID [2022-02-20 18:00:30,030 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6284#true} {6284#true} #831#return; {6284#true} is VALID [2022-02-20 18:00:30,030 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:00:30,032 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:30,042 INFO L290 TraceCheckUtils]: 0: Hoare triple {6343#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {6345#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:30,043 INFO L290 TraceCheckUtils]: 1: Hoare triple {6345#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6346#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:30,043 INFO L290 TraceCheckUtils]: 2: Hoare triple {6346#(= |setClientId_#in~handle| 1)} assume true; {6346#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:30,043 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6346#(= |setClientId_#in~handle| 1)} {6294#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #833#return; {6285#false} is VALID [2022-02-20 18:00:30,044 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:00:30,045 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:30,046 INFO L290 TraceCheckUtils]: 0: Hoare triple {6344#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {6284#true} is VALID [2022-02-20 18:00:30,047 INFO L290 TraceCheckUtils]: 1: Hoare triple {6284#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6284#true} is VALID [2022-02-20 18:00:30,047 INFO L290 TraceCheckUtils]: 2: Hoare triple {6284#true} assume true; {6284#true} is VALID [2022-02-20 18:00:30,047 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6284#true} {6285#false} #835#return; {6285#false} is VALID [2022-02-20 18:00:30,047 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:00:30,048 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:30,049 INFO L290 TraceCheckUtils]: 0: Hoare triple {6343#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {6284#true} is VALID [2022-02-20 18:00:30,049 INFO L290 TraceCheckUtils]: 1: Hoare triple {6284#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6284#true} is VALID [2022-02-20 18:00:30,049 INFO L290 TraceCheckUtils]: 2: Hoare triple {6284#true} assume true; {6284#true} is VALID [2022-02-20 18:00:30,049 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6284#true} {6285#false} #837#return; {6285#false} is VALID [2022-02-20 18:00:30,049 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:00:30,050 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:30,064 INFO L290 TraceCheckUtils]: 0: Hoare triple {6344#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {6284#true} is VALID [2022-02-20 18:00:30,064 INFO L290 TraceCheckUtils]: 1: Hoare triple {6284#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6284#true} is VALID [2022-02-20 18:00:30,064 INFO L290 TraceCheckUtils]: 2: Hoare triple {6284#true} assume true; {6284#true} is VALID [2022-02-20 18:00:30,064 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6284#true} {6285#false} #839#return; {6285#false} is VALID [2022-02-20 18:00:30,070 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 55 [2022-02-20 18:00:30,071 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:30,073 INFO L290 TraceCheckUtils]: 0: Hoare triple {6347#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {6284#true} is VALID [2022-02-20 18:00:30,073 INFO L290 TraceCheckUtils]: 1: Hoare triple {6284#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {6284#true} is VALID [2022-02-20 18:00:30,073 INFO L290 TraceCheckUtils]: 2: Hoare triple {6284#true} assume true; {6284#true} is VALID [2022-02-20 18:00:30,073 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6284#true} {6285#false} #825#return; {6285#false} is VALID [2022-02-20 18:00:30,073 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 18:00:30,074 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:30,075 INFO L290 TraceCheckUtils]: 0: Hoare triple {6284#true} ~handle := #in~handle;havoc ~retValue_acc~30; {6284#true} is VALID [2022-02-20 18:00:30,075 INFO L290 TraceCheckUtils]: 1: Hoare triple {6284#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {6284#true} is VALID [2022-02-20 18:00:30,075 INFO L290 TraceCheckUtils]: 2: Hoare triple {6284#true} assume true; {6284#true} is VALID [2022-02-20 18:00:30,076 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6284#true} {6285#false} #787#return; {6285#false} is VALID [2022-02-20 18:00:30,076 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 18:00:30,076 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:30,077 INFO L290 TraceCheckUtils]: 0: Hoare triple {6347#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {6284#true} is VALID [2022-02-20 18:00:30,077 INFO L290 TraceCheckUtils]: 1: Hoare triple {6284#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {6284#true} is VALID [2022-02-20 18:00:30,078 INFO L290 TraceCheckUtils]: 2: Hoare triple {6284#true} assume true; {6284#true} is VALID [2022-02-20 18:00:30,078 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6284#true} {6285#false} #793#return; {6285#false} is VALID [2022-02-20 18:00:30,078 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 18:00:30,078 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:30,079 INFO L290 TraceCheckUtils]: 0: Hoare triple {6284#true} ~handle := #in~handle;havoc ~retValue_acc~33; {6284#true} is VALID [2022-02-20 18:00:30,079 INFO L290 TraceCheckUtils]: 1: Hoare triple {6284#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~33; {6284#true} is VALID [2022-02-20 18:00:30,080 INFO L290 TraceCheckUtils]: 2: Hoare triple {6284#true} assume true; {6284#true} is VALID [2022-02-20 18:00:30,080 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6284#true} {6285#false} #795#return; {6285#false} is VALID [2022-02-20 18:00:30,080 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:00:30,080 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:30,081 INFO L290 TraceCheckUtils]: 0: Hoare triple {6284#true} ~handle := #in~handle;havoc ~retValue_acc~30; {6284#true} is VALID [2022-02-20 18:00:30,081 INFO L290 TraceCheckUtils]: 1: Hoare triple {6284#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {6284#true} is VALID [2022-02-20 18:00:30,081 INFO L290 TraceCheckUtils]: 2: Hoare triple {6284#true} assume true; {6284#true} is VALID [2022-02-20 18:00:30,082 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6284#true} {6285#false} #797#return; {6285#false} is VALID [2022-02-20 18:00:30,082 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99 [2022-02-20 18:00:30,082 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:30,083 INFO L290 TraceCheckUtils]: 0: Hoare triple {6284#true} ~handle := #in~handle;havoc ~retValue_acc~19; {6284#true} is VALID [2022-02-20 18:00:30,083 INFO L290 TraceCheckUtils]: 1: Hoare triple {6284#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {6284#true} is VALID [2022-02-20 18:00:30,083 INFO L290 TraceCheckUtils]: 2: Hoare triple {6284#true} assume true; {6284#true} is VALID [2022-02-20 18:00:30,084 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6284#true} {6285#false} #799#return; {6285#false} is VALID [2022-02-20 18:00:30,084 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 105 [2022-02-20 18:00:30,084 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:30,085 INFO L290 TraceCheckUtils]: 0: Hoare triple {6284#true} ~handle := #in~handle;havoc ~retValue_acc~34; {6284#true} is VALID [2022-02-20 18:00:30,086 INFO L290 TraceCheckUtils]: 1: Hoare triple {6284#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~34; {6284#true} is VALID [2022-02-20 18:00:30,086 INFO L290 TraceCheckUtils]: 2: Hoare triple {6284#true} assume true; {6284#true} is VALID [2022-02-20 18:00:30,086 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6284#true} {6285#false} #801#return; {6285#false} is VALID [2022-02-20 18:00:30,086 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 111 [2022-02-20 18:00:30,086 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:30,088 INFO L290 TraceCheckUtils]: 0: Hoare triple {6284#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~42;havoc ~__cil_tmp4~4.base, ~__cil_tmp4~4.offset;~__cil_tmp4~4.base, ~__cil_tmp4~4.offset := 32, 0;havoc #t~nondet76; {6284#true} is VALID [2022-02-20 18:00:30,088 INFO L290 TraceCheckUtils]: 1: Hoare triple {6284#true} assume 0 == ~publicKey;~retValue_acc~42 := 0;#res := ~retValue_acc~42; {6284#true} is VALID [2022-02-20 18:00:30,088 INFO L290 TraceCheckUtils]: 2: Hoare triple {6284#true} assume true; {6284#true} is VALID [2022-02-20 18:00:30,088 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6284#true} {6285#false} #803#return; {6285#false} is VALID [2022-02-20 18:00:30,088 INFO L290 TraceCheckUtils]: 0: Hoare triple {6284#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(21, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(44, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(11, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(100, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(20, 32);call #Ultimate.allocInit(13, 33);call #Ultimate.allocInit(19, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(19, 36);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(115, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_encrypted~0 := -1; {6284#true} is VALID [2022-02-20 18:00:30,088 INFO L290 TraceCheckUtils]: 1: Hoare triple {6284#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~9#1, main_~tmp~7#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {6284#true} is VALID [2022-02-20 18:00:30,088 INFO L290 TraceCheckUtils]: 2: Hoare triple {6284#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {6284#true} is VALID [2022-02-20 18:00:30,088 INFO L290 TraceCheckUtils]: 3: Hoare triple {6284#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {6284#true} is VALID [2022-02-20 18:00:30,088 INFO L290 TraceCheckUtils]: 4: Hoare triple {6284#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {6284#true} is VALID [2022-02-20 18:00:30,088 INFO L290 TraceCheckUtils]: 5: Hoare triple {6284#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {6284#true} is VALID [2022-02-20 18:00:30,089 INFO L272 TraceCheckUtils]: 6: Hoare triple {6284#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {6343#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:30,089 INFO L290 TraceCheckUtils]: 7: Hoare triple {6343#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {6284#true} is VALID [2022-02-20 18:00:30,089 INFO L290 TraceCheckUtils]: 8: Hoare triple {6284#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6284#true} is VALID [2022-02-20 18:00:30,089 INFO L290 TraceCheckUtils]: 9: Hoare triple {6284#true} assume true; {6284#true} is VALID [2022-02-20 18:00:30,089 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {6284#true} {6284#true} #829#return; {6284#true} is VALID [2022-02-20 18:00:30,089 INFO L290 TraceCheckUtils]: 11: Hoare triple {6284#true} assume { :end_inline_setup_bob__wrappee__Base } true; {6284#true} is VALID [2022-02-20 18:00:30,090 INFO L272 TraceCheckUtils]: 12: Hoare triple {6284#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {6344#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:30,090 INFO L290 TraceCheckUtils]: 13: Hoare triple {6344#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {6284#true} is VALID [2022-02-20 18:00:30,090 INFO L290 TraceCheckUtils]: 14: Hoare triple {6284#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6284#true} is VALID [2022-02-20 18:00:30,090 INFO L290 TraceCheckUtils]: 15: Hoare triple {6284#true} assume true; {6284#true} is VALID [2022-02-20 18:00:30,090 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {6284#true} {6284#true} #831#return; {6284#true} is VALID [2022-02-20 18:00:30,090 INFO L290 TraceCheckUtils]: 17: Hoare triple {6284#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 24, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {6294#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:00:30,091 INFO L272 TraceCheckUtils]: 18: Hoare triple {6294#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {6343#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:30,091 INFO L290 TraceCheckUtils]: 19: Hoare triple {6343#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {6345#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:30,091 INFO L290 TraceCheckUtils]: 20: Hoare triple {6345#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6346#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:30,092 INFO L290 TraceCheckUtils]: 21: Hoare triple {6346#(= |setClientId_#in~handle| 1)} assume true; {6346#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:30,092 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {6346#(= |setClientId_#in~handle| 1)} {6294#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #833#return; {6285#false} is VALID [2022-02-20 18:00:30,092 INFO L290 TraceCheckUtils]: 23: Hoare triple {6285#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {6285#false} is VALID [2022-02-20 18:00:30,092 INFO L272 TraceCheckUtils]: 24: Hoare triple {6285#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {6344#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:30,092 INFO L290 TraceCheckUtils]: 25: Hoare triple {6344#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {6284#true} is VALID [2022-02-20 18:00:30,092 INFO L290 TraceCheckUtils]: 26: Hoare triple {6284#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6284#true} is VALID [2022-02-20 18:00:30,092 INFO L290 TraceCheckUtils]: 27: Hoare triple {6284#true} assume true; {6284#true} is VALID [2022-02-20 18:00:30,092 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {6284#true} {6285#false} #835#return; {6285#false} is VALID [2022-02-20 18:00:30,092 INFO L290 TraceCheckUtils]: 29: Hoare triple {6285#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 25, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {6285#false} is VALID [2022-02-20 18:00:30,092 INFO L272 TraceCheckUtils]: 30: Hoare triple {6285#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {6343#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:30,092 INFO L290 TraceCheckUtils]: 31: Hoare triple {6343#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {6284#true} is VALID [2022-02-20 18:00:30,092 INFO L290 TraceCheckUtils]: 32: Hoare triple {6284#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6284#true} is VALID [2022-02-20 18:00:30,092 INFO L290 TraceCheckUtils]: 33: Hoare triple {6284#true} assume true; {6284#true} is VALID [2022-02-20 18:00:30,093 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {6284#true} {6285#false} #837#return; {6285#false} is VALID [2022-02-20 18:00:30,093 INFO L290 TraceCheckUtils]: 35: Hoare triple {6285#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {6285#false} is VALID [2022-02-20 18:00:30,093 INFO L272 TraceCheckUtils]: 36: Hoare triple {6285#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {6344#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:30,093 INFO L290 TraceCheckUtils]: 37: Hoare triple {6344#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {6284#true} is VALID [2022-02-20 18:00:30,093 INFO L290 TraceCheckUtils]: 38: Hoare triple {6284#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6284#true} is VALID [2022-02-20 18:00:30,093 INFO L290 TraceCheckUtils]: 39: Hoare triple {6284#true} assume true; {6284#true} is VALID [2022-02-20 18:00:30,093 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {6284#true} {6285#false} #839#return; {6285#false} is VALID [2022-02-20 18:00:30,093 INFO L290 TraceCheckUtils]: 41: Hoare triple {6285#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 26, 0;havoc setup_#t~nondet49#1; {6285#false} is VALID [2022-02-20 18:00:30,093 INFO L290 TraceCheckUtils]: 42: Hoare triple {6285#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {6285#false} is VALID [2022-02-20 18:00:30,093 INFO L290 TraceCheckUtils]: 43: Hoare triple {6285#false} assume !false; {6285#false} is VALID [2022-02-20 18:00:30,093 INFO L290 TraceCheckUtils]: 44: Hoare triple {6285#false} assume test_~splverifierCounter~0#1 < 4; {6285#false} is VALID [2022-02-20 18:00:30,093 INFO L290 TraceCheckUtils]: 45: Hoare triple {6285#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {6285#false} is VALID [2022-02-20 18:00:30,093 INFO L290 TraceCheckUtils]: 46: Hoare triple {6285#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet86#1 && test_#t~nondet86#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet86#1;havoc test_#t~nondet86#1; {6285#false} is VALID [2022-02-20 18:00:30,093 INFO L290 TraceCheckUtils]: 47: Hoare triple {6285#false} assume !(0 != test_~tmp___9~0#1); {6285#false} is VALID [2022-02-20 18:00:30,093 INFO L290 TraceCheckUtils]: 48: Hoare triple {6285#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet87#1 && test_#t~nondet87#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet87#1;havoc test_#t~nondet87#1; {6285#false} is VALID [2022-02-20 18:00:30,093 INFO L290 TraceCheckUtils]: 49: Hoare triple {6285#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {6285#false} is VALID [2022-02-20 18:00:30,093 INFO L290 TraceCheckUtils]: 50: Hoare triple {6285#false} assume !false; {6285#false} is VALID [2022-02-20 18:00:30,093 INFO L290 TraceCheckUtils]: 51: Hoare triple {6285#false} assume !(test_~splverifierCounter~0#1 < 4); {6285#false} is VALID [2022-02-20 18:00:30,093 INFO L290 TraceCheckUtils]: 52: Hoare triple {6285#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret42#1 := puts(22, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {6285#false} is VALID [2022-02-20 18:00:30,094 INFO L272 TraceCheckUtils]: 53: Hoare triple {6285#false} call sendEmail(~bob~0, ~rjh~0); {6285#false} is VALID [2022-02-20 18:00:30,094 INFO L290 TraceCheckUtils]: 54: Hoare triple {6285#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~5#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~5#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {6285#false} is VALID [2022-02-20 18:00:30,094 INFO L272 TraceCheckUtils]: 55: Hoare triple {6285#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {6347#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:30,094 INFO L290 TraceCheckUtils]: 56: Hoare triple {6347#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {6284#true} is VALID [2022-02-20 18:00:30,094 INFO L290 TraceCheckUtils]: 57: Hoare triple {6284#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {6284#true} is VALID [2022-02-20 18:00:30,094 INFO L290 TraceCheckUtils]: 58: Hoare triple {6284#true} assume true; {6284#true} is VALID [2022-02-20 18:00:30,094 INFO L284 TraceCheckUtils]: 59: Hoare quadruple {6284#true} {6285#false} #825#return; {6285#false} is VALID [2022-02-20 18:00:30,094 INFO L290 TraceCheckUtils]: 60: Hoare triple {6285#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {6285#false} is VALID [2022-02-20 18:00:30,094 INFO L290 TraceCheckUtils]: 61: Hoare triple {6285#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {6285#false} is VALID [2022-02-20 18:00:30,094 INFO L290 TraceCheckUtils]: 62: Hoare triple {6285#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~5#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~5#1; {6285#false} is VALID [2022-02-20 18:00:30,094 INFO L290 TraceCheckUtils]: 63: Hoare triple {6285#false} #t~ret75#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret75#1 && #t~ret75#1 <= 2147483647;~tmp~16#1 := #t~ret75#1;havoc #t~ret75#1;~email~0#1 := ~tmp~16#1; {6285#false} is VALID [2022-02-20 18:00:30,094 INFO L272 TraceCheckUtils]: 64: Hoare triple {6285#false} call outgoing(~sender#1, ~email~0#1); {6285#false} is VALID [2022-02-20 18:00:30,094 INFO L290 TraceCheckUtils]: 65: Hoare triple {6285#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~13#1;havoc ~pubkey~0#1;havoc ~tmp___0~4#1; {6285#false} is VALID [2022-02-20 18:00:30,094 INFO L272 TraceCheckUtils]: 66: Hoare triple {6285#false} call #t~ret67#1 := getEmailTo(~msg#1); {6284#true} is VALID [2022-02-20 18:00:30,094 INFO L290 TraceCheckUtils]: 67: Hoare triple {6284#true} ~handle := #in~handle;havoc ~retValue_acc~30; {6284#true} is VALID [2022-02-20 18:00:30,094 INFO L290 TraceCheckUtils]: 68: Hoare triple {6284#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {6284#true} is VALID [2022-02-20 18:00:30,094 INFO L290 TraceCheckUtils]: 69: Hoare triple {6284#true} assume true; {6284#true} is VALID [2022-02-20 18:00:30,094 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {6284#true} {6285#false} #787#return; {6285#false} is VALID [2022-02-20 18:00:30,094 INFO L290 TraceCheckUtils]: 71: Hoare triple {6285#false} assume -2147483648 <= #t~ret67#1 && #t~ret67#1 <= 2147483647;~tmp~13#1 := #t~ret67#1;havoc #t~ret67#1;~receiver~0#1 := ~tmp~13#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~24#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~24#1; {6285#false} is VALID [2022-02-20 18:00:30,094 INFO L290 TraceCheckUtils]: 72: Hoare triple {6285#false} assume 1 == findPublicKey_~handle#1; {6285#false} is VALID [2022-02-20 18:00:30,094 INFO L290 TraceCheckUtils]: 73: Hoare triple {6285#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~24#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~24#1; {6285#false} is VALID [2022-02-20 18:00:30,095 INFO L290 TraceCheckUtils]: 74: Hoare triple {6285#false} #t~ret68#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret68#1 && #t~ret68#1 <= 2147483647;~tmp___0~4#1 := #t~ret68#1;havoc #t~ret68#1;~pubkey~0#1 := ~tmp___0~4#1; {6285#false} is VALID [2022-02-20 18:00:30,095 INFO L290 TraceCheckUtils]: 75: Hoare triple {6285#false} assume !(0 != ~pubkey~0#1); {6285#false} is VALID [2022-02-20 18:00:30,095 INFO L290 TraceCheckUtils]: 76: Hoare triple {6285#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret66#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~12#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {6285#false} is VALID [2022-02-20 18:00:30,095 INFO L290 TraceCheckUtils]: 77: Hoare triple {6285#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {6285#false} is VALID [2022-02-20 18:00:30,095 INFO L290 TraceCheckUtils]: 78: Hoare triple {6285#false} outgoing__wrappee__Keys_#t~ret66#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret66#1 && outgoing__wrappee__Keys_#t~ret66#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~12#1 := outgoing__wrappee__Keys_#t~ret66#1;havoc outgoing__wrappee__Keys_#t~ret66#1; {6285#false} is VALID [2022-02-20 18:00:30,095 INFO L272 TraceCheckUtils]: 79: Hoare triple {6285#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1); {6347#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:30,095 INFO L290 TraceCheckUtils]: 80: Hoare triple {6347#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {6284#true} is VALID [2022-02-20 18:00:30,095 INFO L290 TraceCheckUtils]: 81: Hoare triple {6284#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {6284#true} is VALID [2022-02-20 18:00:30,095 INFO L290 TraceCheckUtils]: 82: Hoare triple {6284#true} assume true; {6284#true} is VALID [2022-02-20 18:00:30,095 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {6284#true} {6285#false} #793#return; {6285#false} is VALID [2022-02-20 18:00:30,095 INFO L290 TraceCheckUtils]: 84: Hoare triple {6285#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret64#1, mail_#t~ret65#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~11#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~11#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 := puts(33, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1; {6285#false} is VALID [2022-02-20 18:00:30,095 INFO L272 TraceCheckUtils]: 85: Hoare triple {6285#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {6284#true} is VALID [2022-02-20 18:00:30,095 INFO L290 TraceCheckUtils]: 86: Hoare triple {6284#true} ~handle := #in~handle;havoc ~retValue_acc~33; {6284#true} is VALID [2022-02-20 18:00:30,095 INFO L290 TraceCheckUtils]: 87: Hoare triple {6284#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~33; {6284#true} is VALID [2022-02-20 18:00:30,095 INFO L290 TraceCheckUtils]: 88: Hoare triple {6284#true} assume true; {6284#true} is VALID [2022-02-20 18:00:30,095 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {6284#true} {6285#false} #795#return; {6285#false} is VALID [2022-02-20 18:00:30,095 INFO L290 TraceCheckUtils]: 90: Hoare triple {6285#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset := 34, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1; {6285#false} is VALID [2022-02-20 18:00:30,095 INFO L290 TraceCheckUtils]: 91: Hoare triple {6285#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret64#1 := puts(30, 0);assume -2147483648 <= mail_#t~ret64#1 && mail_#t~ret64#1 <= 2147483647;havoc mail_#t~ret64#1; {6285#false} is VALID [2022-02-20 18:00:30,095 INFO L272 TraceCheckUtils]: 92: Hoare triple {6285#false} call mail_#t~ret65#1 := getEmailTo(mail_~msg#1); {6284#true} is VALID [2022-02-20 18:00:30,095 INFO L290 TraceCheckUtils]: 93: Hoare triple {6284#true} ~handle := #in~handle;havoc ~retValue_acc~30; {6284#true} is VALID [2022-02-20 18:00:30,095 INFO L290 TraceCheckUtils]: 94: Hoare triple {6284#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {6284#true} is VALID [2022-02-20 18:00:30,096 INFO L290 TraceCheckUtils]: 95: Hoare triple {6284#true} assume true; {6284#true} is VALID [2022-02-20 18:00:30,096 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {6284#true} {6285#false} #797#return; {6285#false} is VALID [2022-02-20 18:00:30,096 INFO L290 TraceCheckUtils]: 97: Hoare triple {6285#false} assume -2147483648 <= mail_#t~ret65#1 && mail_#t~ret65#1 <= 2147483647;mail_~tmp~11#1 := mail_#t~ret65#1;havoc mail_#t~ret65#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~11#1, mail_~msg#1;havoc incoming_#t~ret70#1, incoming_#t~ret71#1, incoming_#t~ret72#1, incoming_#t~ret73#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~14#1, incoming_~tmp___0~5#1, incoming_~tmp___1~2#1, incoming_~tmp___2~1#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~14#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~2#1;havoc incoming_~tmp___2~1#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 := puts(35, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset := 36, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1; {6285#false} is VALID [2022-02-20 18:00:30,098 INFO L290 TraceCheckUtils]: 98: Hoare triple {6285#false} assume 1 == ~sent_encrypted~0; {6285#false} is VALID [2022-02-20 18:00:30,098 INFO L272 TraceCheckUtils]: 99: Hoare triple {6285#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {6284#true} is VALID [2022-02-20 18:00:30,098 INFO L290 TraceCheckUtils]: 100: Hoare triple {6284#true} ~handle := #in~handle;havoc ~retValue_acc~19; {6284#true} is VALID [2022-02-20 18:00:30,098 INFO L290 TraceCheckUtils]: 101: Hoare triple {6284#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {6284#true} is VALID [2022-02-20 18:00:30,098 INFO L290 TraceCheckUtils]: 102: Hoare triple {6284#true} assume true; {6284#true} is VALID [2022-02-20 18:00:30,098 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {6284#true} {6285#false} #799#return; {6285#false} is VALID [2022-02-20 18:00:30,098 INFO L290 TraceCheckUtils]: 104: Hoare triple {6285#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~17#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1; {6285#false} is VALID [2022-02-20 18:00:30,098 INFO L272 TraceCheckUtils]: 105: Hoare triple {6285#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {6284#true} is VALID [2022-02-20 18:00:30,098 INFO L290 TraceCheckUtils]: 106: Hoare triple {6284#true} ~handle := #in~handle;havoc ~retValue_acc~34; {6284#true} is VALID [2022-02-20 18:00:30,098 INFO L290 TraceCheckUtils]: 107: Hoare triple {6284#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~34; {6284#true} is VALID [2022-02-20 18:00:30,098 INFO L290 TraceCheckUtils]: 108: Hoare triple {6284#true} assume true; {6284#true} is VALID [2022-02-20 18:00:30,098 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {6284#true} {6285#false} #801#return; {6285#false} is VALID [2022-02-20 18:00:30,098 INFO L290 TraceCheckUtils]: 110: Hoare triple {6285#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1; {6285#false} is VALID [2022-02-20 18:00:30,098 INFO L272 TraceCheckUtils]: 111: Hoare triple {6285#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1); {6284#true} is VALID [2022-02-20 18:00:30,098 INFO L290 TraceCheckUtils]: 112: Hoare triple {6284#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~42;havoc ~__cil_tmp4~4.base, ~__cil_tmp4~4.offset;~__cil_tmp4~4.base, ~__cil_tmp4~4.offset := 32, 0;havoc #t~nondet76; {6284#true} is VALID [2022-02-20 18:00:30,098 INFO L290 TraceCheckUtils]: 113: Hoare triple {6284#true} assume 0 == ~publicKey;~retValue_acc~42 := 0;#res := ~retValue_acc~42; {6284#true} is VALID [2022-02-20 18:00:30,098 INFO L290 TraceCheckUtils]: 114: Hoare triple {6284#true} assume true; {6284#true} is VALID [2022-02-20 18:00:30,098 INFO L284 TraceCheckUtils]: 115: Hoare quadruple {6284#true} {6285#false} #803#return; {6285#false} is VALID [2022-02-20 18:00:30,098 INFO L290 TraceCheckUtils]: 116: Hoare triple {6285#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1; {6285#false} is VALID [2022-02-20 18:00:30,098 INFO L290 TraceCheckUtils]: 117: Hoare triple {6285#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1);assume { :begin_inline___automaton_fail } true; {6285#false} is VALID [2022-02-20 18:00:30,098 INFO L290 TraceCheckUtils]: 118: Hoare triple {6285#false} assume !false; {6285#false} is VALID [2022-02-20 18:00:30,099 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 18:00:30,099 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:00:30,099 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [487911451] [2022-02-20 18:00:30,099 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [487911451] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:00:30,099 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [706851011] [2022-02-20 18:00:30,099 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:30,099 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:00:30,099 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:00:30,228 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:00:30,229 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2022-02-20 18:00:30,420 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:30,424 INFO L263 TraceCheckSpWp]: Trace formula consists of 1047 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 18:00:30,462 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:30,463 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:00:30,777 INFO L290 TraceCheckUtils]: 0: Hoare triple {6284#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(21, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(44, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(11, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(100, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(20, 32);call #Ultimate.allocInit(13, 33);call #Ultimate.allocInit(19, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(19, 36);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(115, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_encrypted~0 := -1; {6284#true} is VALID [2022-02-20 18:00:30,778 INFO L290 TraceCheckUtils]: 1: Hoare triple {6284#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~9#1, main_~tmp~7#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {6284#true} is VALID [2022-02-20 18:00:30,778 INFO L290 TraceCheckUtils]: 2: Hoare triple {6284#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {6284#true} is VALID [2022-02-20 18:00:30,778 INFO L290 TraceCheckUtils]: 3: Hoare triple {6284#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {6284#true} is VALID [2022-02-20 18:00:30,778 INFO L290 TraceCheckUtils]: 4: Hoare triple {6284#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {6284#true} is VALID [2022-02-20 18:00:30,778 INFO L290 TraceCheckUtils]: 5: Hoare triple {6284#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {6284#true} is VALID [2022-02-20 18:00:30,778 INFO L272 TraceCheckUtils]: 6: Hoare triple {6284#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {6284#true} is VALID [2022-02-20 18:00:30,778 INFO L290 TraceCheckUtils]: 7: Hoare triple {6284#true} ~handle := #in~handle;~value := #in~value; {6284#true} is VALID [2022-02-20 18:00:30,778 INFO L290 TraceCheckUtils]: 8: Hoare triple {6284#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6284#true} is VALID [2022-02-20 18:00:30,778 INFO L290 TraceCheckUtils]: 9: Hoare triple {6284#true} assume true; {6284#true} is VALID [2022-02-20 18:00:30,778 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {6284#true} {6284#true} #829#return; {6284#true} is VALID [2022-02-20 18:00:30,778 INFO L290 TraceCheckUtils]: 11: Hoare triple {6284#true} assume { :end_inline_setup_bob__wrappee__Base } true; {6284#true} is VALID [2022-02-20 18:00:30,778 INFO L272 TraceCheckUtils]: 12: Hoare triple {6284#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {6284#true} is VALID [2022-02-20 18:00:30,778 INFO L290 TraceCheckUtils]: 13: Hoare triple {6284#true} ~handle := #in~handle;~value := #in~value; {6284#true} is VALID [2022-02-20 18:00:30,778 INFO L290 TraceCheckUtils]: 14: Hoare triple {6284#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6284#true} is VALID [2022-02-20 18:00:30,778 INFO L290 TraceCheckUtils]: 15: Hoare triple {6284#true} assume true; {6284#true} is VALID [2022-02-20 18:00:30,778 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {6284#true} {6284#true} #831#return; {6284#true} is VALID [2022-02-20 18:00:30,779 INFO L290 TraceCheckUtils]: 17: Hoare triple {6284#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 24, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {6402#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 18:00:30,779 INFO L272 TraceCheckUtils]: 18: Hoare triple {6402#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {6284#true} is VALID [2022-02-20 18:00:30,779 INFO L290 TraceCheckUtils]: 19: Hoare triple {6284#true} ~handle := #in~handle;~value := #in~value; {6409#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID [2022-02-20 18:00:30,780 INFO L290 TraceCheckUtils]: 20: Hoare triple {6409#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6413#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:30,780 INFO L290 TraceCheckUtils]: 21: Hoare triple {6413#(<= |setClientId_#in~handle| 1)} assume true; {6413#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:30,781 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {6413#(<= |setClientId_#in~handle| 1)} {6402#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #833#return; {6285#false} is VALID [2022-02-20 18:00:30,781 INFO L290 TraceCheckUtils]: 23: Hoare triple {6285#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {6285#false} is VALID [2022-02-20 18:00:30,781 INFO L272 TraceCheckUtils]: 24: Hoare triple {6285#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {6285#false} is VALID [2022-02-20 18:00:30,781 INFO L290 TraceCheckUtils]: 25: Hoare triple {6285#false} ~handle := #in~handle;~value := #in~value; {6285#false} is VALID [2022-02-20 18:00:30,781 INFO L290 TraceCheckUtils]: 26: Hoare triple {6285#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6285#false} is VALID [2022-02-20 18:00:30,781 INFO L290 TraceCheckUtils]: 27: Hoare triple {6285#false} assume true; {6285#false} is VALID [2022-02-20 18:00:30,781 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {6285#false} {6285#false} #835#return; {6285#false} is VALID [2022-02-20 18:00:30,781 INFO L290 TraceCheckUtils]: 29: Hoare triple {6285#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 25, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {6285#false} is VALID [2022-02-20 18:00:30,781 INFO L272 TraceCheckUtils]: 30: Hoare triple {6285#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {6285#false} is VALID [2022-02-20 18:00:30,781 INFO L290 TraceCheckUtils]: 31: Hoare triple {6285#false} ~handle := #in~handle;~value := #in~value; {6285#false} is VALID [2022-02-20 18:00:30,781 INFO L290 TraceCheckUtils]: 32: Hoare triple {6285#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6285#false} is VALID [2022-02-20 18:00:30,781 INFO L290 TraceCheckUtils]: 33: Hoare triple {6285#false} assume true; {6285#false} is VALID [2022-02-20 18:00:30,781 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {6285#false} {6285#false} #837#return; {6285#false} is VALID [2022-02-20 18:00:30,781 INFO L290 TraceCheckUtils]: 35: Hoare triple {6285#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {6285#false} is VALID [2022-02-20 18:00:30,782 INFO L272 TraceCheckUtils]: 36: Hoare triple {6285#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {6285#false} is VALID [2022-02-20 18:00:30,782 INFO L290 TraceCheckUtils]: 37: Hoare triple {6285#false} ~handle := #in~handle;~value := #in~value; {6285#false} is VALID [2022-02-20 18:00:30,782 INFO L290 TraceCheckUtils]: 38: Hoare triple {6285#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6285#false} is VALID [2022-02-20 18:00:30,782 INFO L290 TraceCheckUtils]: 39: Hoare triple {6285#false} assume true; {6285#false} is VALID [2022-02-20 18:00:30,782 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {6285#false} {6285#false} #839#return; {6285#false} is VALID [2022-02-20 18:00:30,782 INFO L290 TraceCheckUtils]: 41: Hoare triple {6285#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 26, 0;havoc setup_#t~nondet49#1; {6285#false} is VALID [2022-02-20 18:00:30,782 INFO L290 TraceCheckUtils]: 42: Hoare triple {6285#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {6285#false} is VALID [2022-02-20 18:00:30,782 INFO L290 TraceCheckUtils]: 43: Hoare triple {6285#false} assume !false; {6285#false} is VALID [2022-02-20 18:00:30,782 INFO L290 TraceCheckUtils]: 44: Hoare triple {6285#false} assume test_~splverifierCounter~0#1 < 4; {6285#false} is VALID [2022-02-20 18:00:30,782 INFO L290 TraceCheckUtils]: 45: Hoare triple {6285#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {6285#false} is VALID [2022-02-20 18:00:30,782 INFO L290 TraceCheckUtils]: 46: Hoare triple {6285#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet86#1 && test_#t~nondet86#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet86#1;havoc test_#t~nondet86#1; {6285#false} is VALID [2022-02-20 18:00:30,782 INFO L290 TraceCheckUtils]: 47: Hoare triple {6285#false} assume !(0 != test_~tmp___9~0#1); {6285#false} is VALID [2022-02-20 18:00:30,782 INFO L290 TraceCheckUtils]: 48: Hoare triple {6285#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet87#1 && test_#t~nondet87#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet87#1;havoc test_#t~nondet87#1; {6285#false} is VALID [2022-02-20 18:00:30,782 INFO L290 TraceCheckUtils]: 49: Hoare triple {6285#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {6285#false} is VALID [2022-02-20 18:00:30,782 INFO L290 TraceCheckUtils]: 50: Hoare triple {6285#false} assume !false; {6285#false} is VALID [2022-02-20 18:00:30,782 INFO L290 TraceCheckUtils]: 51: Hoare triple {6285#false} assume !(test_~splverifierCounter~0#1 < 4); {6285#false} is VALID [2022-02-20 18:00:30,782 INFO L290 TraceCheckUtils]: 52: Hoare triple {6285#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret42#1 := puts(22, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {6285#false} is VALID [2022-02-20 18:00:30,782 INFO L272 TraceCheckUtils]: 53: Hoare triple {6285#false} call sendEmail(~bob~0, ~rjh~0); {6285#false} is VALID [2022-02-20 18:00:30,782 INFO L290 TraceCheckUtils]: 54: Hoare triple {6285#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~5#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~5#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {6285#false} is VALID [2022-02-20 18:00:30,782 INFO L272 TraceCheckUtils]: 55: Hoare triple {6285#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {6285#false} is VALID [2022-02-20 18:00:30,783 INFO L290 TraceCheckUtils]: 56: Hoare triple {6285#false} ~handle := #in~handle;~value := #in~value; {6285#false} is VALID [2022-02-20 18:00:30,783 INFO L290 TraceCheckUtils]: 57: Hoare triple {6285#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {6285#false} is VALID [2022-02-20 18:00:30,783 INFO L290 TraceCheckUtils]: 58: Hoare triple {6285#false} assume true; {6285#false} is VALID [2022-02-20 18:00:30,783 INFO L284 TraceCheckUtils]: 59: Hoare quadruple {6285#false} {6285#false} #825#return; {6285#false} is VALID [2022-02-20 18:00:30,783 INFO L290 TraceCheckUtils]: 60: Hoare triple {6285#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {6285#false} is VALID [2022-02-20 18:00:30,783 INFO L290 TraceCheckUtils]: 61: Hoare triple {6285#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {6285#false} is VALID [2022-02-20 18:00:30,783 INFO L290 TraceCheckUtils]: 62: Hoare triple {6285#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~5#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~5#1; {6285#false} is VALID [2022-02-20 18:00:30,783 INFO L290 TraceCheckUtils]: 63: Hoare triple {6285#false} #t~ret75#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret75#1 && #t~ret75#1 <= 2147483647;~tmp~16#1 := #t~ret75#1;havoc #t~ret75#1;~email~0#1 := ~tmp~16#1; {6285#false} is VALID [2022-02-20 18:00:30,783 INFO L272 TraceCheckUtils]: 64: Hoare triple {6285#false} call outgoing(~sender#1, ~email~0#1); {6285#false} is VALID [2022-02-20 18:00:30,783 INFO L290 TraceCheckUtils]: 65: Hoare triple {6285#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~13#1;havoc ~pubkey~0#1;havoc ~tmp___0~4#1; {6285#false} is VALID [2022-02-20 18:00:30,783 INFO L272 TraceCheckUtils]: 66: Hoare triple {6285#false} call #t~ret67#1 := getEmailTo(~msg#1); {6285#false} is VALID [2022-02-20 18:00:30,783 INFO L290 TraceCheckUtils]: 67: Hoare triple {6285#false} ~handle := #in~handle;havoc ~retValue_acc~30; {6285#false} is VALID [2022-02-20 18:00:30,783 INFO L290 TraceCheckUtils]: 68: Hoare triple {6285#false} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {6285#false} is VALID [2022-02-20 18:00:30,783 INFO L290 TraceCheckUtils]: 69: Hoare triple {6285#false} assume true; {6285#false} is VALID [2022-02-20 18:00:30,783 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {6285#false} {6285#false} #787#return; {6285#false} is VALID [2022-02-20 18:00:30,783 INFO L290 TraceCheckUtils]: 71: Hoare triple {6285#false} assume -2147483648 <= #t~ret67#1 && #t~ret67#1 <= 2147483647;~tmp~13#1 := #t~ret67#1;havoc #t~ret67#1;~receiver~0#1 := ~tmp~13#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~24#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~24#1; {6285#false} is VALID [2022-02-20 18:00:30,783 INFO L290 TraceCheckUtils]: 72: Hoare triple {6285#false} assume 1 == findPublicKey_~handle#1; {6285#false} is VALID [2022-02-20 18:00:30,783 INFO L290 TraceCheckUtils]: 73: Hoare triple {6285#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~24#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~24#1; {6285#false} is VALID [2022-02-20 18:00:30,783 INFO L290 TraceCheckUtils]: 74: Hoare triple {6285#false} #t~ret68#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret68#1 && #t~ret68#1 <= 2147483647;~tmp___0~4#1 := #t~ret68#1;havoc #t~ret68#1;~pubkey~0#1 := ~tmp___0~4#1; {6285#false} is VALID [2022-02-20 18:00:30,783 INFO L290 TraceCheckUtils]: 75: Hoare triple {6285#false} assume !(0 != ~pubkey~0#1); {6285#false} is VALID [2022-02-20 18:00:30,783 INFO L290 TraceCheckUtils]: 76: Hoare triple {6285#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret66#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~12#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {6285#false} is VALID [2022-02-20 18:00:30,784 INFO L290 TraceCheckUtils]: 77: Hoare triple {6285#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {6285#false} is VALID [2022-02-20 18:00:30,784 INFO L290 TraceCheckUtils]: 78: Hoare triple {6285#false} outgoing__wrappee__Keys_#t~ret66#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret66#1 && outgoing__wrappee__Keys_#t~ret66#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~12#1 := outgoing__wrappee__Keys_#t~ret66#1;havoc outgoing__wrappee__Keys_#t~ret66#1; {6285#false} is VALID [2022-02-20 18:00:30,784 INFO L272 TraceCheckUtils]: 79: Hoare triple {6285#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1); {6285#false} is VALID [2022-02-20 18:00:30,784 INFO L290 TraceCheckUtils]: 80: Hoare triple {6285#false} ~handle := #in~handle;~value := #in~value; {6285#false} is VALID [2022-02-20 18:00:30,784 INFO L290 TraceCheckUtils]: 81: Hoare triple {6285#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {6285#false} is VALID [2022-02-20 18:00:30,784 INFO L290 TraceCheckUtils]: 82: Hoare triple {6285#false} assume true; {6285#false} is VALID [2022-02-20 18:00:30,784 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {6285#false} {6285#false} #793#return; {6285#false} is VALID [2022-02-20 18:00:30,784 INFO L290 TraceCheckUtils]: 84: Hoare triple {6285#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret64#1, mail_#t~ret65#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~11#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~11#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 := puts(33, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1; {6285#false} is VALID [2022-02-20 18:00:30,784 INFO L272 TraceCheckUtils]: 85: Hoare triple {6285#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {6285#false} is VALID [2022-02-20 18:00:30,784 INFO L290 TraceCheckUtils]: 86: Hoare triple {6285#false} ~handle := #in~handle;havoc ~retValue_acc~33; {6285#false} is VALID [2022-02-20 18:00:30,784 INFO L290 TraceCheckUtils]: 87: Hoare triple {6285#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~33; {6285#false} is VALID [2022-02-20 18:00:30,784 INFO L290 TraceCheckUtils]: 88: Hoare triple {6285#false} assume true; {6285#false} is VALID [2022-02-20 18:00:30,784 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {6285#false} {6285#false} #795#return; {6285#false} is VALID [2022-02-20 18:00:30,784 INFO L290 TraceCheckUtils]: 90: Hoare triple {6285#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset := 34, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1; {6285#false} is VALID [2022-02-20 18:00:30,784 INFO L290 TraceCheckUtils]: 91: Hoare triple {6285#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret64#1 := puts(30, 0);assume -2147483648 <= mail_#t~ret64#1 && mail_#t~ret64#1 <= 2147483647;havoc mail_#t~ret64#1; {6285#false} is VALID [2022-02-20 18:00:30,784 INFO L272 TraceCheckUtils]: 92: Hoare triple {6285#false} call mail_#t~ret65#1 := getEmailTo(mail_~msg#1); {6285#false} is VALID [2022-02-20 18:00:30,784 INFO L290 TraceCheckUtils]: 93: Hoare triple {6285#false} ~handle := #in~handle;havoc ~retValue_acc~30; {6285#false} is VALID [2022-02-20 18:00:30,784 INFO L290 TraceCheckUtils]: 94: Hoare triple {6285#false} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {6285#false} is VALID [2022-02-20 18:00:30,784 INFO L290 TraceCheckUtils]: 95: Hoare triple {6285#false} assume true; {6285#false} is VALID [2022-02-20 18:00:30,784 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {6285#false} {6285#false} #797#return; {6285#false} is VALID [2022-02-20 18:00:30,785 INFO L290 TraceCheckUtils]: 97: Hoare triple {6285#false} assume -2147483648 <= mail_#t~ret65#1 && mail_#t~ret65#1 <= 2147483647;mail_~tmp~11#1 := mail_#t~ret65#1;havoc mail_#t~ret65#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~11#1, mail_~msg#1;havoc incoming_#t~ret70#1, incoming_#t~ret71#1, incoming_#t~ret72#1, incoming_#t~ret73#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~14#1, incoming_~tmp___0~5#1, incoming_~tmp___1~2#1, incoming_~tmp___2~1#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~14#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~2#1;havoc incoming_~tmp___2~1#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 := puts(35, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset := 36, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1; {6285#false} is VALID [2022-02-20 18:00:30,785 INFO L290 TraceCheckUtils]: 98: Hoare triple {6285#false} assume 1 == ~sent_encrypted~0; {6285#false} is VALID [2022-02-20 18:00:30,785 INFO L272 TraceCheckUtils]: 99: Hoare triple {6285#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {6285#false} is VALID [2022-02-20 18:00:30,785 INFO L290 TraceCheckUtils]: 100: Hoare triple {6285#false} ~handle := #in~handle;havoc ~retValue_acc~19; {6285#false} is VALID [2022-02-20 18:00:30,785 INFO L290 TraceCheckUtils]: 101: Hoare triple {6285#false} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {6285#false} is VALID [2022-02-20 18:00:30,785 INFO L290 TraceCheckUtils]: 102: Hoare triple {6285#false} assume true; {6285#false} is VALID [2022-02-20 18:00:30,785 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {6285#false} {6285#false} #799#return; {6285#false} is VALID [2022-02-20 18:00:30,785 INFO L290 TraceCheckUtils]: 104: Hoare triple {6285#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~17#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1; {6285#false} is VALID [2022-02-20 18:00:30,785 INFO L272 TraceCheckUtils]: 105: Hoare triple {6285#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {6285#false} is VALID [2022-02-20 18:00:30,785 INFO L290 TraceCheckUtils]: 106: Hoare triple {6285#false} ~handle := #in~handle;havoc ~retValue_acc~34; {6285#false} is VALID [2022-02-20 18:00:30,785 INFO L290 TraceCheckUtils]: 107: Hoare triple {6285#false} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~34; {6285#false} is VALID [2022-02-20 18:00:30,785 INFO L290 TraceCheckUtils]: 108: Hoare triple {6285#false} assume true; {6285#false} is VALID [2022-02-20 18:00:30,785 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {6285#false} {6285#false} #801#return; {6285#false} is VALID [2022-02-20 18:00:30,785 INFO L290 TraceCheckUtils]: 110: Hoare triple {6285#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1; {6285#false} is VALID [2022-02-20 18:00:30,785 INFO L272 TraceCheckUtils]: 111: Hoare triple {6285#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1); {6285#false} is VALID [2022-02-20 18:00:30,785 INFO L290 TraceCheckUtils]: 112: Hoare triple {6285#false} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~42;havoc ~__cil_tmp4~4.base, ~__cil_tmp4~4.offset;~__cil_tmp4~4.base, ~__cil_tmp4~4.offset := 32, 0;havoc #t~nondet76; {6285#false} is VALID [2022-02-20 18:00:30,785 INFO L290 TraceCheckUtils]: 113: Hoare triple {6285#false} assume 0 == ~publicKey;~retValue_acc~42 := 0;#res := ~retValue_acc~42; {6285#false} is VALID [2022-02-20 18:00:30,785 INFO L290 TraceCheckUtils]: 114: Hoare triple {6285#false} assume true; {6285#false} is VALID [2022-02-20 18:00:30,785 INFO L284 TraceCheckUtils]: 115: Hoare quadruple {6285#false} {6285#false} #803#return; {6285#false} is VALID [2022-02-20 18:00:30,785 INFO L290 TraceCheckUtils]: 116: Hoare triple {6285#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1; {6285#false} is VALID [2022-02-20 18:00:30,786 INFO L290 TraceCheckUtils]: 117: Hoare triple {6285#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1);assume { :begin_inline___automaton_fail } true; {6285#false} is VALID [2022-02-20 18:00:30,786 INFO L290 TraceCheckUtils]: 118: Hoare triple {6285#false} assume !false; {6285#false} is VALID [2022-02-20 18:00:30,786 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 15 trivial. 0 not checked. [2022-02-20 18:00:30,786 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:00:30,786 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [706851011] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:00:30,786 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:00:30,786 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [8] total 11 [2022-02-20 18:00:30,786 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2125863296] [2022-02-20 18:00:30,786 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:00:30,787 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 19.75) internal successors, (79), 5 states have internal predecessors, (79), 3 states have call successors, (16), 2 states have call predecessors, (16), 3 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) Word has length 119 [2022-02-20 18:00:30,787 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:00:30,787 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 4 states have (on average 19.75) internal successors, (79), 5 states have internal predecessors, (79), 3 states have call successors, (16), 2 states have call predecessors, (16), 3 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 18:00:30,865 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 109 edges. 109 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:30,865 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:00:30,866 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:00:30,880 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:00:30,880 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=22, Invalid=88, Unknown=0, NotChecked=0, Total=110 [2022-02-20 18:00:30,880 INFO L87 Difference]: Start difference. First operand 313 states and 478 transitions. Second operand has 5 states, 4 states have (on average 19.75) internal successors, (79), 5 states have internal predecessors, (79), 3 states have call successors, (16), 2 states have call predecessors, (16), 3 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 18:00:31,520 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:31,520 INFO L93 Difference]: Finished difference Result 617 states and 946 transitions. [2022-02-20 18:00:31,520 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:00:31,521 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 19.75) internal successors, (79), 5 states have internal predecessors, (79), 3 states have call successors, (16), 2 states have call predecessors, (16), 3 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) Word has length 119 [2022-02-20 18:00:31,521 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:00:31,522 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 19.75) internal successors, (79), 5 states have internal predecessors, (79), 3 states have call successors, (16), 2 states have call predecessors, (16), 3 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 18:00:31,527 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 790 transitions. [2022-02-20 18:00:31,543 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 19.75) internal successors, (79), 5 states have internal predecessors, (79), 3 states have call successors, (16), 2 states have call predecessors, (16), 3 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 18:00:31,548 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 790 transitions. [2022-02-20 18:00:31,549 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 790 transitions. [2022-02-20 18:00:32,055 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 790 edges. 790 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:32,061 INFO L225 Difference]: With dead ends: 617 [2022-02-20 18:00:32,061 INFO L226 Difference]: Without dead ends: 315 [2022-02-20 18:00:32,062 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 151 GetRequests, 141 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=26, Invalid=106, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:00:32,064 INFO L933 BasicCegarLoop]: 391 mSDtfsCounter, 117 mSDsluCounter, 1037 mSDsCounter, 0 mSdLazyCounter, 34 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 137 SdHoareTripleChecker+Valid, 1428 SdHoareTripleChecker+Invalid, 34 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 34 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:00:32,067 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [137 Valid, 1428 Invalid, 34 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 34 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:00:32,068 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 315 states. [2022-02-20 18:00:32,114 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 315 to 315. [2022-02-20 18:00:32,114 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:00:32,115 INFO L82 GeneralOperation]: Start isEquivalent. First operand 315 states. Second operand has 315 states, 242 states have (on average 1.537190082644628) internal successors, (372), 246 states have internal predecessors, (372), 54 states have call successors, (54), 17 states have call predecessors, (54), 18 states have return successors, (55), 53 states have call predecessors, (55), 53 states have call successors, (55) [2022-02-20 18:00:32,115 INFO L74 IsIncluded]: Start isIncluded. First operand 315 states. Second operand has 315 states, 242 states have (on average 1.537190082644628) internal successors, (372), 246 states have internal predecessors, (372), 54 states have call successors, (54), 17 states have call predecessors, (54), 18 states have return successors, (55), 53 states have call predecessors, (55), 53 states have call successors, (55) [2022-02-20 18:00:32,116 INFO L87 Difference]: Start difference. First operand 315 states. Second operand has 315 states, 242 states have (on average 1.537190082644628) internal successors, (372), 246 states have internal predecessors, (372), 54 states have call successors, (54), 17 states have call predecessors, (54), 18 states have return successors, (55), 53 states have call predecessors, (55), 53 states have call successors, (55) [2022-02-20 18:00:32,122 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:32,123 INFO L93 Difference]: Finished difference Result 315 states and 481 transitions. [2022-02-20 18:00:32,123 INFO L276 IsEmpty]: Start isEmpty. Operand 315 states and 481 transitions. [2022-02-20 18:00:32,124 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:32,124 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:32,124 INFO L74 IsIncluded]: Start isIncluded. First operand has 315 states, 242 states have (on average 1.537190082644628) internal successors, (372), 246 states have internal predecessors, (372), 54 states have call successors, (54), 17 states have call predecessors, (54), 18 states have return successors, (55), 53 states have call predecessors, (55), 53 states have call successors, (55) Second operand 315 states. [2022-02-20 18:00:32,125 INFO L87 Difference]: Start difference. First operand has 315 states, 242 states have (on average 1.537190082644628) internal successors, (372), 246 states have internal predecessors, (372), 54 states have call successors, (54), 17 states have call predecessors, (54), 18 states have return successors, (55), 53 states have call predecessors, (55), 53 states have call successors, (55) Second operand 315 states. [2022-02-20 18:00:32,131 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:32,132 INFO L93 Difference]: Finished difference Result 315 states and 481 transitions. [2022-02-20 18:00:32,132 INFO L276 IsEmpty]: Start isEmpty. Operand 315 states and 481 transitions. [2022-02-20 18:00:32,132 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:32,132 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:32,132 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:00:32,132 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:00:32,133 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 315 states, 242 states have (on average 1.537190082644628) internal successors, (372), 246 states have internal predecessors, (372), 54 states have call successors, (54), 17 states have call predecessors, (54), 18 states have return successors, (55), 53 states have call predecessors, (55), 53 states have call successors, (55) [2022-02-20 18:00:32,141 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 315 states to 315 states and 481 transitions. [2022-02-20 18:00:32,141 INFO L78 Accepts]: Start accepts. Automaton has 315 states and 481 transitions. Word has length 119 [2022-02-20 18:00:32,141 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:00:32,141 INFO L470 AbstractCegarLoop]: Abstraction has 315 states and 481 transitions. [2022-02-20 18:00:32,141 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 19.75) internal successors, (79), 5 states have internal predecessors, (79), 3 states have call successors, (16), 2 states have call predecessors, (16), 3 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 18:00:32,141 INFO L276 IsEmpty]: Start isEmpty. Operand 315 states and 481 transitions. [2022-02-20 18:00:32,142 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 121 [2022-02-20 18:00:32,142 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:00:32,143 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:00:32,181 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Forceful destruction successful, exit code 0 [2022-02-20 18:00:32,361 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:00:32,361 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:00:32,361 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:00:32,361 INFO L85 PathProgramCache]: Analyzing trace with hash -1757606202, now seen corresponding path program 1 times [2022-02-20 18:00:32,361 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:00:32,361 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1683874654] [2022-02-20 18:00:32,361 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:32,361 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:00:32,387 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:32,412 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:00:32,413 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:32,415 INFO L290 TraceCheckUtils]: 0: Hoare triple {8723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8662#true} is VALID [2022-02-20 18:00:32,415 INFO L290 TraceCheckUtils]: 1: Hoare triple {8662#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8662#true} is VALID [2022-02-20 18:00:32,415 INFO L290 TraceCheckUtils]: 2: Hoare triple {8662#true} assume true; {8662#true} is VALID [2022-02-20 18:00:32,415 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8662#true} {8662#true} #829#return; {8662#true} is VALID [2022-02-20 18:00:32,420 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:00:32,421 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:32,423 INFO L290 TraceCheckUtils]: 0: Hoare triple {8724#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8662#true} is VALID [2022-02-20 18:00:32,423 INFO L290 TraceCheckUtils]: 1: Hoare triple {8662#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8662#true} is VALID [2022-02-20 18:00:32,423 INFO L290 TraceCheckUtils]: 2: Hoare triple {8662#true} assume true; {8662#true} is VALID [2022-02-20 18:00:32,423 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8662#true} {8662#true} #831#return; {8662#true} is VALID [2022-02-20 18:00:32,423 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:00:32,425 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:32,437 INFO L290 TraceCheckUtils]: 0: Hoare triple {8723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8725#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:32,437 INFO L290 TraceCheckUtils]: 1: Hoare triple {8725#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {8725#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:32,438 INFO L290 TraceCheckUtils]: 2: Hoare triple {8725#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {8726#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:32,438 INFO L290 TraceCheckUtils]: 3: Hoare triple {8726#(= 2 |setClientId_#in~handle|)} assume true; {8726#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:32,438 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {8726#(= 2 |setClientId_#in~handle|)} {8672#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #833#return; {8678#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:00:32,439 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:00:32,441 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:32,454 INFO L290 TraceCheckUtils]: 0: Hoare triple {8724#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8727#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:32,454 INFO L290 TraceCheckUtils]: 1: Hoare triple {8727#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8728#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:00:32,455 INFO L290 TraceCheckUtils]: 2: Hoare triple {8728#(= |setClientPrivateKey_#in~handle| 1)} assume true; {8728#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:00:32,455 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8728#(= |setClientPrivateKey_#in~handle| 1)} {8678#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #835#return; {8663#false} is VALID [2022-02-20 18:00:32,455 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2022-02-20 18:00:32,456 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:32,458 INFO L290 TraceCheckUtils]: 0: Hoare triple {8723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8662#true} is VALID [2022-02-20 18:00:32,458 INFO L290 TraceCheckUtils]: 1: Hoare triple {8662#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8662#true} is VALID [2022-02-20 18:00:32,458 INFO L290 TraceCheckUtils]: 2: Hoare triple {8662#true} assume true; {8662#true} is VALID [2022-02-20 18:00:32,458 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8662#true} {8663#false} #837#return; {8663#false} is VALID [2022-02-20 18:00:32,458 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 37 [2022-02-20 18:00:32,459 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:32,462 INFO L290 TraceCheckUtils]: 0: Hoare triple {8724#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8662#true} is VALID [2022-02-20 18:00:32,462 INFO L290 TraceCheckUtils]: 1: Hoare triple {8662#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8662#true} is VALID [2022-02-20 18:00:32,462 INFO L290 TraceCheckUtils]: 2: Hoare triple {8662#true} assume true; {8662#true} is VALID [2022-02-20 18:00:32,462 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8662#true} {8663#false} #839#return; {8663#false} is VALID [2022-02-20 18:00:32,469 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 56 [2022-02-20 18:00:32,470 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:32,472 INFO L290 TraceCheckUtils]: 0: Hoare triple {8729#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8662#true} is VALID [2022-02-20 18:00:32,472 INFO L290 TraceCheckUtils]: 1: Hoare triple {8662#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8662#true} is VALID [2022-02-20 18:00:32,472 INFO L290 TraceCheckUtils]: 2: Hoare triple {8662#true} assume true; {8662#true} is VALID [2022-02-20 18:00:32,472 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8662#true} {8663#false} #825#return; {8663#false} is VALID [2022-02-20 18:00:32,472 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:00:32,473 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:32,474 INFO L290 TraceCheckUtils]: 0: Hoare triple {8662#true} ~handle := #in~handle;havoc ~retValue_acc~30; {8662#true} is VALID [2022-02-20 18:00:32,474 INFO L290 TraceCheckUtils]: 1: Hoare triple {8662#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {8662#true} is VALID [2022-02-20 18:00:32,474 INFO L290 TraceCheckUtils]: 2: Hoare triple {8662#true} assume true; {8662#true} is VALID [2022-02-20 18:00:32,474 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8662#true} {8663#false} #787#return; {8663#false} is VALID [2022-02-20 18:00:32,474 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2022-02-20 18:00:32,475 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:32,478 INFO L290 TraceCheckUtils]: 0: Hoare triple {8729#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8662#true} is VALID [2022-02-20 18:00:32,478 INFO L290 TraceCheckUtils]: 1: Hoare triple {8662#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8662#true} is VALID [2022-02-20 18:00:32,478 INFO L290 TraceCheckUtils]: 2: Hoare triple {8662#true} assume true; {8662#true} is VALID [2022-02-20 18:00:32,478 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8662#true} {8663#false} #793#return; {8663#false} is VALID [2022-02-20 18:00:32,478 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 18:00:32,479 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:32,481 INFO L290 TraceCheckUtils]: 0: Hoare triple {8662#true} ~handle := #in~handle;havoc ~retValue_acc~33; {8662#true} is VALID [2022-02-20 18:00:32,481 INFO L290 TraceCheckUtils]: 1: Hoare triple {8662#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~33; {8662#true} is VALID [2022-02-20 18:00:32,481 INFO L290 TraceCheckUtils]: 2: Hoare triple {8662#true} assume true; {8662#true} is VALID [2022-02-20 18:00:32,481 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8662#true} {8663#false} #795#return; {8663#false} is VALID [2022-02-20 18:00:32,481 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 18:00:32,481 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:32,485 INFO L290 TraceCheckUtils]: 0: Hoare triple {8662#true} ~handle := #in~handle;havoc ~retValue_acc~30; {8662#true} is VALID [2022-02-20 18:00:32,485 INFO L290 TraceCheckUtils]: 1: Hoare triple {8662#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {8662#true} is VALID [2022-02-20 18:00:32,485 INFO L290 TraceCheckUtils]: 2: Hoare triple {8662#true} assume true; {8662#true} is VALID [2022-02-20 18:00:32,485 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8662#true} {8663#false} #797#return; {8663#false} is VALID [2022-02-20 18:00:32,485 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2022-02-20 18:00:32,486 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:32,495 INFO L290 TraceCheckUtils]: 0: Hoare triple {8662#true} ~handle := #in~handle;havoc ~retValue_acc~19; {8662#true} is VALID [2022-02-20 18:00:32,495 INFO L290 TraceCheckUtils]: 1: Hoare triple {8662#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {8662#true} is VALID [2022-02-20 18:00:32,495 INFO L290 TraceCheckUtils]: 2: Hoare triple {8662#true} assume true; {8662#true} is VALID [2022-02-20 18:00:32,495 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8662#true} {8663#false} #799#return; {8663#false} is VALID [2022-02-20 18:00:32,495 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 106 [2022-02-20 18:00:32,496 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:32,498 INFO L290 TraceCheckUtils]: 0: Hoare triple {8662#true} ~handle := #in~handle;havoc ~retValue_acc~34; {8662#true} is VALID [2022-02-20 18:00:32,498 INFO L290 TraceCheckUtils]: 1: Hoare triple {8662#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~34; {8662#true} is VALID [2022-02-20 18:00:32,498 INFO L290 TraceCheckUtils]: 2: Hoare triple {8662#true} assume true; {8662#true} is VALID [2022-02-20 18:00:32,498 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8662#true} {8663#false} #801#return; {8663#false} is VALID [2022-02-20 18:00:32,498 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 112 [2022-02-20 18:00:32,498 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:32,500 INFO L290 TraceCheckUtils]: 0: Hoare triple {8662#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~42;havoc ~__cil_tmp4~4.base, ~__cil_tmp4~4.offset;~__cil_tmp4~4.base, ~__cil_tmp4~4.offset := 32, 0;havoc #t~nondet76; {8662#true} is VALID [2022-02-20 18:00:32,500 INFO L290 TraceCheckUtils]: 1: Hoare triple {8662#true} assume 0 == ~publicKey;~retValue_acc~42 := 0;#res := ~retValue_acc~42; {8662#true} is VALID [2022-02-20 18:00:32,500 INFO L290 TraceCheckUtils]: 2: Hoare triple {8662#true} assume true; {8662#true} is VALID [2022-02-20 18:00:32,500 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8662#true} {8663#false} #803#return; {8663#false} is VALID [2022-02-20 18:00:32,500 INFO L290 TraceCheckUtils]: 0: Hoare triple {8662#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(21, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(44, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(11, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(100, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(20, 32);call #Ultimate.allocInit(13, 33);call #Ultimate.allocInit(19, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(19, 36);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(115, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_encrypted~0 := -1; {8662#true} is VALID [2022-02-20 18:00:32,500 INFO L290 TraceCheckUtils]: 1: Hoare triple {8662#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~9#1, main_~tmp~7#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {8662#true} is VALID [2022-02-20 18:00:32,500 INFO L290 TraceCheckUtils]: 2: Hoare triple {8662#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {8662#true} is VALID [2022-02-20 18:00:32,500 INFO L290 TraceCheckUtils]: 3: Hoare triple {8662#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {8662#true} is VALID [2022-02-20 18:00:32,500 INFO L290 TraceCheckUtils]: 4: Hoare triple {8662#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {8662#true} is VALID [2022-02-20 18:00:32,501 INFO L290 TraceCheckUtils]: 5: Hoare triple {8662#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {8662#true} is VALID [2022-02-20 18:00:32,501 INFO L272 TraceCheckUtils]: 6: Hoare triple {8662#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {8723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:32,501 INFO L290 TraceCheckUtils]: 7: Hoare triple {8723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8662#true} is VALID [2022-02-20 18:00:32,501 INFO L290 TraceCheckUtils]: 8: Hoare triple {8662#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8662#true} is VALID [2022-02-20 18:00:32,501 INFO L290 TraceCheckUtils]: 9: Hoare triple {8662#true} assume true; {8662#true} is VALID [2022-02-20 18:00:32,502 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {8662#true} {8662#true} #829#return; {8662#true} is VALID [2022-02-20 18:00:32,502 INFO L290 TraceCheckUtils]: 11: Hoare triple {8662#true} assume { :end_inline_setup_bob__wrappee__Base } true; {8662#true} is VALID [2022-02-20 18:00:32,502 INFO L272 TraceCheckUtils]: 12: Hoare triple {8662#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {8724#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:32,502 INFO L290 TraceCheckUtils]: 13: Hoare triple {8724#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8662#true} is VALID [2022-02-20 18:00:32,502 INFO L290 TraceCheckUtils]: 14: Hoare triple {8662#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8662#true} is VALID [2022-02-20 18:00:32,503 INFO L290 TraceCheckUtils]: 15: Hoare triple {8662#true} assume true; {8662#true} is VALID [2022-02-20 18:00:32,503 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {8662#true} {8662#true} #831#return; {8662#true} is VALID [2022-02-20 18:00:32,503 INFO L290 TraceCheckUtils]: 17: Hoare triple {8662#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 24, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {8672#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 18:00:32,504 INFO L272 TraceCheckUtils]: 18: Hoare triple {8672#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {8723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:32,504 INFO L290 TraceCheckUtils]: 19: Hoare triple {8723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8725#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:32,504 INFO L290 TraceCheckUtils]: 20: Hoare triple {8725#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {8725#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:32,504 INFO L290 TraceCheckUtils]: 21: Hoare triple {8725#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {8726#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:32,505 INFO L290 TraceCheckUtils]: 22: Hoare triple {8726#(= 2 |setClientId_#in~handle|)} assume true; {8726#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:32,505 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {8726#(= 2 |setClientId_#in~handle|)} {8672#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #833#return; {8678#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:00:32,506 INFO L290 TraceCheckUtils]: 24: Hoare triple {8678#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {8678#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:00:32,506 INFO L272 TraceCheckUtils]: 25: Hoare triple {8678#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {8724#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:32,506 INFO L290 TraceCheckUtils]: 26: Hoare triple {8724#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8727#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:32,507 INFO L290 TraceCheckUtils]: 27: Hoare triple {8727#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8728#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:00:32,507 INFO L290 TraceCheckUtils]: 28: Hoare triple {8728#(= |setClientPrivateKey_#in~handle| 1)} assume true; {8728#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:00:32,507 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {8728#(= |setClientPrivateKey_#in~handle| 1)} {8678#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #835#return; {8663#false} is VALID [2022-02-20 18:00:32,507 INFO L290 TraceCheckUtils]: 30: Hoare triple {8663#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 25, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {8663#false} is VALID [2022-02-20 18:00:32,508 INFO L272 TraceCheckUtils]: 31: Hoare triple {8663#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {8723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:32,508 INFO L290 TraceCheckUtils]: 32: Hoare triple {8723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8662#true} is VALID [2022-02-20 18:00:32,508 INFO L290 TraceCheckUtils]: 33: Hoare triple {8662#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8662#true} is VALID [2022-02-20 18:00:32,508 INFO L290 TraceCheckUtils]: 34: Hoare triple {8662#true} assume true; {8662#true} is VALID [2022-02-20 18:00:32,508 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {8662#true} {8663#false} #837#return; {8663#false} is VALID [2022-02-20 18:00:32,508 INFO L290 TraceCheckUtils]: 36: Hoare triple {8663#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {8663#false} is VALID [2022-02-20 18:00:32,508 INFO L272 TraceCheckUtils]: 37: Hoare triple {8663#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {8724#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:32,508 INFO L290 TraceCheckUtils]: 38: Hoare triple {8724#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8662#true} is VALID [2022-02-20 18:00:32,508 INFO L290 TraceCheckUtils]: 39: Hoare triple {8662#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8662#true} is VALID [2022-02-20 18:00:32,509 INFO L290 TraceCheckUtils]: 40: Hoare triple {8662#true} assume true; {8662#true} is VALID [2022-02-20 18:00:32,509 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {8662#true} {8663#false} #839#return; {8663#false} is VALID [2022-02-20 18:00:32,509 INFO L290 TraceCheckUtils]: 42: Hoare triple {8663#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 26, 0;havoc setup_#t~nondet49#1; {8663#false} is VALID [2022-02-20 18:00:32,509 INFO L290 TraceCheckUtils]: 43: Hoare triple {8663#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {8663#false} is VALID [2022-02-20 18:00:32,509 INFO L290 TraceCheckUtils]: 44: Hoare triple {8663#false} assume !false; {8663#false} is VALID [2022-02-20 18:00:32,509 INFO L290 TraceCheckUtils]: 45: Hoare triple {8663#false} assume test_~splverifierCounter~0#1 < 4; {8663#false} is VALID [2022-02-20 18:00:32,509 INFO L290 TraceCheckUtils]: 46: Hoare triple {8663#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {8663#false} is VALID [2022-02-20 18:00:32,509 INFO L290 TraceCheckUtils]: 47: Hoare triple {8663#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet86#1 && test_#t~nondet86#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet86#1;havoc test_#t~nondet86#1; {8663#false} is VALID [2022-02-20 18:00:32,509 INFO L290 TraceCheckUtils]: 48: Hoare triple {8663#false} assume !(0 != test_~tmp___9~0#1); {8663#false} is VALID [2022-02-20 18:00:32,510 INFO L290 TraceCheckUtils]: 49: Hoare triple {8663#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet87#1 && test_#t~nondet87#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet87#1;havoc test_#t~nondet87#1; {8663#false} is VALID [2022-02-20 18:00:32,510 INFO L290 TraceCheckUtils]: 50: Hoare triple {8663#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {8663#false} is VALID [2022-02-20 18:00:32,510 INFO L290 TraceCheckUtils]: 51: Hoare triple {8663#false} assume !false; {8663#false} is VALID [2022-02-20 18:00:32,510 INFO L290 TraceCheckUtils]: 52: Hoare triple {8663#false} assume !(test_~splverifierCounter~0#1 < 4); {8663#false} is VALID [2022-02-20 18:00:32,510 INFO L290 TraceCheckUtils]: 53: Hoare triple {8663#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret42#1 := puts(22, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {8663#false} is VALID [2022-02-20 18:00:32,510 INFO L272 TraceCheckUtils]: 54: Hoare triple {8663#false} call sendEmail(~bob~0, ~rjh~0); {8663#false} is VALID [2022-02-20 18:00:32,510 INFO L290 TraceCheckUtils]: 55: Hoare triple {8663#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~5#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~5#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {8663#false} is VALID [2022-02-20 18:00:32,510 INFO L272 TraceCheckUtils]: 56: Hoare triple {8663#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {8729#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:32,510 INFO L290 TraceCheckUtils]: 57: Hoare triple {8729#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8662#true} is VALID [2022-02-20 18:00:32,510 INFO L290 TraceCheckUtils]: 58: Hoare triple {8662#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8662#true} is VALID [2022-02-20 18:00:32,511 INFO L290 TraceCheckUtils]: 59: Hoare triple {8662#true} assume true; {8662#true} is VALID [2022-02-20 18:00:32,511 INFO L284 TraceCheckUtils]: 60: Hoare quadruple {8662#true} {8663#false} #825#return; {8663#false} is VALID [2022-02-20 18:00:32,511 INFO L290 TraceCheckUtils]: 61: Hoare triple {8663#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {8663#false} is VALID [2022-02-20 18:00:32,511 INFO L290 TraceCheckUtils]: 62: Hoare triple {8663#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {8663#false} is VALID [2022-02-20 18:00:32,511 INFO L290 TraceCheckUtils]: 63: Hoare triple {8663#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~5#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~5#1; {8663#false} is VALID [2022-02-20 18:00:32,511 INFO L290 TraceCheckUtils]: 64: Hoare triple {8663#false} #t~ret75#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret75#1 && #t~ret75#1 <= 2147483647;~tmp~16#1 := #t~ret75#1;havoc #t~ret75#1;~email~0#1 := ~tmp~16#1; {8663#false} is VALID [2022-02-20 18:00:32,511 INFO L272 TraceCheckUtils]: 65: Hoare triple {8663#false} call outgoing(~sender#1, ~email~0#1); {8663#false} is VALID [2022-02-20 18:00:32,511 INFO L290 TraceCheckUtils]: 66: Hoare triple {8663#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~13#1;havoc ~pubkey~0#1;havoc ~tmp___0~4#1; {8663#false} is VALID [2022-02-20 18:00:32,511 INFO L272 TraceCheckUtils]: 67: Hoare triple {8663#false} call #t~ret67#1 := getEmailTo(~msg#1); {8662#true} is VALID [2022-02-20 18:00:32,512 INFO L290 TraceCheckUtils]: 68: Hoare triple {8662#true} ~handle := #in~handle;havoc ~retValue_acc~30; {8662#true} is VALID [2022-02-20 18:00:32,512 INFO L290 TraceCheckUtils]: 69: Hoare triple {8662#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {8662#true} is VALID [2022-02-20 18:00:32,512 INFO L290 TraceCheckUtils]: 70: Hoare triple {8662#true} assume true; {8662#true} is VALID [2022-02-20 18:00:32,512 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {8662#true} {8663#false} #787#return; {8663#false} is VALID [2022-02-20 18:00:32,512 INFO L290 TraceCheckUtils]: 72: Hoare triple {8663#false} assume -2147483648 <= #t~ret67#1 && #t~ret67#1 <= 2147483647;~tmp~13#1 := #t~ret67#1;havoc #t~ret67#1;~receiver~0#1 := ~tmp~13#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~24#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~24#1; {8663#false} is VALID [2022-02-20 18:00:32,512 INFO L290 TraceCheckUtils]: 73: Hoare triple {8663#false} assume 1 == findPublicKey_~handle#1; {8663#false} is VALID [2022-02-20 18:00:32,512 INFO L290 TraceCheckUtils]: 74: Hoare triple {8663#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~24#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~24#1; {8663#false} is VALID [2022-02-20 18:00:32,512 INFO L290 TraceCheckUtils]: 75: Hoare triple {8663#false} #t~ret68#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret68#1 && #t~ret68#1 <= 2147483647;~tmp___0~4#1 := #t~ret68#1;havoc #t~ret68#1;~pubkey~0#1 := ~tmp___0~4#1; {8663#false} is VALID [2022-02-20 18:00:32,512 INFO L290 TraceCheckUtils]: 76: Hoare triple {8663#false} assume !(0 != ~pubkey~0#1); {8663#false} is VALID [2022-02-20 18:00:32,513 INFO L290 TraceCheckUtils]: 77: Hoare triple {8663#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret66#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~12#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {8663#false} is VALID [2022-02-20 18:00:32,513 INFO L290 TraceCheckUtils]: 78: Hoare triple {8663#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {8663#false} is VALID [2022-02-20 18:00:32,513 INFO L290 TraceCheckUtils]: 79: Hoare triple {8663#false} outgoing__wrappee__Keys_#t~ret66#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret66#1 && outgoing__wrappee__Keys_#t~ret66#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~12#1 := outgoing__wrappee__Keys_#t~ret66#1;havoc outgoing__wrappee__Keys_#t~ret66#1; {8663#false} is VALID [2022-02-20 18:00:32,513 INFO L272 TraceCheckUtils]: 80: Hoare triple {8663#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1); {8729#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:32,513 INFO L290 TraceCheckUtils]: 81: Hoare triple {8729#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8662#true} is VALID [2022-02-20 18:00:32,513 INFO L290 TraceCheckUtils]: 82: Hoare triple {8662#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8662#true} is VALID [2022-02-20 18:00:32,513 INFO L290 TraceCheckUtils]: 83: Hoare triple {8662#true} assume true; {8662#true} is VALID [2022-02-20 18:00:32,513 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {8662#true} {8663#false} #793#return; {8663#false} is VALID [2022-02-20 18:00:32,513 INFO L290 TraceCheckUtils]: 85: Hoare triple {8663#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret64#1, mail_#t~ret65#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~11#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~11#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 := puts(33, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1; {8663#false} is VALID [2022-02-20 18:00:32,513 INFO L272 TraceCheckUtils]: 86: Hoare triple {8663#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {8662#true} is VALID [2022-02-20 18:00:32,514 INFO L290 TraceCheckUtils]: 87: Hoare triple {8662#true} ~handle := #in~handle;havoc ~retValue_acc~33; {8662#true} is VALID [2022-02-20 18:00:32,514 INFO L290 TraceCheckUtils]: 88: Hoare triple {8662#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~33; {8662#true} is VALID [2022-02-20 18:00:32,514 INFO L290 TraceCheckUtils]: 89: Hoare triple {8662#true} assume true; {8662#true} is VALID [2022-02-20 18:00:32,514 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {8662#true} {8663#false} #795#return; {8663#false} is VALID [2022-02-20 18:00:32,514 INFO L290 TraceCheckUtils]: 91: Hoare triple {8663#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset := 34, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1; {8663#false} is VALID [2022-02-20 18:00:32,514 INFO L290 TraceCheckUtils]: 92: Hoare triple {8663#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret64#1 := puts(30, 0);assume -2147483648 <= mail_#t~ret64#1 && mail_#t~ret64#1 <= 2147483647;havoc mail_#t~ret64#1; {8663#false} is VALID [2022-02-20 18:00:32,514 INFO L272 TraceCheckUtils]: 93: Hoare triple {8663#false} call mail_#t~ret65#1 := getEmailTo(mail_~msg#1); {8662#true} is VALID [2022-02-20 18:00:32,514 INFO L290 TraceCheckUtils]: 94: Hoare triple {8662#true} ~handle := #in~handle;havoc ~retValue_acc~30; {8662#true} is VALID [2022-02-20 18:00:32,514 INFO L290 TraceCheckUtils]: 95: Hoare triple {8662#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {8662#true} is VALID [2022-02-20 18:00:32,515 INFO L290 TraceCheckUtils]: 96: Hoare triple {8662#true} assume true; {8662#true} is VALID [2022-02-20 18:00:32,515 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {8662#true} {8663#false} #797#return; {8663#false} is VALID [2022-02-20 18:00:32,515 INFO L290 TraceCheckUtils]: 98: Hoare triple {8663#false} assume -2147483648 <= mail_#t~ret65#1 && mail_#t~ret65#1 <= 2147483647;mail_~tmp~11#1 := mail_#t~ret65#1;havoc mail_#t~ret65#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~11#1, mail_~msg#1;havoc incoming_#t~ret70#1, incoming_#t~ret71#1, incoming_#t~ret72#1, incoming_#t~ret73#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~14#1, incoming_~tmp___0~5#1, incoming_~tmp___1~2#1, incoming_~tmp___2~1#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~14#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~2#1;havoc incoming_~tmp___2~1#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 := puts(35, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset := 36, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1; {8663#false} is VALID [2022-02-20 18:00:32,515 INFO L290 TraceCheckUtils]: 99: Hoare triple {8663#false} assume 1 == ~sent_encrypted~0; {8663#false} is VALID [2022-02-20 18:00:32,515 INFO L272 TraceCheckUtils]: 100: Hoare triple {8663#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {8662#true} is VALID [2022-02-20 18:00:32,515 INFO L290 TraceCheckUtils]: 101: Hoare triple {8662#true} ~handle := #in~handle;havoc ~retValue_acc~19; {8662#true} is VALID [2022-02-20 18:00:32,515 INFO L290 TraceCheckUtils]: 102: Hoare triple {8662#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {8662#true} is VALID [2022-02-20 18:00:32,515 INFO L290 TraceCheckUtils]: 103: Hoare triple {8662#true} assume true; {8662#true} is VALID [2022-02-20 18:00:32,515 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {8662#true} {8663#false} #799#return; {8663#false} is VALID [2022-02-20 18:00:32,516 INFO L290 TraceCheckUtils]: 105: Hoare triple {8663#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~17#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1; {8663#false} is VALID [2022-02-20 18:00:32,516 INFO L272 TraceCheckUtils]: 106: Hoare triple {8663#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {8662#true} is VALID [2022-02-20 18:00:32,516 INFO L290 TraceCheckUtils]: 107: Hoare triple {8662#true} ~handle := #in~handle;havoc ~retValue_acc~34; {8662#true} is VALID [2022-02-20 18:00:32,516 INFO L290 TraceCheckUtils]: 108: Hoare triple {8662#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~34; {8662#true} is VALID [2022-02-20 18:00:32,516 INFO L290 TraceCheckUtils]: 109: Hoare triple {8662#true} assume true; {8662#true} is VALID [2022-02-20 18:00:32,516 INFO L284 TraceCheckUtils]: 110: Hoare quadruple {8662#true} {8663#false} #801#return; {8663#false} is VALID [2022-02-20 18:00:32,516 INFO L290 TraceCheckUtils]: 111: Hoare triple {8663#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1; {8663#false} is VALID [2022-02-20 18:00:32,516 INFO L272 TraceCheckUtils]: 112: Hoare triple {8663#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1); {8662#true} is VALID [2022-02-20 18:00:32,516 INFO L290 TraceCheckUtils]: 113: Hoare triple {8662#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~42;havoc ~__cil_tmp4~4.base, ~__cil_tmp4~4.offset;~__cil_tmp4~4.base, ~__cil_tmp4~4.offset := 32, 0;havoc #t~nondet76; {8662#true} is VALID [2022-02-20 18:00:32,516 INFO L290 TraceCheckUtils]: 114: Hoare triple {8662#true} assume 0 == ~publicKey;~retValue_acc~42 := 0;#res := ~retValue_acc~42; {8662#true} is VALID [2022-02-20 18:00:32,517 INFO L290 TraceCheckUtils]: 115: Hoare triple {8662#true} assume true; {8662#true} is VALID [2022-02-20 18:00:32,517 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {8662#true} {8663#false} #803#return; {8663#false} is VALID [2022-02-20 18:00:32,517 INFO L290 TraceCheckUtils]: 117: Hoare triple {8663#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1; {8663#false} is VALID [2022-02-20 18:00:32,517 INFO L290 TraceCheckUtils]: 118: Hoare triple {8663#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1);assume { :begin_inline___automaton_fail } true; {8663#false} is VALID [2022-02-20 18:00:32,517 INFO L290 TraceCheckUtils]: 119: Hoare triple {8663#false} assume !false; {8663#false} is VALID [2022-02-20 18:00:32,517 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 18:00:32,517 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:00:32,518 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1683874654] [2022-02-20 18:00:32,518 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1683874654] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:00:32,518 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [46632075] [2022-02-20 18:00:32,518 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:32,518 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:00:32,518 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:00:32,531 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:00:32,532 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Waiting until timeout for monitored process [2022-02-20 18:00:32,797 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:32,801 INFO L263 TraceCheckSpWp]: Trace formula consists of 1048 conjuncts, 6 conjunts are in the unsatisfiable core [2022-02-20 18:00:32,836 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:32,838 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:00:33,090 INFO L290 TraceCheckUtils]: 0: Hoare triple {8662#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(21, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(44, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(11, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(100, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(20, 32);call #Ultimate.allocInit(13, 33);call #Ultimate.allocInit(19, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(19, 36);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(115, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_encrypted~0 := -1; {8662#true} is VALID [2022-02-20 18:00:33,090 INFO L290 TraceCheckUtils]: 1: Hoare triple {8662#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~9#1, main_~tmp~7#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {8662#true} is VALID [2022-02-20 18:00:33,090 INFO L290 TraceCheckUtils]: 2: Hoare triple {8662#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {8662#true} is VALID [2022-02-20 18:00:33,091 INFO L290 TraceCheckUtils]: 3: Hoare triple {8662#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {8662#true} is VALID [2022-02-20 18:00:33,091 INFO L290 TraceCheckUtils]: 4: Hoare triple {8662#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {8662#true} is VALID [2022-02-20 18:00:33,091 INFO L290 TraceCheckUtils]: 5: Hoare triple {8662#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {8662#true} is VALID [2022-02-20 18:00:33,091 INFO L272 TraceCheckUtils]: 6: Hoare triple {8662#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {8662#true} is VALID [2022-02-20 18:00:33,091 INFO L290 TraceCheckUtils]: 7: Hoare triple {8662#true} ~handle := #in~handle;~value := #in~value; {8662#true} is VALID [2022-02-20 18:00:33,091 INFO L290 TraceCheckUtils]: 8: Hoare triple {8662#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8662#true} is VALID [2022-02-20 18:00:33,091 INFO L290 TraceCheckUtils]: 9: Hoare triple {8662#true} assume true; {8662#true} is VALID [2022-02-20 18:00:33,091 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {8662#true} {8662#true} #829#return; {8662#true} is VALID [2022-02-20 18:00:33,092 INFO L290 TraceCheckUtils]: 11: Hoare triple {8662#true} assume { :end_inline_setup_bob__wrappee__Base } true; {8662#true} is VALID [2022-02-20 18:00:33,092 INFO L272 TraceCheckUtils]: 12: Hoare triple {8662#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {8662#true} is VALID [2022-02-20 18:00:33,092 INFO L290 TraceCheckUtils]: 13: Hoare triple {8662#true} ~handle := #in~handle;~value := #in~value; {8662#true} is VALID [2022-02-20 18:00:33,092 INFO L290 TraceCheckUtils]: 14: Hoare triple {8662#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8662#true} is VALID [2022-02-20 18:00:33,092 INFO L290 TraceCheckUtils]: 15: Hoare triple {8662#true} assume true; {8662#true} is VALID [2022-02-20 18:00:33,092 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {8662#true} {8662#true} #831#return; {8662#true} is VALID [2022-02-20 18:00:33,093 INFO L290 TraceCheckUtils]: 17: Hoare triple {8662#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 24, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {8784#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:00:33,093 INFO L272 TraceCheckUtils]: 18: Hoare triple {8784#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {8662#true} is VALID [2022-02-20 18:00:33,093 INFO L290 TraceCheckUtils]: 19: Hoare triple {8662#true} ~handle := #in~handle;~value := #in~value; {8662#true} is VALID [2022-02-20 18:00:33,094 INFO L290 TraceCheckUtils]: 20: Hoare triple {8662#true} assume !(1 == ~handle); {8662#true} is VALID [2022-02-20 18:00:33,094 INFO L290 TraceCheckUtils]: 21: Hoare triple {8662#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {8662#true} is VALID [2022-02-20 18:00:33,094 INFO L290 TraceCheckUtils]: 22: Hoare triple {8662#true} assume true; {8662#true} is VALID [2022-02-20 18:00:33,096 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {8662#true} {8784#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #833#return; {8784#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:00:33,096 INFO L290 TraceCheckUtils]: 24: Hoare triple {8784#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume { :end_inline_setup_rjh__wrappee__Base } true; {8784#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:00:33,097 INFO L272 TraceCheckUtils]: 25: Hoare triple {8784#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {8662#true} is VALID [2022-02-20 18:00:33,097 INFO L290 TraceCheckUtils]: 26: Hoare triple {8662#true} ~handle := #in~handle;~value := #in~value; {8812#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} is VALID [2022-02-20 18:00:33,099 INFO L290 TraceCheckUtils]: 27: Hoare triple {8812#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8816#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:00:33,100 INFO L290 TraceCheckUtils]: 28: Hoare triple {8816#(<= |setClientPrivateKey_#in~handle| 1)} assume true; {8816#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:00:33,100 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {8816#(<= |setClientPrivateKey_#in~handle| 1)} {8784#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #835#return; {8663#false} is VALID [2022-02-20 18:00:33,100 INFO L290 TraceCheckUtils]: 30: Hoare triple {8663#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 25, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {8663#false} is VALID [2022-02-20 18:00:33,100 INFO L272 TraceCheckUtils]: 31: Hoare triple {8663#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {8663#false} is VALID [2022-02-20 18:00:33,100 INFO L290 TraceCheckUtils]: 32: Hoare triple {8663#false} ~handle := #in~handle;~value := #in~value; {8663#false} is VALID [2022-02-20 18:00:33,101 INFO L290 TraceCheckUtils]: 33: Hoare triple {8663#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8663#false} is VALID [2022-02-20 18:00:33,101 INFO L290 TraceCheckUtils]: 34: Hoare triple {8663#false} assume true; {8663#false} is VALID [2022-02-20 18:00:33,101 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {8663#false} {8663#false} #837#return; {8663#false} is VALID [2022-02-20 18:00:33,101 INFO L290 TraceCheckUtils]: 36: Hoare triple {8663#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {8663#false} is VALID [2022-02-20 18:00:33,101 INFO L272 TraceCheckUtils]: 37: Hoare triple {8663#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {8663#false} is VALID [2022-02-20 18:00:33,101 INFO L290 TraceCheckUtils]: 38: Hoare triple {8663#false} ~handle := #in~handle;~value := #in~value; {8663#false} is VALID [2022-02-20 18:00:33,101 INFO L290 TraceCheckUtils]: 39: Hoare triple {8663#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8663#false} is VALID [2022-02-20 18:00:33,101 INFO L290 TraceCheckUtils]: 40: Hoare triple {8663#false} assume true; {8663#false} is VALID [2022-02-20 18:00:33,101 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {8663#false} {8663#false} #839#return; {8663#false} is VALID [2022-02-20 18:00:33,102 INFO L290 TraceCheckUtils]: 42: Hoare triple {8663#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 26, 0;havoc setup_#t~nondet49#1; {8663#false} is VALID [2022-02-20 18:00:33,102 INFO L290 TraceCheckUtils]: 43: Hoare triple {8663#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {8663#false} is VALID [2022-02-20 18:00:33,102 INFO L290 TraceCheckUtils]: 44: Hoare triple {8663#false} assume !false; {8663#false} is VALID [2022-02-20 18:00:33,102 INFO L290 TraceCheckUtils]: 45: Hoare triple {8663#false} assume test_~splverifierCounter~0#1 < 4; {8663#false} is VALID [2022-02-20 18:00:33,102 INFO L290 TraceCheckUtils]: 46: Hoare triple {8663#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {8663#false} is VALID [2022-02-20 18:00:33,102 INFO L290 TraceCheckUtils]: 47: Hoare triple {8663#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet86#1 && test_#t~nondet86#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet86#1;havoc test_#t~nondet86#1; {8663#false} is VALID [2022-02-20 18:00:33,102 INFO L290 TraceCheckUtils]: 48: Hoare triple {8663#false} assume !(0 != test_~tmp___9~0#1); {8663#false} is VALID [2022-02-20 18:00:33,102 INFO L290 TraceCheckUtils]: 49: Hoare triple {8663#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet87#1 && test_#t~nondet87#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet87#1;havoc test_#t~nondet87#1; {8663#false} is VALID [2022-02-20 18:00:33,102 INFO L290 TraceCheckUtils]: 50: Hoare triple {8663#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {8663#false} is VALID [2022-02-20 18:00:33,103 INFO L290 TraceCheckUtils]: 51: Hoare triple {8663#false} assume !false; {8663#false} is VALID [2022-02-20 18:00:33,103 INFO L290 TraceCheckUtils]: 52: Hoare triple {8663#false} assume !(test_~splverifierCounter~0#1 < 4); {8663#false} is VALID [2022-02-20 18:00:33,103 INFO L290 TraceCheckUtils]: 53: Hoare triple {8663#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret42#1 := puts(22, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {8663#false} is VALID [2022-02-20 18:00:33,103 INFO L272 TraceCheckUtils]: 54: Hoare triple {8663#false} call sendEmail(~bob~0, ~rjh~0); {8663#false} is VALID [2022-02-20 18:00:33,103 INFO L290 TraceCheckUtils]: 55: Hoare triple {8663#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~5#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~5#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {8663#false} is VALID [2022-02-20 18:00:33,103 INFO L272 TraceCheckUtils]: 56: Hoare triple {8663#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {8663#false} is VALID [2022-02-20 18:00:33,103 INFO L290 TraceCheckUtils]: 57: Hoare triple {8663#false} ~handle := #in~handle;~value := #in~value; {8663#false} is VALID [2022-02-20 18:00:33,103 INFO L290 TraceCheckUtils]: 58: Hoare triple {8663#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8663#false} is VALID [2022-02-20 18:00:33,104 INFO L290 TraceCheckUtils]: 59: Hoare triple {8663#false} assume true; {8663#false} is VALID [2022-02-20 18:00:33,104 INFO L284 TraceCheckUtils]: 60: Hoare quadruple {8663#false} {8663#false} #825#return; {8663#false} is VALID [2022-02-20 18:00:33,104 INFO L290 TraceCheckUtils]: 61: Hoare triple {8663#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {8663#false} is VALID [2022-02-20 18:00:33,104 INFO L290 TraceCheckUtils]: 62: Hoare triple {8663#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {8663#false} is VALID [2022-02-20 18:00:33,104 INFO L290 TraceCheckUtils]: 63: Hoare triple {8663#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~5#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~5#1; {8663#false} is VALID [2022-02-20 18:00:33,104 INFO L290 TraceCheckUtils]: 64: Hoare triple {8663#false} #t~ret75#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret75#1 && #t~ret75#1 <= 2147483647;~tmp~16#1 := #t~ret75#1;havoc #t~ret75#1;~email~0#1 := ~tmp~16#1; {8663#false} is VALID [2022-02-20 18:00:33,104 INFO L272 TraceCheckUtils]: 65: Hoare triple {8663#false} call outgoing(~sender#1, ~email~0#1); {8663#false} is VALID [2022-02-20 18:00:33,104 INFO L290 TraceCheckUtils]: 66: Hoare triple {8663#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~13#1;havoc ~pubkey~0#1;havoc ~tmp___0~4#1; {8663#false} is VALID [2022-02-20 18:00:33,104 INFO L272 TraceCheckUtils]: 67: Hoare triple {8663#false} call #t~ret67#1 := getEmailTo(~msg#1); {8663#false} is VALID [2022-02-20 18:00:33,104 INFO L290 TraceCheckUtils]: 68: Hoare triple {8663#false} ~handle := #in~handle;havoc ~retValue_acc~30; {8663#false} is VALID [2022-02-20 18:00:33,105 INFO L290 TraceCheckUtils]: 69: Hoare triple {8663#false} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {8663#false} is VALID [2022-02-20 18:00:33,105 INFO L290 TraceCheckUtils]: 70: Hoare triple {8663#false} assume true; {8663#false} is VALID [2022-02-20 18:00:33,105 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {8663#false} {8663#false} #787#return; {8663#false} is VALID [2022-02-20 18:00:33,105 INFO L290 TraceCheckUtils]: 72: Hoare triple {8663#false} assume -2147483648 <= #t~ret67#1 && #t~ret67#1 <= 2147483647;~tmp~13#1 := #t~ret67#1;havoc #t~ret67#1;~receiver~0#1 := ~tmp~13#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~24#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~24#1; {8663#false} is VALID [2022-02-20 18:00:33,105 INFO L290 TraceCheckUtils]: 73: Hoare triple {8663#false} assume 1 == findPublicKey_~handle#1; {8663#false} is VALID [2022-02-20 18:00:33,105 INFO L290 TraceCheckUtils]: 74: Hoare triple {8663#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~24#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~24#1; {8663#false} is VALID [2022-02-20 18:00:33,105 INFO L290 TraceCheckUtils]: 75: Hoare triple {8663#false} #t~ret68#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret68#1 && #t~ret68#1 <= 2147483647;~tmp___0~4#1 := #t~ret68#1;havoc #t~ret68#1;~pubkey~0#1 := ~tmp___0~4#1; {8663#false} is VALID [2022-02-20 18:00:33,105 INFO L290 TraceCheckUtils]: 76: Hoare triple {8663#false} assume !(0 != ~pubkey~0#1); {8663#false} is VALID [2022-02-20 18:00:33,106 INFO L290 TraceCheckUtils]: 77: Hoare triple {8663#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret66#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~12#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {8663#false} is VALID [2022-02-20 18:00:33,106 INFO L290 TraceCheckUtils]: 78: Hoare triple {8663#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {8663#false} is VALID [2022-02-20 18:00:33,106 INFO L290 TraceCheckUtils]: 79: Hoare triple {8663#false} outgoing__wrappee__Keys_#t~ret66#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret66#1 && outgoing__wrappee__Keys_#t~ret66#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~12#1 := outgoing__wrappee__Keys_#t~ret66#1;havoc outgoing__wrappee__Keys_#t~ret66#1; {8663#false} is VALID [2022-02-20 18:00:33,106 INFO L272 TraceCheckUtils]: 80: Hoare triple {8663#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1); {8663#false} is VALID [2022-02-20 18:00:33,106 INFO L290 TraceCheckUtils]: 81: Hoare triple {8663#false} ~handle := #in~handle;~value := #in~value; {8663#false} is VALID [2022-02-20 18:00:33,106 INFO L290 TraceCheckUtils]: 82: Hoare triple {8663#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8663#false} is VALID [2022-02-20 18:00:33,106 INFO L290 TraceCheckUtils]: 83: Hoare triple {8663#false} assume true; {8663#false} is VALID [2022-02-20 18:00:33,106 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {8663#false} {8663#false} #793#return; {8663#false} is VALID [2022-02-20 18:00:33,106 INFO L290 TraceCheckUtils]: 85: Hoare triple {8663#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret64#1, mail_#t~ret65#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~11#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~11#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 := puts(33, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1; {8663#false} is VALID [2022-02-20 18:00:33,107 INFO L272 TraceCheckUtils]: 86: Hoare triple {8663#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {8663#false} is VALID [2022-02-20 18:00:33,107 INFO L290 TraceCheckUtils]: 87: Hoare triple {8663#false} ~handle := #in~handle;havoc ~retValue_acc~33; {8663#false} is VALID [2022-02-20 18:00:33,107 INFO L290 TraceCheckUtils]: 88: Hoare triple {8663#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~33; {8663#false} is VALID [2022-02-20 18:00:33,107 INFO L290 TraceCheckUtils]: 89: Hoare triple {8663#false} assume true; {8663#false} is VALID [2022-02-20 18:00:33,107 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {8663#false} {8663#false} #795#return; {8663#false} is VALID [2022-02-20 18:00:33,107 INFO L290 TraceCheckUtils]: 91: Hoare triple {8663#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset := 34, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1; {8663#false} is VALID [2022-02-20 18:00:33,107 INFO L290 TraceCheckUtils]: 92: Hoare triple {8663#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret64#1 := puts(30, 0);assume -2147483648 <= mail_#t~ret64#1 && mail_#t~ret64#1 <= 2147483647;havoc mail_#t~ret64#1; {8663#false} is VALID [2022-02-20 18:00:33,107 INFO L272 TraceCheckUtils]: 93: Hoare triple {8663#false} call mail_#t~ret65#1 := getEmailTo(mail_~msg#1); {8663#false} is VALID [2022-02-20 18:00:33,107 INFO L290 TraceCheckUtils]: 94: Hoare triple {8663#false} ~handle := #in~handle;havoc ~retValue_acc~30; {8663#false} is VALID [2022-02-20 18:00:33,108 INFO L290 TraceCheckUtils]: 95: Hoare triple {8663#false} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {8663#false} is VALID [2022-02-20 18:00:33,108 INFO L290 TraceCheckUtils]: 96: Hoare triple {8663#false} assume true; {8663#false} is VALID [2022-02-20 18:00:33,108 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {8663#false} {8663#false} #797#return; {8663#false} is VALID [2022-02-20 18:00:33,108 INFO L290 TraceCheckUtils]: 98: Hoare triple {8663#false} assume -2147483648 <= mail_#t~ret65#1 && mail_#t~ret65#1 <= 2147483647;mail_~tmp~11#1 := mail_#t~ret65#1;havoc mail_#t~ret65#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~11#1, mail_~msg#1;havoc incoming_#t~ret70#1, incoming_#t~ret71#1, incoming_#t~ret72#1, incoming_#t~ret73#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~14#1, incoming_~tmp___0~5#1, incoming_~tmp___1~2#1, incoming_~tmp___2~1#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~14#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~2#1;havoc incoming_~tmp___2~1#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 := puts(35, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset := 36, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1; {8663#false} is VALID [2022-02-20 18:00:33,108 INFO L290 TraceCheckUtils]: 99: Hoare triple {8663#false} assume 1 == ~sent_encrypted~0; {8663#false} is VALID [2022-02-20 18:00:33,108 INFO L272 TraceCheckUtils]: 100: Hoare triple {8663#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {8663#false} is VALID [2022-02-20 18:00:33,108 INFO L290 TraceCheckUtils]: 101: Hoare triple {8663#false} ~handle := #in~handle;havoc ~retValue_acc~19; {8663#false} is VALID [2022-02-20 18:00:33,108 INFO L290 TraceCheckUtils]: 102: Hoare triple {8663#false} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {8663#false} is VALID [2022-02-20 18:00:33,108 INFO L290 TraceCheckUtils]: 103: Hoare triple {8663#false} assume true; {8663#false} is VALID [2022-02-20 18:00:33,109 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {8663#false} {8663#false} #799#return; {8663#false} is VALID [2022-02-20 18:00:33,109 INFO L290 TraceCheckUtils]: 105: Hoare triple {8663#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~17#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1; {8663#false} is VALID [2022-02-20 18:00:33,109 INFO L272 TraceCheckUtils]: 106: Hoare triple {8663#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {8663#false} is VALID [2022-02-20 18:00:33,109 INFO L290 TraceCheckUtils]: 107: Hoare triple {8663#false} ~handle := #in~handle;havoc ~retValue_acc~34; {8663#false} is VALID [2022-02-20 18:00:33,109 INFO L290 TraceCheckUtils]: 108: Hoare triple {8663#false} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~34; {8663#false} is VALID [2022-02-20 18:00:33,109 INFO L290 TraceCheckUtils]: 109: Hoare triple {8663#false} assume true; {8663#false} is VALID [2022-02-20 18:00:33,109 INFO L284 TraceCheckUtils]: 110: Hoare quadruple {8663#false} {8663#false} #801#return; {8663#false} is VALID [2022-02-20 18:00:33,109 INFO L290 TraceCheckUtils]: 111: Hoare triple {8663#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1; {8663#false} is VALID [2022-02-20 18:00:33,109 INFO L272 TraceCheckUtils]: 112: Hoare triple {8663#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1); {8663#false} is VALID [2022-02-20 18:00:33,110 INFO L290 TraceCheckUtils]: 113: Hoare triple {8663#false} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~42;havoc ~__cil_tmp4~4.base, ~__cil_tmp4~4.offset;~__cil_tmp4~4.base, ~__cil_tmp4~4.offset := 32, 0;havoc #t~nondet76; {8663#false} is VALID [2022-02-20 18:00:33,110 INFO L290 TraceCheckUtils]: 114: Hoare triple {8663#false} assume 0 == ~publicKey;~retValue_acc~42 := 0;#res := ~retValue_acc~42; {8663#false} is VALID [2022-02-20 18:00:33,110 INFO L290 TraceCheckUtils]: 115: Hoare triple {8663#false} assume true; {8663#false} is VALID [2022-02-20 18:00:33,110 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {8663#false} {8663#false} #803#return; {8663#false} is VALID [2022-02-20 18:00:33,110 INFO L290 TraceCheckUtils]: 117: Hoare triple {8663#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1; {8663#false} is VALID [2022-02-20 18:00:33,110 INFO L290 TraceCheckUtils]: 118: Hoare triple {8663#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1);assume { :begin_inline___automaton_fail } true; {8663#false} is VALID [2022-02-20 18:00:33,110 INFO L290 TraceCheckUtils]: 119: Hoare triple {8663#false} assume !false; {8663#false} is VALID [2022-02-20 18:00:33,111 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 15 trivial. 0 not checked. [2022-02-20 18:00:33,111 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:00:33,111 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [46632075] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:00:33,111 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:00:33,111 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [11] total 14 [2022-02-20 18:00:33,111 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [493011054] [2022-02-20 18:00:33,111 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:00:33,112 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 16.2) internal successors, (81), 5 states have internal predecessors, (81), 3 states have call successors, (16), 2 states have call predecessors, (16), 3 states have return successors, (14), 3 states have call predecessors, (14), 3 states have call successors, (14) Word has length 120 [2022-02-20 18:00:33,112 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:00:33,112 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 16.2) internal successors, (81), 5 states have internal predecessors, (81), 3 states have call successors, (16), 2 states have call predecessors, (16), 3 states have return successors, (14), 3 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 18:00:33,182 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 111 edges. 111 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:33,183 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:00:33,183 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:00:33,183 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:00:33,183 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=28, Invalid=154, Unknown=0, NotChecked=0, Total=182 [2022-02-20 18:00:33,184 INFO L87 Difference]: Start difference. First operand 315 states and 481 transitions. Second operand has 5 states, 5 states have (on average 16.2) internal successors, (81), 5 states have internal predecessors, (81), 3 states have call successors, (16), 2 states have call predecessors, (16), 3 states have return successors, (14), 3 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 18:00:33,943 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:33,943 INFO L93 Difference]: Finished difference Result 619 states and 951 transitions. [2022-02-20 18:00:33,943 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:00:33,943 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 16.2) internal successors, (81), 5 states have internal predecessors, (81), 3 states have call successors, (16), 2 states have call predecessors, (16), 3 states have return successors, (14), 3 states have call predecessors, (14), 3 states have call successors, (14) Word has length 120 [2022-02-20 18:00:33,943 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:00:33,944 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 16.2) internal successors, (81), 5 states have internal predecessors, (81), 3 states have call successors, (16), 2 states have call predecessors, (16), 3 states have return successors, (14), 3 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 18:00:33,949 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 789 transitions. [2022-02-20 18:00:33,949 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 16.2) internal successors, (81), 5 states have internal predecessors, (81), 3 states have call successors, (16), 2 states have call predecessors, (16), 3 states have return successors, (14), 3 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 18:00:33,954 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 789 transitions. [2022-02-20 18:00:33,954 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 789 transitions. [2022-02-20 18:00:34,424 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 789 edges. 789 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:34,431 INFO L225 Difference]: With dead ends: 619 [2022-02-20 18:00:34,431 INFO L226 Difference]: Without dead ends: 317 [2022-02-20 18:00:34,432 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 154 GetRequests, 141 SyntacticMatches, 0 SemanticMatches, 13 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=32, Invalid=178, Unknown=0, NotChecked=0, Total=210 [2022-02-20 18:00:34,433 INFO L933 BasicCegarLoop]: 389 mSDtfsCounter, 116 mSDsluCounter, 1028 mSDsCounter, 0 mSdLazyCounter, 45 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 136 SdHoareTripleChecker+Valid, 1417 SdHoareTripleChecker+Invalid, 45 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 45 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:00:34,433 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [136 Valid, 1417 Invalid, 45 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 45 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:00:34,434 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 317 states. [2022-02-20 18:00:34,498 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 317 to 317. [2022-02-20 18:00:34,498 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:00:34,499 INFO L82 GeneralOperation]: Start isEquivalent. First operand 317 states. Second operand has 317 states, 243 states have (on average 1.5349794238683128) internal successors, (373), 248 states have internal predecessors, (373), 54 states have call successors, (54), 17 states have call predecessors, (54), 19 states have return successors, (60), 53 states have call predecessors, (60), 53 states have call successors, (60) [2022-02-20 18:00:34,499 INFO L74 IsIncluded]: Start isIncluded. First operand 317 states. Second operand has 317 states, 243 states have (on average 1.5349794238683128) internal successors, (373), 248 states have internal predecessors, (373), 54 states have call successors, (54), 17 states have call predecessors, (54), 19 states have return successors, (60), 53 states have call predecessors, (60), 53 states have call successors, (60) [2022-02-20 18:00:34,500 INFO L87 Difference]: Start difference. First operand 317 states. Second operand has 317 states, 243 states have (on average 1.5349794238683128) internal successors, (373), 248 states have internal predecessors, (373), 54 states have call successors, (54), 17 states have call predecessors, (54), 19 states have return successors, (60), 53 states have call predecessors, (60), 53 states have call successors, (60) [2022-02-20 18:00:34,508 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:34,508 INFO L93 Difference]: Finished difference Result 317 states and 487 transitions. [2022-02-20 18:00:34,508 INFO L276 IsEmpty]: Start isEmpty. Operand 317 states and 487 transitions. [2022-02-20 18:00:34,509 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:34,509 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:34,510 INFO L74 IsIncluded]: Start isIncluded. First operand has 317 states, 243 states have (on average 1.5349794238683128) internal successors, (373), 248 states have internal predecessors, (373), 54 states have call successors, (54), 17 states have call predecessors, (54), 19 states have return successors, (60), 53 states have call predecessors, (60), 53 states have call successors, (60) Second operand 317 states. [2022-02-20 18:00:34,510 INFO L87 Difference]: Start difference. First operand has 317 states, 243 states have (on average 1.5349794238683128) internal successors, (373), 248 states have internal predecessors, (373), 54 states have call successors, (54), 17 states have call predecessors, (54), 19 states have return successors, (60), 53 states have call predecessors, (60), 53 states have call successors, (60) Second operand 317 states. [2022-02-20 18:00:34,519 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:34,520 INFO L93 Difference]: Finished difference Result 317 states and 487 transitions. [2022-02-20 18:00:34,520 INFO L276 IsEmpty]: Start isEmpty. Operand 317 states and 487 transitions. [2022-02-20 18:00:34,521 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:34,521 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:34,521 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:00:34,521 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:00:34,522 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 317 states, 243 states have (on average 1.5349794238683128) internal successors, (373), 248 states have internal predecessors, (373), 54 states have call successors, (54), 17 states have call predecessors, (54), 19 states have return successors, (60), 53 states have call predecessors, (60), 53 states have call successors, (60) [2022-02-20 18:00:34,531 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 317 states to 317 states and 487 transitions. [2022-02-20 18:00:34,531 INFO L78 Accepts]: Start accepts. Automaton has 317 states and 487 transitions. Word has length 120 [2022-02-20 18:00:34,531 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:00:34,532 INFO L470 AbstractCegarLoop]: Abstraction has 317 states and 487 transitions. [2022-02-20 18:00:34,532 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 16.2) internal successors, (81), 5 states have internal predecessors, (81), 3 states have call successors, (16), 2 states have call predecessors, (16), 3 states have return successors, (14), 3 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 18:00:34,532 INFO L276 IsEmpty]: Start isEmpty. Operand 317 states and 487 transitions. [2022-02-20 18:00:34,535 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 122 [2022-02-20 18:00:34,535 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:00:34,535 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:00:34,553 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Forceful destruction successful, exit code 0 [2022-02-20 18:00:34,751 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4,6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:00:34,752 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:00:34,752 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:00:34,752 INFO L85 PathProgramCache]: Analyzing trace with hash -957882069, now seen corresponding path program 1 times [2022-02-20 18:00:34,752 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:00:34,752 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2096086016] [2022-02-20 18:00:34,752 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:34,752 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:00:34,797 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:34,827 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:00:34,829 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:34,831 INFO L290 TraceCheckUtils]: 0: Hoare triple {11114#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11053#true} is VALID [2022-02-20 18:00:34,831 INFO L290 TraceCheckUtils]: 1: Hoare triple {11053#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11053#true} is VALID [2022-02-20 18:00:34,831 INFO L290 TraceCheckUtils]: 2: Hoare triple {11053#true} assume true; {11053#true} is VALID [2022-02-20 18:00:34,831 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11053#true} {11053#true} #829#return; {11053#true} is VALID [2022-02-20 18:00:34,836 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:00:34,839 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:34,841 INFO L290 TraceCheckUtils]: 0: Hoare triple {11115#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11053#true} is VALID [2022-02-20 18:00:34,841 INFO L290 TraceCheckUtils]: 1: Hoare triple {11053#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11053#true} is VALID [2022-02-20 18:00:34,841 INFO L290 TraceCheckUtils]: 2: Hoare triple {11053#true} assume true; {11053#true} is VALID [2022-02-20 18:00:34,841 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11053#true} {11053#true} #831#return; {11053#true} is VALID [2022-02-20 18:00:34,841 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:00:34,842 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:34,843 INFO L290 TraceCheckUtils]: 0: Hoare triple {11114#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11053#true} is VALID [2022-02-20 18:00:34,844 INFO L290 TraceCheckUtils]: 1: Hoare triple {11053#true} assume !(1 == ~handle); {11053#true} is VALID [2022-02-20 18:00:34,844 INFO L290 TraceCheckUtils]: 2: Hoare triple {11053#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {11053#true} is VALID [2022-02-20 18:00:34,844 INFO L290 TraceCheckUtils]: 3: Hoare triple {11053#true} assume true; {11053#true} is VALID [2022-02-20 18:00:34,844 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {11053#true} {11053#true} #833#return; {11053#true} is VALID [2022-02-20 18:00:34,844 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:00:34,845 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:34,847 INFO L290 TraceCheckUtils]: 0: Hoare triple {11115#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11053#true} is VALID [2022-02-20 18:00:34,847 INFO L290 TraceCheckUtils]: 1: Hoare triple {11053#true} assume !(1 == ~handle); {11053#true} is VALID [2022-02-20 18:00:34,847 INFO L290 TraceCheckUtils]: 2: Hoare triple {11053#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {11053#true} is VALID [2022-02-20 18:00:34,847 INFO L290 TraceCheckUtils]: 3: Hoare triple {11053#true} assume true; {11053#true} is VALID [2022-02-20 18:00:34,847 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {11053#true} {11053#true} #835#return; {11053#true} is VALID [2022-02-20 18:00:34,847 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:00:34,850 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:34,860 INFO L290 TraceCheckUtils]: 0: Hoare triple {11114#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11116#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:34,861 INFO L290 TraceCheckUtils]: 1: Hoare triple {11116#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11117#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:34,861 INFO L290 TraceCheckUtils]: 2: Hoare triple {11117#(= |setClientId_#in~handle| 1)} assume true; {11117#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:34,861 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11117#(= |setClientId_#in~handle| 1)} {11073#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #837#return; {11054#false} is VALID [2022-02-20 18:00:34,862 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:00:34,863 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:34,865 INFO L290 TraceCheckUtils]: 0: Hoare triple {11115#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11053#true} is VALID [2022-02-20 18:00:34,865 INFO L290 TraceCheckUtils]: 1: Hoare triple {11053#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11053#true} is VALID [2022-02-20 18:00:34,865 INFO L290 TraceCheckUtils]: 2: Hoare triple {11053#true} assume true; {11053#true} is VALID [2022-02-20 18:00:34,865 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11053#true} {11054#false} #839#return; {11054#false} is VALID [2022-02-20 18:00:34,876 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 18:00:34,877 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:34,878 INFO L290 TraceCheckUtils]: 0: Hoare triple {11118#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11053#true} is VALID [2022-02-20 18:00:34,879 INFO L290 TraceCheckUtils]: 1: Hoare triple {11053#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11053#true} is VALID [2022-02-20 18:00:34,879 INFO L290 TraceCheckUtils]: 2: Hoare triple {11053#true} assume true; {11053#true} is VALID [2022-02-20 18:00:34,879 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11053#true} {11054#false} #825#return; {11054#false} is VALID [2022-02-20 18:00:34,879 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 18:00:34,880 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:34,881 INFO L290 TraceCheckUtils]: 0: Hoare triple {11053#true} ~handle := #in~handle;havoc ~retValue_acc~30; {11053#true} is VALID [2022-02-20 18:00:34,881 INFO L290 TraceCheckUtils]: 1: Hoare triple {11053#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {11053#true} is VALID [2022-02-20 18:00:34,881 INFO L290 TraceCheckUtils]: 2: Hoare triple {11053#true} assume true; {11053#true} is VALID [2022-02-20 18:00:34,881 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11053#true} {11054#false} #787#return; {11054#false} is VALID [2022-02-20 18:00:34,881 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81 [2022-02-20 18:00:34,882 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:34,884 INFO L290 TraceCheckUtils]: 0: Hoare triple {11118#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11053#true} is VALID [2022-02-20 18:00:34,884 INFO L290 TraceCheckUtils]: 1: Hoare triple {11053#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11053#true} is VALID [2022-02-20 18:00:34,884 INFO L290 TraceCheckUtils]: 2: Hoare triple {11053#true} assume true; {11053#true} is VALID [2022-02-20 18:00:34,884 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11053#true} {11054#false} #793#return; {11054#false} is VALID [2022-02-20 18:00:34,884 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 18:00:34,885 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:34,886 INFO L290 TraceCheckUtils]: 0: Hoare triple {11053#true} ~handle := #in~handle;havoc ~retValue_acc~33; {11053#true} is VALID [2022-02-20 18:00:34,887 INFO L290 TraceCheckUtils]: 1: Hoare triple {11053#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~33; {11053#true} is VALID [2022-02-20 18:00:34,887 INFO L290 TraceCheckUtils]: 2: Hoare triple {11053#true} assume true; {11053#true} is VALID [2022-02-20 18:00:34,887 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11053#true} {11054#false} #795#return; {11054#false} is VALID [2022-02-20 18:00:34,887 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 18:00:34,887 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:34,889 INFO L290 TraceCheckUtils]: 0: Hoare triple {11053#true} ~handle := #in~handle;havoc ~retValue_acc~30; {11053#true} is VALID [2022-02-20 18:00:34,889 INFO L290 TraceCheckUtils]: 1: Hoare triple {11053#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {11053#true} is VALID [2022-02-20 18:00:34,889 INFO L290 TraceCheckUtils]: 2: Hoare triple {11053#true} assume true; {11053#true} is VALID [2022-02-20 18:00:34,889 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11053#true} {11054#false} #797#return; {11054#false} is VALID [2022-02-20 18:00:34,889 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 18:00:34,890 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:34,891 INFO L290 TraceCheckUtils]: 0: Hoare triple {11053#true} ~handle := #in~handle;havoc ~retValue_acc~19; {11053#true} is VALID [2022-02-20 18:00:34,891 INFO L290 TraceCheckUtils]: 1: Hoare triple {11053#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {11053#true} is VALID [2022-02-20 18:00:34,891 INFO L290 TraceCheckUtils]: 2: Hoare triple {11053#true} assume true; {11053#true} is VALID [2022-02-20 18:00:34,892 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11053#true} {11054#false} #799#return; {11054#false} is VALID [2022-02-20 18:00:34,892 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 107 [2022-02-20 18:00:34,892 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:34,893 INFO L290 TraceCheckUtils]: 0: Hoare triple {11053#true} ~handle := #in~handle;havoc ~retValue_acc~34; {11053#true} is VALID [2022-02-20 18:00:34,894 INFO L290 TraceCheckUtils]: 1: Hoare triple {11053#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~34; {11053#true} is VALID [2022-02-20 18:00:34,894 INFO L290 TraceCheckUtils]: 2: Hoare triple {11053#true} assume true; {11053#true} is VALID [2022-02-20 18:00:34,894 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11053#true} {11054#false} #801#return; {11054#false} is VALID [2022-02-20 18:00:34,894 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 113 [2022-02-20 18:00:34,894 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:34,896 INFO L290 TraceCheckUtils]: 0: Hoare triple {11053#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~42;havoc ~__cil_tmp4~4.base, ~__cil_tmp4~4.offset;~__cil_tmp4~4.base, ~__cil_tmp4~4.offset := 32, 0;havoc #t~nondet76; {11053#true} is VALID [2022-02-20 18:00:34,896 INFO L290 TraceCheckUtils]: 1: Hoare triple {11053#true} assume 0 == ~publicKey;~retValue_acc~42 := 0;#res := ~retValue_acc~42; {11053#true} is VALID [2022-02-20 18:00:34,896 INFO L290 TraceCheckUtils]: 2: Hoare triple {11053#true} assume true; {11053#true} is VALID [2022-02-20 18:00:34,896 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11053#true} {11054#false} #803#return; {11054#false} is VALID [2022-02-20 18:00:34,896 INFO L290 TraceCheckUtils]: 0: Hoare triple {11053#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(21, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(44, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(11, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(100, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(20, 32);call #Ultimate.allocInit(13, 33);call #Ultimate.allocInit(19, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(19, 36);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(115, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_encrypted~0 := -1; {11053#true} is VALID [2022-02-20 18:00:34,896 INFO L290 TraceCheckUtils]: 1: Hoare triple {11053#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~9#1, main_~tmp~7#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {11053#true} is VALID [2022-02-20 18:00:34,897 INFO L290 TraceCheckUtils]: 2: Hoare triple {11053#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {11053#true} is VALID [2022-02-20 18:00:34,897 INFO L290 TraceCheckUtils]: 3: Hoare triple {11053#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {11053#true} is VALID [2022-02-20 18:00:34,897 INFO L290 TraceCheckUtils]: 4: Hoare triple {11053#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {11053#true} is VALID [2022-02-20 18:00:34,897 INFO L290 TraceCheckUtils]: 5: Hoare triple {11053#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {11053#true} is VALID [2022-02-20 18:00:34,897 INFO L272 TraceCheckUtils]: 6: Hoare triple {11053#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {11114#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:34,898 INFO L290 TraceCheckUtils]: 7: Hoare triple {11114#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11053#true} is VALID [2022-02-20 18:00:34,898 INFO L290 TraceCheckUtils]: 8: Hoare triple {11053#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11053#true} is VALID [2022-02-20 18:00:34,898 INFO L290 TraceCheckUtils]: 9: Hoare triple {11053#true} assume true; {11053#true} is VALID [2022-02-20 18:00:34,898 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {11053#true} {11053#true} #829#return; {11053#true} is VALID [2022-02-20 18:00:34,898 INFO L290 TraceCheckUtils]: 11: Hoare triple {11053#true} assume { :end_inline_setup_bob__wrappee__Base } true; {11053#true} is VALID [2022-02-20 18:00:34,898 INFO L272 TraceCheckUtils]: 12: Hoare triple {11053#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {11115#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:34,899 INFO L290 TraceCheckUtils]: 13: Hoare triple {11115#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11053#true} is VALID [2022-02-20 18:00:34,899 INFO L290 TraceCheckUtils]: 14: Hoare triple {11053#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11053#true} is VALID [2022-02-20 18:00:34,899 INFO L290 TraceCheckUtils]: 15: Hoare triple {11053#true} assume true; {11053#true} is VALID [2022-02-20 18:00:34,899 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {11053#true} {11053#true} #831#return; {11053#true} is VALID [2022-02-20 18:00:34,899 INFO L290 TraceCheckUtils]: 17: Hoare triple {11053#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 24, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {11053#true} is VALID [2022-02-20 18:00:34,900 INFO L272 TraceCheckUtils]: 18: Hoare triple {11053#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {11114#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:34,900 INFO L290 TraceCheckUtils]: 19: Hoare triple {11114#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11053#true} is VALID [2022-02-20 18:00:34,900 INFO L290 TraceCheckUtils]: 20: Hoare triple {11053#true} assume !(1 == ~handle); {11053#true} is VALID [2022-02-20 18:00:34,900 INFO L290 TraceCheckUtils]: 21: Hoare triple {11053#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {11053#true} is VALID [2022-02-20 18:00:34,900 INFO L290 TraceCheckUtils]: 22: Hoare triple {11053#true} assume true; {11053#true} is VALID [2022-02-20 18:00:34,900 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {11053#true} {11053#true} #833#return; {11053#true} is VALID [2022-02-20 18:00:34,900 INFO L290 TraceCheckUtils]: 24: Hoare triple {11053#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {11053#true} is VALID [2022-02-20 18:00:34,901 INFO L272 TraceCheckUtils]: 25: Hoare triple {11053#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {11115#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:34,901 INFO L290 TraceCheckUtils]: 26: Hoare triple {11115#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11053#true} is VALID [2022-02-20 18:00:34,901 INFO L290 TraceCheckUtils]: 27: Hoare triple {11053#true} assume !(1 == ~handle); {11053#true} is VALID [2022-02-20 18:00:34,901 INFO L290 TraceCheckUtils]: 28: Hoare triple {11053#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {11053#true} is VALID [2022-02-20 18:00:34,901 INFO L290 TraceCheckUtils]: 29: Hoare triple {11053#true} assume true; {11053#true} is VALID [2022-02-20 18:00:34,901 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {11053#true} {11053#true} #835#return; {11053#true} is VALID [2022-02-20 18:00:34,902 INFO L290 TraceCheckUtils]: 31: Hoare triple {11053#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 25, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {11073#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:00:34,902 INFO L272 TraceCheckUtils]: 32: Hoare triple {11073#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {11114#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:34,902 INFO L290 TraceCheckUtils]: 33: Hoare triple {11114#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11116#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:34,903 INFO L290 TraceCheckUtils]: 34: Hoare triple {11116#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11117#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:34,903 INFO L290 TraceCheckUtils]: 35: Hoare triple {11117#(= |setClientId_#in~handle| 1)} assume true; {11117#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:34,903 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {11117#(= |setClientId_#in~handle| 1)} {11073#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #837#return; {11054#false} is VALID [2022-02-20 18:00:34,904 INFO L290 TraceCheckUtils]: 37: Hoare triple {11054#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {11054#false} is VALID [2022-02-20 18:00:34,904 INFO L272 TraceCheckUtils]: 38: Hoare triple {11054#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {11115#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:34,904 INFO L290 TraceCheckUtils]: 39: Hoare triple {11115#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11053#true} is VALID [2022-02-20 18:00:34,904 INFO L290 TraceCheckUtils]: 40: Hoare triple {11053#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11053#true} is VALID [2022-02-20 18:00:34,904 INFO L290 TraceCheckUtils]: 41: Hoare triple {11053#true} assume true; {11053#true} is VALID [2022-02-20 18:00:34,904 INFO L284 TraceCheckUtils]: 42: Hoare quadruple {11053#true} {11054#false} #839#return; {11054#false} is VALID [2022-02-20 18:00:34,904 INFO L290 TraceCheckUtils]: 43: Hoare triple {11054#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 26, 0;havoc setup_#t~nondet49#1; {11054#false} is VALID [2022-02-20 18:00:34,904 INFO L290 TraceCheckUtils]: 44: Hoare triple {11054#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {11054#false} is VALID [2022-02-20 18:00:34,904 INFO L290 TraceCheckUtils]: 45: Hoare triple {11054#false} assume !false; {11054#false} is VALID [2022-02-20 18:00:34,905 INFO L290 TraceCheckUtils]: 46: Hoare triple {11054#false} assume test_~splverifierCounter~0#1 < 4; {11054#false} is VALID [2022-02-20 18:00:34,905 INFO L290 TraceCheckUtils]: 47: Hoare triple {11054#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {11054#false} is VALID [2022-02-20 18:00:34,905 INFO L290 TraceCheckUtils]: 48: Hoare triple {11054#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet86#1 && test_#t~nondet86#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet86#1;havoc test_#t~nondet86#1; {11054#false} is VALID [2022-02-20 18:00:34,905 INFO L290 TraceCheckUtils]: 49: Hoare triple {11054#false} assume !(0 != test_~tmp___9~0#1); {11054#false} is VALID [2022-02-20 18:00:34,905 INFO L290 TraceCheckUtils]: 50: Hoare triple {11054#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet87#1 && test_#t~nondet87#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet87#1;havoc test_#t~nondet87#1; {11054#false} is VALID [2022-02-20 18:00:34,905 INFO L290 TraceCheckUtils]: 51: Hoare triple {11054#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {11054#false} is VALID [2022-02-20 18:00:34,905 INFO L290 TraceCheckUtils]: 52: Hoare triple {11054#false} assume !false; {11054#false} is VALID [2022-02-20 18:00:34,905 INFO L290 TraceCheckUtils]: 53: Hoare triple {11054#false} assume !(test_~splverifierCounter~0#1 < 4); {11054#false} is VALID [2022-02-20 18:00:34,905 INFO L290 TraceCheckUtils]: 54: Hoare triple {11054#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret42#1 := puts(22, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {11054#false} is VALID [2022-02-20 18:00:34,905 INFO L272 TraceCheckUtils]: 55: Hoare triple {11054#false} call sendEmail(~bob~0, ~rjh~0); {11054#false} is VALID [2022-02-20 18:00:34,906 INFO L290 TraceCheckUtils]: 56: Hoare triple {11054#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~5#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~5#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {11054#false} is VALID [2022-02-20 18:00:34,906 INFO L272 TraceCheckUtils]: 57: Hoare triple {11054#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {11118#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:34,906 INFO L290 TraceCheckUtils]: 58: Hoare triple {11118#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11053#true} is VALID [2022-02-20 18:00:34,906 INFO L290 TraceCheckUtils]: 59: Hoare triple {11053#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11053#true} is VALID [2022-02-20 18:00:34,906 INFO L290 TraceCheckUtils]: 60: Hoare triple {11053#true} assume true; {11053#true} is VALID [2022-02-20 18:00:34,906 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {11053#true} {11054#false} #825#return; {11054#false} is VALID [2022-02-20 18:00:34,906 INFO L290 TraceCheckUtils]: 62: Hoare triple {11054#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {11054#false} is VALID [2022-02-20 18:00:34,906 INFO L290 TraceCheckUtils]: 63: Hoare triple {11054#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {11054#false} is VALID [2022-02-20 18:00:34,906 INFO L290 TraceCheckUtils]: 64: Hoare triple {11054#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~5#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~5#1; {11054#false} is VALID [2022-02-20 18:00:34,907 INFO L290 TraceCheckUtils]: 65: Hoare triple {11054#false} #t~ret75#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret75#1 && #t~ret75#1 <= 2147483647;~tmp~16#1 := #t~ret75#1;havoc #t~ret75#1;~email~0#1 := ~tmp~16#1; {11054#false} is VALID [2022-02-20 18:00:34,907 INFO L272 TraceCheckUtils]: 66: Hoare triple {11054#false} call outgoing(~sender#1, ~email~0#1); {11054#false} is VALID [2022-02-20 18:00:34,907 INFO L290 TraceCheckUtils]: 67: Hoare triple {11054#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~13#1;havoc ~pubkey~0#1;havoc ~tmp___0~4#1; {11054#false} is VALID [2022-02-20 18:00:34,907 INFO L272 TraceCheckUtils]: 68: Hoare triple {11054#false} call #t~ret67#1 := getEmailTo(~msg#1); {11053#true} is VALID [2022-02-20 18:00:34,907 INFO L290 TraceCheckUtils]: 69: Hoare triple {11053#true} ~handle := #in~handle;havoc ~retValue_acc~30; {11053#true} is VALID [2022-02-20 18:00:34,907 INFO L290 TraceCheckUtils]: 70: Hoare triple {11053#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {11053#true} is VALID [2022-02-20 18:00:34,907 INFO L290 TraceCheckUtils]: 71: Hoare triple {11053#true} assume true; {11053#true} is VALID [2022-02-20 18:00:34,907 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {11053#true} {11054#false} #787#return; {11054#false} is VALID [2022-02-20 18:00:34,907 INFO L290 TraceCheckUtils]: 73: Hoare triple {11054#false} assume -2147483648 <= #t~ret67#1 && #t~ret67#1 <= 2147483647;~tmp~13#1 := #t~ret67#1;havoc #t~ret67#1;~receiver~0#1 := ~tmp~13#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~24#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~24#1; {11054#false} is VALID [2022-02-20 18:00:34,907 INFO L290 TraceCheckUtils]: 74: Hoare triple {11054#false} assume 1 == findPublicKey_~handle#1; {11054#false} is VALID [2022-02-20 18:00:34,908 INFO L290 TraceCheckUtils]: 75: Hoare triple {11054#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~24#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~24#1; {11054#false} is VALID [2022-02-20 18:00:34,908 INFO L290 TraceCheckUtils]: 76: Hoare triple {11054#false} #t~ret68#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret68#1 && #t~ret68#1 <= 2147483647;~tmp___0~4#1 := #t~ret68#1;havoc #t~ret68#1;~pubkey~0#1 := ~tmp___0~4#1; {11054#false} is VALID [2022-02-20 18:00:34,908 INFO L290 TraceCheckUtils]: 77: Hoare triple {11054#false} assume !(0 != ~pubkey~0#1); {11054#false} is VALID [2022-02-20 18:00:34,908 INFO L290 TraceCheckUtils]: 78: Hoare triple {11054#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret66#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~12#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {11054#false} is VALID [2022-02-20 18:00:34,908 INFO L290 TraceCheckUtils]: 79: Hoare triple {11054#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {11054#false} is VALID [2022-02-20 18:00:34,908 INFO L290 TraceCheckUtils]: 80: Hoare triple {11054#false} outgoing__wrappee__Keys_#t~ret66#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret66#1 && outgoing__wrappee__Keys_#t~ret66#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~12#1 := outgoing__wrappee__Keys_#t~ret66#1;havoc outgoing__wrappee__Keys_#t~ret66#1; {11054#false} is VALID [2022-02-20 18:00:34,908 INFO L272 TraceCheckUtils]: 81: Hoare triple {11054#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1); {11118#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:34,908 INFO L290 TraceCheckUtils]: 82: Hoare triple {11118#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11053#true} is VALID [2022-02-20 18:00:34,908 INFO L290 TraceCheckUtils]: 83: Hoare triple {11053#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11053#true} is VALID [2022-02-20 18:00:34,909 INFO L290 TraceCheckUtils]: 84: Hoare triple {11053#true} assume true; {11053#true} is VALID [2022-02-20 18:00:34,909 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {11053#true} {11054#false} #793#return; {11054#false} is VALID [2022-02-20 18:00:34,909 INFO L290 TraceCheckUtils]: 86: Hoare triple {11054#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret64#1, mail_#t~ret65#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~11#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~11#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 := puts(33, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1; {11054#false} is VALID [2022-02-20 18:00:34,909 INFO L272 TraceCheckUtils]: 87: Hoare triple {11054#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {11053#true} is VALID [2022-02-20 18:00:34,909 INFO L290 TraceCheckUtils]: 88: Hoare triple {11053#true} ~handle := #in~handle;havoc ~retValue_acc~33; {11053#true} is VALID [2022-02-20 18:00:34,909 INFO L290 TraceCheckUtils]: 89: Hoare triple {11053#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~33; {11053#true} is VALID [2022-02-20 18:00:34,909 INFO L290 TraceCheckUtils]: 90: Hoare triple {11053#true} assume true; {11053#true} is VALID [2022-02-20 18:00:34,909 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {11053#true} {11054#false} #795#return; {11054#false} is VALID [2022-02-20 18:00:34,909 INFO L290 TraceCheckUtils]: 92: Hoare triple {11054#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset := 34, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1; {11054#false} is VALID [2022-02-20 18:00:34,909 INFO L290 TraceCheckUtils]: 93: Hoare triple {11054#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret64#1 := puts(30, 0);assume -2147483648 <= mail_#t~ret64#1 && mail_#t~ret64#1 <= 2147483647;havoc mail_#t~ret64#1; {11054#false} is VALID [2022-02-20 18:00:34,910 INFO L272 TraceCheckUtils]: 94: Hoare triple {11054#false} call mail_#t~ret65#1 := getEmailTo(mail_~msg#1); {11053#true} is VALID [2022-02-20 18:00:34,910 INFO L290 TraceCheckUtils]: 95: Hoare triple {11053#true} ~handle := #in~handle;havoc ~retValue_acc~30; {11053#true} is VALID [2022-02-20 18:00:34,910 INFO L290 TraceCheckUtils]: 96: Hoare triple {11053#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {11053#true} is VALID [2022-02-20 18:00:34,910 INFO L290 TraceCheckUtils]: 97: Hoare triple {11053#true} assume true; {11053#true} is VALID [2022-02-20 18:00:34,910 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {11053#true} {11054#false} #797#return; {11054#false} is VALID [2022-02-20 18:00:34,910 INFO L290 TraceCheckUtils]: 99: Hoare triple {11054#false} assume -2147483648 <= mail_#t~ret65#1 && mail_#t~ret65#1 <= 2147483647;mail_~tmp~11#1 := mail_#t~ret65#1;havoc mail_#t~ret65#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~11#1, mail_~msg#1;havoc incoming_#t~ret70#1, incoming_#t~ret71#1, incoming_#t~ret72#1, incoming_#t~ret73#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~14#1, incoming_~tmp___0~5#1, incoming_~tmp___1~2#1, incoming_~tmp___2~1#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~14#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~2#1;havoc incoming_~tmp___2~1#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 := puts(35, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset := 36, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1; {11054#false} is VALID [2022-02-20 18:00:34,910 INFO L290 TraceCheckUtils]: 100: Hoare triple {11054#false} assume 1 == ~sent_encrypted~0; {11054#false} is VALID [2022-02-20 18:00:34,910 INFO L272 TraceCheckUtils]: 101: Hoare triple {11054#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {11053#true} is VALID [2022-02-20 18:00:34,910 INFO L290 TraceCheckUtils]: 102: Hoare triple {11053#true} ~handle := #in~handle;havoc ~retValue_acc~19; {11053#true} is VALID [2022-02-20 18:00:34,911 INFO L290 TraceCheckUtils]: 103: Hoare triple {11053#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {11053#true} is VALID [2022-02-20 18:00:34,911 INFO L290 TraceCheckUtils]: 104: Hoare triple {11053#true} assume true; {11053#true} is VALID [2022-02-20 18:00:34,911 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {11053#true} {11054#false} #799#return; {11054#false} is VALID [2022-02-20 18:00:34,911 INFO L290 TraceCheckUtils]: 106: Hoare triple {11054#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~17#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1; {11054#false} is VALID [2022-02-20 18:00:34,911 INFO L272 TraceCheckUtils]: 107: Hoare triple {11054#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {11053#true} is VALID [2022-02-20 18:00:34,911 INFO L290 TraceCheckUtils]: 108: Hoare triple {11053#true} ~handle := #in~handle;havoc ~retValue_acc~34; {11053#true} is VALID [2022-02-20 18:00:34,911 INFO L290 TraceCheckUtils]: 109: Hoare triple {11053#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~34; {11053#true} is VALID [2022-02-20 18:00:34,911 INFO L290 TraceCheckUtils]: 110: Hoare triple {11053#true} assume true; {11053#true} is VALID [2022-02-20 18:00:34,911 INFO L284 TraceCheckUtils]: 111: Hoare quadruple {11053#true} {11054#false} #801#return; {11054#false} is VALID [2022-02-20 18:00:34,912 INFO L290 TraceCheckUtils]: 112: Hoare triple {11054#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1; {11054#false} is VALID [2022-02-20 18:00:34,912 INFO L272 TraceCheckUtils]: 113: Hoare triple {11054#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1); {11053#true} is VALID [2022-02-20 18:00:34,912 INFO L290 TraceCheckUtils]: 114: Hoare triple {11053#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~42;havoc ~__cil_tmp4~4.base, ~__cil_tmp4~4.offset;~__cil_tmp4~4.base, ~__cil_tmp4~4.offset := 32, 0;havoc #t~nondet76; {11053#true} is VALID [2022-02-20 18:00:34,912 INFO L290 TraceCheckUtils]: 115: Hoare triple {11053#true} assume 0 == ~publicKey;~retValue_acc~42 := 0;#res := ~retValue_acc~42; {11053#true} is VALID [2022-02-20 18:00:34,912 INFO L290 TraceCheckUtils]: 116: Hoare triple {11053#true} assume true; {11053#true} is VALID [2022-02-20 18:00:34,912 INFO L284 TraceCheckUtils]: 117: Hoare quadruple {11053#true} {11054#false} #803#return; {11054#false} is VALID [2022-02-20 18:00:34,912 INFO L290 TraceCheckUtils]: 118: Hoare triple {11054#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1; {11054#false} is VALID [2022-02-20 18:00:34,912 INFO L290 TraceCheckUtils]: 119: Hoare triple {11054#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1);assume { :begin_inline___automaton_fail } true; {11054#false} is VALID [2022-02-20 18:00:34,912 INFO L290 TraceCheckUtils]: 120: Hoare triple {11054#false} assume !false; {11054#false} is VALID [2022-02-20 18:00:34,913 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 18:00:34,913 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:00:34,913 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2096086016] [2022-02-20 18:00:34,913 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2096086016] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:00:34,913 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:00:34,913 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-02-20 18:00:34,913 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [705787656] [2022-02-20 18:00:34,913 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:00:34,914 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 7 states have (on average 11.0) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (16), 5 states have call predecessors, (16), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) Word has length 121 [2022-02-20 18:00:34,914 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:00:34,914 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 7 states have (on average 11.0) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (16), 5 states have call predecessors, (16), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 18:00:34,972 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 107 edges. 107 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:34,972 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 18:00:34,972 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:00:34,972 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 18:00:34,973 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:00:34,973 INFO L87 Difference]: Start difference. First operand 317 states and 487 transitions. Second operand has 8 states, 7 states have (on average 11.0) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (16), 5 states have call predecessors, (16), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 18:00:38,243 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:38,243 INFO L93 Difference]: Finished difference Result 665 states and 1026 transitions. [2022-02-20 18:00:38,243 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 18:00:38,243 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 7 states have (on average 11.0) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (16), 5 states have call predecessors, (16), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) Word has length 121 [2022-02-20 18:00:38,244 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:00:38,244 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 7 states have (on average 11.0) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (16), 5 states have call predecessors, (16), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 18:00:38,250 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 856 transitions. [2022-02-20 18:00:38,250 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 7 states have (on average 11.0) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (16), 5 states have call predecessors, (16), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 18:00:38,256 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 856 transitions. [2022-02-20 18:00:38,256 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 856 transitions. [2022-02-20 18:00:38,925 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 856 edges. 856 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:38,933 INFO L225 Difference]: With dead ends: 665 [2022-02-20 18:00:38,933 INFO L226 Difference]: Without dead ends: 371 [2022-02-20 18:00:38,934 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 43 GetRequests, 31 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 16 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=50, Invalid=132, Unknown=0, NotChecked=0, Total=182 [2022-02-20 18:00:38,935 INFO L933 BasicCegarLoop]: 425 mSDtfsCounter, 694 mSDsluCounter, 651 mSDsCounter, 0 mSdLazyCounter, 1218 mSolverCounterSat, 220 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 711 SdHoareTripleChecker+Valid, 1076 SdHoareTripleChecker+Invalid, 1438 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 220 IncrementalHoareTripleChecker+Valid, 1218 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.4s IncrementalHoareTripleChecker+Time [2022-02-20 18:00:38,935 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [711 Valid, 1076 Invalid, 1438 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [220 Valid, 1218 Invalid, 0 Unknown, 0 Unchecked, 1.4s Time] [2022-02-20 18:00:38,938 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 371 states. [2022-02-20 18:00:39,036 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 371 to 317. [2022-02-20 18:00:39,043 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:00:39,045 INFO L82 GeneralOperation]: Start isEquivalent. First operand 371 states. Second operand has 317 states, 243 states have (on average 1.5349794238683128) internal successors, (373), 248 states have internal predecessors, (373), 54 states have call successors, (54), 17 states have call predecessors, (54), 19 states have return successors, (59), 53 states have call predecessors, (59), 53 states have call successors, (59) [2022-02-20 18:00:39,045 INFO L74 IsIncluded]: Start isIncluded. First operand 371 states. Second operand has 317 states, 243 states have (on average 1.5349794238683128) internal successors, (373), 248 states have internal predecessors, (373), 54 states have call successors, (54), 17 states have call predecessors, (54), 19 states have return successors, (59), 53 states have call predecessors, (59), 53 states have call successors, (59) [2022-02-20 18:00:39,046 INFO L87 Difference]: Start difference. First operand 371 states. Second operand has 317 states, 243 states have (on average 1.5349794238683128) internal successors, (373), 248 states have internal predecessors, (373), 54 states have call successors, (54), 17 states have call predecessors, (54), 19 states have return successors, (59), 53 states have call predecessors, (59), 53 states have call successors, (59) [2022-02-20 18:00:39,054 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:39,067 INFO L93 Difference]: Finished difference Result 371 states and 570 transitions. [2022-02-20 18:00:39,067 INFO L276 IsEmpty]: Start isEmpty. Operand 371 states and 570 transitions. [2022-02-20 18:00:39,068 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:39,069 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:39,069 INFO L74 IsIncluded]: Start isIncluded. First operand has 317 states, 243 states have (on average 1.5349794238683128) internal successors, (373), 248 states have internal predecessors, (373), 54 states have call successors, (54), 17 states have call predecessors, (54), 19 states have return successors, (59), 53 states have call predecessors, (59), 53 states have call successors, (59) Second operand 371 states. [2022-02-20 18:00:39,070 INFO L87 Difference]: Start difference. First operand has 317 states, 243 states have (on average 1.5349794238683128) internal successors, (373), 248 states have internal predecessors, (373), 54 states have call successors, (54), 17 states have call predecessors, (54), 19 states have return successors, (59), 53 states have call predecessors, (59), 53 states have call successors, (59) Second operand 371 states. [2022-02-20 18:00:39,079 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:39,093 INFO L93 Difference]: Finished difference Result 371 states and 570 transitions. [2022-02-20 18:00:39,093 INFO L276 IsEmpty]: Start isEmpty. Operand 371 states and 570 transitions. [2022-02-20 18:00:39,095 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:39,095 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:39,095 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:00:39,095 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:00:39,096 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 317 states, 243 states have (on average 1.5349794238683128) internal successors, (373), 248 states have internal predecessors, (373), 54 states have call successors, (54), 17 states have call predecessors, (54), 19 states have return successors, (59), 53 states have call predecessors, (59), 53 states have call successors, (59) [2022-02-20 18:00:39,104 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 317 states to 317 states and 486 transitions. [2022-02-20 18:00:39,119 INFO L78 Accepts]: Start accepts. Automaton has 317 states and 486 transitions. Word has length 121 [2022-02-20 18:00:39,119 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:00:39,120 INFO L470 AbstractCegarLoop]: Abstraction has 317 states and 486 transitions. [2022-02-20 18:00:39,120 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 7 states have (on average 11.0) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (16), 5 states have call predecessors, (16), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 18:00:39,120 INFO L276 IsEmpty]: Start isEmpty. Operand 317 states and 486 transitions. [2022-02-20 18:00:39,121 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 123 [2022-02-20 18:00:39,121 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:00:39,121 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:00:39,122 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 18:00:39,122 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:00:39,122 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:00:39,122 INFO L85 PathProgramCache]: Analyzing trace with hash 1705612417, now seen corresponding path program 2 times [2022-02-20 18:00:39,122 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:00:39,122 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [583120392] [2022-02-20 18:00:39,123 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:39,123 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:00:39,169 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:39,207 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:00:39,209 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:39,212 INFO L290 TraceCheckUtils]: 0: Hoare triple {13331#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13269#true} is VALID [2022-02-20 18:00:39,212 INFO L290 TraceCheckUtils]: 1: Hoare triple {13269#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13269#true} is VALID [2022-02-20 18:00:39,212 INFO L290 TraceCheckUtils]: 2: Hoare triple {13269#true} assume true; {13269#true} is VALID [2022-02-20 18:00:39,212 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13269#true} {13269#true} #829#return; {13269#true} is VALID [2022-02-20 18:00:39,217 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:00:39,218 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:39,232 INFO L290 TraceCheckUtils]: 0: Hoare triple {13332#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13269#true} is VALID [2022-02-20 18:00:39,232 INFO L290 TraceCheckUtils]: 1: Hoare triple {13269#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13269#true} is VALID [2022-02-20 18:00:39,232 INFO L290 TraceCheckUtils]: 2: Hoare triple {13269#true} assume true; {13269#true} is VALID [2022-02-20 18:00:39,232 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13269#true} {13269#true} #831#return; {13269#true} is VALID [2022-02-20 18:00:39,233 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:00:39,234 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:39,236 INFO L290 TraceCheckUtils]: 0: Hoare triple {13331#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13269#true} is VALID [2022-02-20 18:00:39,236 INFO L290 TraceCheckUtils]: 1: Hoare triple {13269#true} assume !(1 == ~handle); {13269#true} is VALID [2022-02-20 18:00:39,236 INFO L290 TraceCheckUtils]: 2: Hoare triple {13269#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {13269#true} is VALID [2022-02-20 18:00:39,236 INFO L290 TraceCheckUtils]: 3: Hoare triple {13269#true} assume true; {13269#true} is VALID [2022-02-20 18:00:39,236 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {13269#true} {13269#true} #833#return; {13269#true} is VALID [2022-02-20 18:00:39,236 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:00:39,237 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:39,240 INFO L290 TraceCheckUtils]: 0: Hoare triple {13332#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13269#true} is VALID [2022-02-20 18:00:39,240 INFO L290 TraceCheckUtils]: 1: Hoare triple {13269#true} assume !(1 == ~handle); {13269#true} is VALID [2022-02-20 18:00:39,240 INFO L290 TraceCheckUtils]: 2: Hoare triple {13269#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {13269#true} is VALID [2022-02-20 18:00:39,240 INFO L290 TraceCheckUtils]: 3: Hoare triple {13269#true} assume true; {13269#true} is VALID [2022-02-20 18:00:39,240 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {13269#true} {13269#true} #835#return; {13269#true} is VALID [2022-02-20 18:00:39,240 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:00:39,242 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:39,269 INFO L290 TraceCheckUtils]: 0: Hoare triple {13331#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13333#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:39,269 INFO L290 TraceCheckUtils]: 1: Hoare triple {13333#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {13333#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:39,270 INFO L290 TraceCheckUtils]: 2: Hoare triple {13333#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {13334#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:39,270 INFO L290 TraceCheckUtils]: 3: Hoare triple {13334#(= 2 |setClientId_#in~handle|)} assume true; {13334#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:39,270 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {13334#(= 2 |setClientId_#in~handle|)} {13289#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #837#return; {13270#false} is VALID [2022-02-20 18:00:39,271 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2022-02-20 18:00:39,272 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:39,274 INFO L290 TraceCheckUtils]: 0: Hoare triple {13332#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13269#true} is VALID [2022-02-20 18:00:39,274 INFO L290 TraceCheckUtils]: 1: Hoare triple {13269#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13269#true} is VALID [2022-02-20 18:00:39,274 INFO L290 TraceCheckUtils]: 2: Hoare triple {13269#true} assume true; {13269#true} is VALID [2022-02-20 18:00:39,274 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13269#true} {13270#false} #839#return; {13270#false} is VALID [2022-02-20 18:00:39,279 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:00:39,280 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:39,282 INFO L290 TraceCheckUtils]: 0: Hoare triple {13335#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13269#true} is VALID [2022-02-20 18:00:39,282 INFO L290 TraceCheckUtils]: 1: Hoare triple {13269#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13269#true} is VALID [2022-02-20 18:00:39,282 INFO L290 TraceCheckUtils]: 2: Hoare triple {13269#true} assume true; {13269#true} is VALID [2022-02-20 18:00:39,282 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13269#true} {13270#false} #825#return; {13270#false} is VALID [2022-02-20 18:00:39,282 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 18:00:39,283 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:39,284 INFO L290 TraceCheckUtils]: 0: Hoare triple {13269#true} ~handle := #in~handle;havoc ~retValue_acc~30; {13269#true} is VALID [2022-02-20 18:00:39,284 INFO L290 TraceCheckUtils]: 1: Hoare triple {13269#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {13269#true} is VALID [2022-02-20 18:00:39,284 INFO L290 TraceCheckUtils]: 2: Hoare triple {13269#true} assume true; {13269#true} is VALID [2022-02-20 18:00:39,284 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13269#true} {13270#false} #787#return; {13270#false} is VALID [2022-02-20 18:00:39,284 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82 [2022-02-20 18:00:39,285 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:39,289 INFO L290 TraceCheckUtils]: 0: Hoare triple {13335#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13269#true} is VALID [2022-02-20 18:00:39,289 INFO L290 TraceCheckUtils]: 1: Hoare triple {13269#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13269#true} is VALID [2022-02-20 18:00:39,289 INFO L290 TraceCheckUtils]: 2: Hoare triple {13269#true} assume true; {13269#true} is VALID [2022-02-20 18:00:39,289 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13269#true} {13270#false} #793#return; {13270#false} is VALID [2022-02-20 18:00:39,290 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 18:00:39,290 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:39,295 INFO L290 TraceCheckUtils]: 0: Hoare triple {13269#true} ~handle := #in~handle;havoc ~retValue_acc~33; {13269#true} is VALID [2022-02-20 18:00:39,296 INFO L290 TraceCheckUtils]: 1: Hoare triple {13269#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~33; {13269#true} is VALID [2022-02-20 18:00:39,296 INFO L290 TraceCheckUtils]: 2: Hoare triple {13269#true} assume true; {13269#true} is VALID [2022-02-20 18:00:39,296 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13269#true} {13270#false} #795#return; {13270#false} is VALID [2022-02-20 18:00:39,296 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-02-20 18:00:39,298 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:39,301 INFO L290 TraceCheckUtils]: 0: Hoare triple {13269#true} ~handle := #in~handle;havoc ~retValue_acc~30; {13269#true} is VALID [2022-02-20 18:00:39,301 INFO L290 TraceCheckUtils]: 1: Hoare triple {13269#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {13269#true} is VALID [2022-02-20 18:00:39,301 INFO L290 TraceCheckUtils]: 2: Hoare triple {13269#true} assume true; {13269#true} is VALID [2022-02-20 18:00:39,301 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13269#true} {13270#false} #797#return; {13270#false} is VALID [2022-02-20 18:00:39,301 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 18:00:39,302 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:39,317 INFO L290 TraceCheckUtils]: 0: Hoare triple {13269#true} ~handle := #in~handle;havoc ~retValue_acc~19; {13269#true} is VALID [2022-02-20 18:00:39,317 INFO L290 TraceCheckUtils]: 1: Hoare triple {13269#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {13269#true} is VALID [2022-02-20 18:00:39,317 INFO L290 TraceCheckUtils]: 2: Hoare triple {13269#true} assume true; {13269#true} is VALID [2022-02-20 18:00:39,317 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13269#true} {13270#false} #799#return; {13270#false} is VALID [2022-02-20 18:00:39,318 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 108 [2022-02-20 18:00:39,318 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:39,320 INFO L290 TraceCheckUtils]: 0: Hoare triple {13269#true} ~handle := #in~handle;havoc ~retValue_acc~34; {13269#true} is VALID [2022-02-20 18:00:39,320 INFO L290 TraceCheckUtils]: 1: Hoare triple {13269#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~34; {13269#true} is VALID [2022-02-20 18:00:39,320 INFO L290 TraceCheckUtils]: 2: Hoare triple {13269#true} assume true; {13269#true} is VALID [2022-02-20 18:00:39,320 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13269#true} {13270#false} #801#return; {13270#false} is VALID [2022-02-20 18:00:39,320 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 114 [2022-02-20 18:00:39,321 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:39,322 INFO L290 TraceCheckUtils]: 0: Hoare triple {13269#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~42;havoc ~__cil_tmp4~4.base, ~__cil_tmp4~4.offset;~__cil_tmp4~4.base, ~__cil_tmp4~4.offset := 32, 0;havoc #t~nondet76; {13269#true} is VALID [2022-02-20 18:00:39,322 INFO L290 TraceCheckUtils]: 1: Hoare triple {13269#true} assume 0 == ~publicKey;~retValue_acc~42 := 0;#res := ~retValue_acc~42; {13269#true} is VALID [2022-02-20 18:00:39,322 INFO L290 TraceCheckUtils]: 2: Hoare triple {13269#true} assume true; {13269#true} is VALID [2022-02-20 18:00:39,322 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13269#true} {13270#false} #803#return; {13270#false} is VALID [2022-02-20 18:00:39,322 INFO L290 TraceCheckUtils]: 0: Hoare triple {13269#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(21, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(44, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(11, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(100, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(20, 32);call #Ultimate.allocInit(13, 33);call #Ultimate.allocInit(19, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(19, 36);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(115, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_encrypted~0 := -1; {13269#true} is VALID [2022-02-20 18:00:39,323 INFO L290 TraceCheckUtils]: 1: Hoare triple {13269#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~9#1, main_~tmp~7#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {13269#true} is VALID [2022-02-20 18:00:39,323 INFO L290 TraceCheckUtils]: 2: Hoare triple {13269#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {13269#true} is VALID [2022-02-20 18:00:39,323 INFO L290 TraceCheckUtils]: 3: Hoare triple {13269#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {13269#true} is VALID [2022-02-20 18:00:39,323 INFO L290 TraceCheckUtils]: 4: Hoare triple {13269#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {13269#true} is VALID [2022-02-20 18:00:39,323 INFO L290 TraceCheckUtils]: 5: Hoare triple {13269#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {13269#true} is VALID [2022-02-20 18:00:39,324 INFO L272 TraceCheckUtils]: 6: Hoare triple {13269#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {13331#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:39,324 INFO L290 TraceCheckUtils]: 7: Hoare triple {13331#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13269#true} is VALID [2022-02-20 18:00:39,324 INFO L290 TraceCheckUtils]: 8: Hoare triple {13269#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13269#true} is VALID [2022-02-20 18:00:39,324 INFO L290 TraceCheckUtils]: 9: Hoare triple {13269#true} assume true; {13269#true} is VALID [2022-02-20 18:00:39,324 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {13269#true} {13269#true} #829#return; {13269#true} is VALID [2022-02-20 18:00:39,324 INFO L290 TraceCheckUtils]: 11: Hoare triple {13269#true} assume { :end_inline_setup_bob__wrappee__Base } true; {13269#true} is VALID [2022-02-20 18:00:39,325 INFO L272 TraceCheckUtils]: 12: Hoare triple {13269#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {13332#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:39,325 INFO L290 TraceCheckUtils]: 13: Hoare triple {13332#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13269#true} is VALID [2022-02-20 18:00:39,325 INFO L290 TraceCheckUtils]: 14: Hoare triple {13269#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13269#true} is VALID [2022-02-20 18:00:39,325 INFO L290 TraceCheckUtils]: 15: Hoare triple {13269#true} assume true; {13269#true} is VALID [2022-02-20 18:00:39,325 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {13269#true} {13269#true} #831#return; {13269#true} is VALID [2022-02-20 18:00:39,325 INFO L290 TraceCheckUtils]: 17: Hoare triple {13269#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 24, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {13269#true} is VALID [2022-02-20 18:00:39,326 INFO L272 TraceCheckUtils]: 18: Hoare triple {13269#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {13331#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:39,326 INFO L290 TraceCheckUtils]: 19: Hoare triple {13331#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13269#true} is VALID [2022-02-20 18:00:39,326 INFO L290 TraceCheckUtils]: 20: Hoare triple {13269#true} assume !(1 == ~handle); {13269#true} is VALID [2022-02-20 18:00:39,326 INFO L290 TraceCheckUtils]: 21: Hoare triple {13269#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {13269#true} is VALID [2022-02-20 18:00:39,326 INFO L290 TraceCheckUtils]: 22: Hoare triple {13269#true} assume true; {13269#true} is VALID [2022-02-20 18:00:39,326 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {13269#true} {13269#true} #833#return; {13269#true} is VALID [2022-02-20 18:00:39,326 INFO L290 TraceCheckUtils]: 24: Hoare triple {13269#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {13269#true} is VALID [2022-02-20 18:00:39,327 INFO L272 TraceCheckUtils]: 25: Hoare triple {13269#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {13332#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:39,327 INFO L290 TraceCheckUtils]: 26: Hoare triple {13332#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13269#true} is VALID [2022-02-20 18:00:39,327 INFO L290 TraceCheckUtils]: 27: Hoare triple {13269#true} assume !(1 == ~handle); {13269#true} is VALID [2022-02-20 18:00:39,327 INFO L290 TraceCheckUtils]: 28: Hoare triple {13269#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {13269#true} is VALID [2022-02-20 18:00:39,327 INFO L290 TraceCheckUtils]: 29: Hoare triple {13269#true} assume true; {13269#true} is VALID [2022-02-20 18:00:39,328 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {13269#true} {13269#true} #835#return; {13269#true} is VALID [2022-02-20 18:00:39,328 INFO L290 TraceCheckUtils]: 31: Hoare triple {13269#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 25, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {13289#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:00:39,329 INFO L272 TraceCheckUtils]: 32: Hoare triple {13289#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {13331#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:39,329 INFO L290 TraceCheckUtils]: 33: Hoare triple {13331#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13333#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:39,330 INFO L290 TraceCheckUtils]: 34: Hoare triple {13333#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {13333#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:39,330 INFO L290 TraceCheckUtils]: 35: Hoare triple {13333#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {13334#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:39,330 INFO L290 TraceCheckUtils]: 36: Hoare triple {13334#(= 2 |setClientId_#in~handle|)} assume true; {13334#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:39,331 INFO L284 TraceCheckUtils]: 37: Hoare quadruple {13334#(= 2 |setClientId_#in~handle|)} {13289#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #837#return; {13270#false} is VALID [2022-02-20 18:00:39,331 INFO L290 TraceCheckUtils]: 38: Hoare triple {13270#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {13270#false} is VALID [2022-02-20 18:00:39,331 INFO L272 TraceCheckUtils]: 39: Hoare triple {13270#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {13332#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:39,331 INFO L290 TraceCheckUtils]: 40: Hoare triple {13332#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13269#true} is VALID [2022-02-20 18:00:39,331 INFO L290 TraceCheckUtils]: 41: Hoare triple {13269#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13269#true} is VALID [2022-02-20 18:00:39,331 INFO L290 TraceCheckUtils]: 42: Hoare triple {13269#true} assume true; {13269#true} is VALID [2022-02-20 18:00:39,331 INFO L284 TraceCheckUtils]: 43: Hoare quadruple {13269#true} {13270#false} #839#return; {13270#false} is VALID [2022-02-20 18:00:39,331 INFO L290 TraceCheckUtils]: 44: Hoare triple {13270#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 26, 0;havoc setup_#t~nondet49#1; {13270#false} is VALID [2022-02-20 18:00:39,331 INFO L290 TraceCheckUtils]: 45: Hoare triple {13270#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {13270#false} is VALID [2022-02-20 18:00:39,332 INFO L290 TraceCheckUtils]: 46: Hoare triple {13270#false} assume !false; {13270#false} is VALID [2022-02-20 18:00:39,332 INFO L290 TraceCheckUtils]: 47: Hoare triple {13270#false} assume test_~splverifierCounter~0#1 < 4; {13270#false} is VALID [2022-02-20 18:00:39,332 INFO L290 TraceCheckUtils]: 48: Hoare triple {13270#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {13270#false} is VALID [2022-02-20 18:00:39,332 INFO L290 TraceCheckUtils]: 49: Hoare triple {13270#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet86#1 && test_#t~nondet86#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet86#1;havoc test_#t~nondet86#1; {13270#false} is VALID [2022-02-20 18:00:39,332 INFO L290 TraceCheckUtils]: 50: Hoare triple {13270#false} assume !(0 != test_~tmp___9~0#1); {13270#false} is VALID [2022-02-20 18:00:39,332 INFO L290 TraceCheckUtils]: 51: Hoare triple {13270#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet87#1 && test_#t~nondet87#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet87#1;havoc test_#t~nondet87#1; {13270#false} is VALID [2022-02-20 18:00:39,332 INFO L290 TraceCheckUtils]: 52: Hoare triple {13270#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {13270#false} is VALID [2022-02-20 18:00:39,332 INFO L290 TraceCheckUtils]: 53: Hoare triple {13270#false} assume !false; {13270#false} is VALID [2022-02-20 18:00:39,332 INFO L290 TraceCheckUtils]: 54: Hoare triple {13270#false} assume !(test_~splverifierCounter~0#1 < 4); {13270#false} is VALID [2022-02-20 18:00:39,332 INFO L290 TraceCheckUtils]: 55: Hoare triple {13270#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret42#1 := puts(22, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {13270#false} is VALID [2022-02-20 18:00:39,333 INFO L272 TraceCheckUtils]: 56: Hoare triple {13270#false} call sendEmail(~bob~0, ~rjh~0); {13270#false} is VALID [2022-02-20 18:00:39,333 INFO L290 TraceCheckUtils]: 57: Hoare triple {13270#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~5#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~5#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {13270#false} is VALID [2022-02-20 18:00:39,333 INFO L272 TraceCheckUtils]: 58: Hoare triple {13270#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {13335#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:39,333 INFO L290 TraceCheckUtils]: 59: Hoare triple {13335#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13269#true} is VALID [2022-02-20 18:00:39,333 INFO L290 TraceCheckUtils]: 60: Hoare triple {13269#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13269#true} is VALID [2022-02-20 18:00:39,333 INFO L290 TraceCheckUtils]: 61: Hoare triple {13269#true} assume true; {13269#true} is VALID [2022-02-20 18:00:39,333 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {13269#true} {13270#false} #825#return; {13270#false} is VALID [2022-02-20 18:00:39,333 INFO L290 TraceCheckUtils]: 63: Hoare triple {13270#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {13270#false} is VALID [2022-02-20 18:00:39,333 INFO L290 TraceCheckUtils]: 64: Hoare triple {13270#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {13270#false} is VALID [2022-02-20 18:00:39,334 INFO L290 TraceCheckUtils]: 65: Hoare triple {13270#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~5#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~5#1; {13270#false} is VALID [2022-02-20 18:00:39,334 INFO L290 TraceCheckUtils]: 66: Hoare triple {13270#false} #t~ret75#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret75#1 && #t~ret75#1 <= 2147483647;~tmp~16#1 := #t~ret75#1;havoc #t~ret75#1;~email~0#1 := ~tmp~16#1; {13270#false} is VALID [2022-02-20 18:00:39,334 INFO L272 TraceCheckUtils]: 67: Hoare triple {13270#false} call outgoing(~sender#1, ~email~0#1); {13270#false} is VALID [2022-02-20 18:00:39,334 INFO L290 TraceCheckUtils]: 68: Hoare triple {13270#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~13#1;havoc ~pubkey~0#1;havoc ~tmp___0~4#1; {13270#false} is VALID [2022-02-20 18:00:39,334 INFO L272 TraceCheckUtils]: 69: Hoare triple {13270#false} call #t~ret67#1 := getEmailTo(~msg#1); {13269#true} is VALID [2022-02-20 18:00:39,334 INFO L290 TraceCheckUtils]: 70: Hoare triple {13269#true} ~handle := #in~handle;havoc ~retValue_acc~30; {13269#true} is VALID [2022-02-20 18:00:39,334 INFO L290 TraceCheckUtils]: 71: Hoare triple {13269#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {13269#true} is VALID [2022-02-20 18:00:39,334 INFO L290 TraceCheckUtils]: 72: Hoare triple {13269#true} assume true; {13269#true} is VALID [2022-02-20 18:00:39,334 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {13269#true} {13270#false} #787#return; {13270#false} is VALID [2022-02-20 18:00:39,334 INFO L290 TraceCheckUtils]: 74: Hoare triple {13270#false} assume -2147483648 <= #t~ret67#1 && #t~ret67#1 <= 2147483647;~tmp~13#1 := #t~ret67#1;havoc #t~ret67#1;~receiver~0#1 := ~tmp~13#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~24#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~24#1; {13270#false} is VALID [2022-02-20 18:00:39,335 INFO L290 TraceCheckUtils]: 75: Hoare triple {13270#false} assume 1 == findPublicKey_~handle#1; {13270#false} is VALID [2022-02-20 18:00:39,335 INFO L290 TraceCheckUtils]: 76: Hoare triple {13270#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~24#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~24#1; {13270#false} is VALID [2022-02-20 18:00:39,335 INFO L290 TraceCheckUtils]: 77: Hoare triple {13270#false} #t~ret68#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret68#1 && #t~ret68#1 <= 2147483647;~tmp___0~4#1 := #t~ret68#1;havoc #t~ret68#1;~pubkey~0#1 := ~tmp___0~4#1; {13270#false} is VALID [2022-02-20 18:00:39,335 INFO L290 TraceCheckUtils]: 78: Hoare triple {13270#false} assume !(0 != ~pubkey~0#1); {13270#false} is VALID [2022-02-20 18:00:39,335 INFO L290 TraceCheckUtils]: 79: Hoare triple {13270#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret66#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~12#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {13270#false} is VALID [2022-02-20 18:00:39,335 INFO L290 TraceCheckUtils]: 80: Hoare triple {13270#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {13270#false} is VALID [2022-02-20 18:00:39,335 INFO L290 TraceCheckUtils]: 81: Hoare triple {13270#false} outgoing__wrappee__Keys_#t~ret66#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret66#1 && outgoing__wrappee__Keys_#t~ret66#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~12#1 := outgoing__wrappee__Keys_#t~ret66#1;havoc outgoing__wrappee__Keys_#t~ret66#1; {13270#false} is VALID [2022-02-20 18:00:39,335 INFO L272 TraceCheckUtils]: 82: Hoare triple {13270#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1); {13335#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:39,335 INFO L290 TraceCheckUtils]: 83: Hoare triple {13335#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13269#true} is VALID [2022-02-20 18:00:39,336 INFO L290 TraceCheckUtils]: 84: Hoare triple {13269#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13269#true} is VALID [2022-02-20 18:00:39,336 INFO L290 TraceCheckUtils]: 85: Hoare triple {13269#true} assume true; {13269#true} is VALID [2022-02-20 18:00:39,336 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {13269#true} {13270#false} #793#return; {13270#false} is VALID [2022-02-20 18:00:39,336 INFO L290 TraceCheckUtils]: 87: Hoare triple {13270#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret64#1, mail_#t~ret65#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~11#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~11#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 := puts(33, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1; {13270#false} is VALID [2022-02-20 18:00:39,336 INFO L272 TraceCheckUtils]: 88: Hoare triple {13270#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {13269#true} is VALID [2022-02-20 18:00:39,336 INFO L290 TraceCheckUtils]: 89: Hoare triple {13269#true} ~handle := #in~handle;havoc ~retValue_acc~33; {13269#true} is VALID [2022-02-20 18:00:39,344 INFO L290 TraceCheckUtils]: 90: Hoare triple {13269#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~33; {13269#true} is VALID [2022-02-20 18:00:39,344 INFO L290 TraceCheckUtils]: 91: Hoare triple {13269#true} assume true; {13269#true} is VALID [2022-02-20 18:00:39,344 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {13269#true} {13270#false} #795#return; {13270#false} is VALID [2022-02-20 18:00:39,344 INFO L290 TraceCheckUtils]: 93: Hoare triple {13270#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset := 34, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1; {13270#false} is VALID [2022-02-20 18:00:39,345 INFO L290 TraceCheckUtils]: 94: Hoare triple {13270#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret64#1 := puts(30, 0);assume -2147483648 <= mail_#t~ret64#1 && mail_#t~ret64#1 <= 2147483647;havoc mail_#t~ret64#1; {13270#false} is VALID [2022-02-20 18:00:39,345 INFO L272 TraceCheckUtils]: 95: Hoare triple {13270#false} call mail_#t~ret65#1 := getEmailTo(mail_~msg#1); {13269#true} is VALID [2022-02-20 18:00:39,345 INFO L290 TraceCheckUtils]: 96: Hoare triple {13269#true} ~handle := #in~handle;havoc ~retValue_acc~30; {13269#true} is VALID [2022-02-20 18:00:39,345 INFO L290 TraceCheckUtils]: 97: Hoare triple {13269#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {13269#true} is VALID [2022-02-20 18:00:39,345 INFO L290 TraceCheckUtils]: 98: Hoare triple {13269#true} assume true; {13269#true} is VALID [2022-02-20 18:00:39,345 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {13269#true} {13270#false} #797#return; {13270#false} is VALID [2022-02-20 18:00:39,345 INFO L290 TraceCheckUtils]: 100: Hoare triple {13270#false} assume -2147483648 <= mail_#t~ret65#1 && mail_#t~ret65#1 <= 2147483647;mail_~tmp~11#1 := mail_#t~ret65#1;havoc mail_#t~ret65#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~11#1, mail_~msg#1;havoc incoming_#t~ret70#1, incoming_#t~ret71#1, incoming_#t~ret72#1, incoming_#t~ret73#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~14#1, incoming_~tmp___0~5#1, incoming_~tmp___1~2#1, incoming_~tmp___2~1#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~14#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~2#1;havoc incoming_~tmp___2~1#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 := puts(35, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset := 36, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1; {13270#false} is VALID [2022-02-20 18:00:39,345 INFO L290 TraceCheckUtils]: 101: Hoare triple {13270#false} assume 1 == ~sent_encrypted~0; {13270#false} is VALID [2022-02-20 18:00:39,345 INFO L272 TraceCheckUtils]: 102: Hoare triple {13270#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {13269#true} is VALID [2022-02-20 18:00:39,346 INFO L290 TraceCheckUtils]: 103: Hoare triple {13269#true} ~handle := #in~handle;havoc ~retValue_acc~19; {13269#true} is VALID [2022-02-20 18:00:39,346 INFO L290 TraceCheckUtils]: 104: Hoare triple {13269#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {13269#true} is VALID [2022-02-20 18:00:39,346 INFO L290 TraceCheckUtils]: 105: Hoare triple {13269#true} assume true; {13269#true} is VALID [2022-02-20 18:00:39,346 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {13269#true} {13270#false} #799#return; {13270#false} is VALID [2022-02-20 18:00:39,346 INFO L290 TraceCheckUtils]: 107: Hoare triple {13270#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~17#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1; {13270#false} is VALID [2022-02-20 18:00:39,346 INFO L272 TraceCheckUtils]: 108: Hoare triple {13270#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {13269#true} is VALID [2022-02-20 18:00:39,346 INFO L290 TraceCheckUtils]: 109: Hoare triple {13269#true} ~handle := #in~handle;havoc ~retValue_acc~34; {13269#true} is VALID [2022-02-20 18:00:39,346 INFO L290 TraceCheckUtils]: 110: Hoare triple {13269#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~34; {13269#true} is VALID [2022-02-20 18:00:39,346 INFO L290 TraceCheckUtils]: 111: Hoare triple {13269#true} assume true; {13269#true} is VALID [2022-02-20 18:00:39,346 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {13269#true} {13270#false} #801#return; {13270#false} is VALID [2022-02-20 18:00:39,347 INFO L290 TraceCheckUtils]: 113: Hoare triple {13270#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1; {13270#false} is VALID [2022-02-20 18:00:39,347 INFO L272 TraceCheckUtils]: 114: Hoare triple {13270#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1); {13269#true} is VALID [2022-02-20 18:00:39,347 INFO L290 TraceCheckUtils]: 115: Hoare triple {13269#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~42;havoc ~__cil_tmp4~4.base, ~__cil_tmp4~4.offset;~__cil_tmp4~4.base, ~__cil_tmp4~4.offset := 32, 0;havoc #t~nondet76; {13269#true} is VALID [2022-02-20 18:00:39,347 INFO L290 TraceCheckUtils]: 116: Hoare triple {13269#true} assume 0 == ~publicKey;~retValue_acc~42 := 0;#res := ~retValue_acc~42; {13269#true} is VALID [2022-02-20 18:00:39,347 INFO L290 TraceCheckUtils]: 117: Hoare triple {13269#true} assume true; {13269#true} is VALID [2022-02-20 18:00:39,347 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {13269#true} {13270#false} #803#return; {13270#false} is VALID [2022-02-20 18:00:39,347 INFO L290 TraceCheckUtils]: 119: Hoare triple {13270#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1; {13270#false} is VALID [2022-02-20 18:00:39,347 INFO L290 TraceCheckUtils]: 120: Hoare triple {13270#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1);assume { :begin_inline___automaton_fail } true; {13270#false} is VALID [2022-02-20 18:00:39,347 INFO L290 TraceCheckUtils]: 121: Hoare triple {13270#false} assume !false; {13270#false} is VALID [2022-02-20 18:00:39,348 INFO L134 CoverageAnalysis]: Checked inductivity of 35 backedges. 7 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 18:00:39,348 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:00:39,348 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [583120392] [2022-02-20 18:00:39,348 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [583120392] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:00:39,348 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:00:39,348 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-02-20 18:00:39,348 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1237160686] [2022-02-20 18:00:39,349 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:00:39,350 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 7 states have (on average 11.142857142857142) internal successors, (78), 5 states have internal predecessors, (78), 3 states have call successors, (16), 5 states have call predecessors, (16), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) Word has length 122 [2022-02-20 18:00:39,350 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:00:39,350 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 7 states have (on average 11.142857142857142) internal successors, (78), 5 states have internal predecessors, (78), 3 states have call successors, (16), 5 states have call predecessors, (16), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 18:00:39,444 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 108 edges. 108 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:39,445 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 18:00:39,445 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:00:39,445 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 18:00:39,445 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:00:39,446 INFO L87 Difference]: Start difference. First operand 317 states and 486 transitions. Second operand has 8 states, 7 states have (on average 11.142857142857142) internal successors, (78), 5 states have internal predecessors, (78), 3 states have call successors, (16), 5 states have call predecessors, (16), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 18:00:43,832 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:43,842 INFO L93 Difference]: Finished difference Result 667 states and 1029 transitions. [2022-02-20 18:00:43,842 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 18:00:43,843 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 7 states have (on average 11.142857142857142) internal successors, (78), 5 states have internal predecessors, (78), 3 states have call successors, (16), 5 states have call predecessors, (16), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) Word has length 122 [2022-02-20 18:00:43,844 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:00:43,844 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 7 states have (on average 11.142857142857142) internal successors, (78), 5 states have internal predecessors, (78), 3 states have call successors, (16), 5 states have call predecessors, (16), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 18:00:43,851 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 857 transitions. [2022-02-20 18:00:43,851 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 7 states have (on average 11.142857142857142) internal successors, (78), 5 states have internal predecessors, (78), 3 states have call successors, (16), 5 states have call predecessors, (16), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 18:00:43,857 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 857 transitions. [2022-02-20 18:00:43,871 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 857 transitions. [2022-02-20 18:00:44,790 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 857 edges. 857 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:44,801 INFO L225 Difference]: With dead ends: 667 [2022-02-20 18:00:44,801 INFO L226 Difference]: Without dead ends: 373 [2022-02-20 18:00:44,802 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 43 GetRequests, 31 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 15 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=50, Invalid=132, Unknown=0, NotChecked=0, Total=182 [2022-02-20 18:00:44,805 INFO L933 BasicCegarLoop]: 426 mSDtfsCounter, 690 mSDsluCounter, 651 mSDsCounter, 0 mSdLazyCounter, 1223 mSolverCounterSat, 222 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 707 SdHoareTripleChecker+Valid, 1077 SdHoareTripleChecker+Invalid, 1445 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 222 IncrementalHoareTripleChecker+Valid, 1223 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.9s IncrementalHoareTripleChecker+Time [2022-02-20 18:00:44,806 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [707 Valid, 1077 Invalid, 1445 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [222 Valid, 1223 Invalid, 0 Unknown, 0 Unchecked, 1.9s Time] [2022-02-20 18:00:44,808 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 373 states. [2022-02-20 18:00:44,944 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 373 to 319. [2022-02-20 18:00:44,944 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:00:44,945 INFO L82 GeneralOperation]: Start isEquivalent. First operand 373 states. Second operand has 319 states, 244 states have (on average 1.5327868852459017) internal successors, (374), 250 states have internal predecessors, (374), 54 states have call successors, (54), 17 states have call predecessors, (54), 20 states have return successors, (61), 53 states have call predecessors, (61), 53 states have call successors, (61) [2022-02-20 18:00:44,945 INFO L74 IsIncluded]: Start isIncluded. First operand 373 states. Second operand has 319 states, 244 states have (on average 1.5327868852459017) internal successors, (374), 250 states have internal predecessors, (374), 54 states have call successors, (54), 17 states have call predecessors, (54), 20 states have return successors, (61), 53 states have call predecessors, (61), 53 states have call successors, (61) [2022-02-20 18:00:44,946 INFO L87 Difference]: Start difference. First operand 373 states. Second operand has 319 states, 244 states have (on average 1.5327868852459017) internal successors, (374), 250 states have internal predecessors, (374), 54 states have call successors, (54), 17 states have call predecessors, (54), 20 states have return successors, (61), 53 states have call predecessors, (61), 53 states have call successors, (61) [2022-02-20 18:00:44,973 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:44,973 INFO L93 Difference]: Finished difference Result 373 states and 573 transitions. [2022-02-20 18:00:44,974 INFO L276 IsEmpty]: Start isEmpty. Operand 373 states and 573 transitions. [2022-02-20 18:00:44,975 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:44,975 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:44,976 INFO L74 IsIncluded]: Start isIncluded. First operand has 319 states, 244 states have (on average 1.5327868852459017) internal successors, (374), 250 states have internal predecessors, (374), 54 states have call successors, (54), 17 states have call predecessors, (54), 20 states have return successors, (61), 53 states have call predecessors, (61), 53 states have call successors, (61) Second operand 373 states. [2022-02-20 18:00:44,976 INFO L87 Difference]: Start difference. First operand has 319 states, 244 states have (on average 1.5327868852459017) internal successors, (374), 250 states have internal predecessors, (374), 54 states have call successors, (54), 17 states have call predecessors, (54), 20 states have return successors, (61), 53 states have call predecessors, (61), 53 states have call successors, (61) Second operand 373 states. [2022-02-20 18:00:44,999 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:44,999 INFO L93 Difference]: Finished difference Result 373 states and 573 transitions. [2022-02-20 18:00:44,999 INFO L276 IsEmpty]: Start isEmpty. Operand 373 states and 573 transitions. [2022-02-20 18:00:45,002 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:45,002 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:45,002 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:00:45,002 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:00:45,003 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 319 states, 244 states have (on average 1.5327868852459017) internal successors, (374), 250 states have internal predecessors, (374), 54 states have call successors, (54), 17 states have call predecessors, (54), 20 states have return successors, (61), 53 states have call predecessors, (61), 53 states have call successors, (61) [2022-02-20 18:00:45,012 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 319 states to 319 states and 489 transitions. [2022-02-20 18:00:45,028 INFO L78 Accepts]: Start accepts. Automaton has 319 states and 489 transitions. Word has length 122 [2022-02-20 18:00:45,028 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:00:45,028 INFO L470 AbstractCegarLoop]: Abstraction has 319 states and 489 transitions. [2022-02-20 18:00:45,028 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 7 states have (on average 11.142857142857142) internal successors, (78), 5 states have internal predecessors, (78), 3 states have call successors, (16), 5 states have call predecessors, (16), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 18:00:45,029 INFO L276 IsEmpty]: Start isEmpty. Operand 319 states and 489 transitions. [2022-02-20 18:00:45,030 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 124 [2022-02-20 18:00:45,030 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:00:45,030 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:00:45,030 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-20 18:00:45,031 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:00:45,031 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:00:45,031 INFO L85 PathProgramCache]: Analyzing trace with hash -943611344, now seen corresponding path program 1 times [2022-02-20 18:00:45,031 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:00:45,031 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [176862071] [2022-02-20 18:00:45,031 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:45,031 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:00:45,073 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:45,113 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:00:45,114 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:45,116 INFO L290 TraceCheckUtils]: 0: Hoare triple {15558#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15494#true} is VALID [2022-02-20 18:00:45,116 INFO L290 TraceCheckUtils]: 1: Hoare triple {15494#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {15494#true} is VALID [2022-02-20 18:00:45,116 INFO L290 TraceCheckUtils]: 2: Hoare triple {15494#true} assume true; {15494#true} is VALID [2022-02-20 18:00:45,116 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15494#true} {15494#true} #829#return; {15494#true} is VALID [2022-02-20 18:00:45,136 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:00:45,137 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:45,139 INFO L290 TraceCheckUtils]: 0: Hoare triple {15559#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15494#true} is VALID [2022-02-20 18:00:45,139 INFO L290 TraceCheckUtils]: 1: Hoare triple {15494#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15494#true} is VALID [2022-02-20 18:00:45,139 INFO L290 TraceCheckUtils]: 2: Hoare triple {15494#true} assume true; {15494#true} is VALID [2022-02-20 18:00:45,139 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15494#true} {15494#true} #831#return; {15494#true} is VALID [2022-02-20 18:00:45,139 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:00:45,141 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:45,144 INFO L290 TraceCheckUtils]: 0: Hoare triple {15558#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15494#true} is VALID [2022-02-20 18:00:45,144 INFO L290 TraceCheckUtils]: 1: Hoare triple {15494#true} assume !(1 == ~handle); {15494#true} is VALID [2022-02-20 18:00:45,144 INFO L290 TraceCheckUtils]: 2: Hoare triple {15494#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {15494#true} is VALID [2022-02-20 18:00:45,144 INFO L290 TraceCheckUtils]: 3: Hoare triple {15494#true} assume true; {15494#true} is VALID [2022-02-20 18:00:45,145 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {15494#true} {15494#true} #833#return; {15494#true} is VALID [2022-02-20 18:00:45,145 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:00:45,146 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:45,147 INFO L290 TraceCheckUtils]: 0: Hoare triple {15559#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15494#true} is VALID [2022-02-20 18:00:45,148 INFO L290 TraceCheckUtils]: 1: Hoare triple {15494#true} assume !(1 == ~handle); {15494#true} is VALID [2022-02-20 18:00:45,148 INFO L290 TraceCheckUtils]: 2: Hoare triple {15494#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {15494#true} is VALID [2022-02-20 18:00:45,148 INFO L290 TraceCheckUtils]: 3: Hoare triple {15494#true} assume true; {15494#true} is VALID [2022-02-20 18:00:45,148 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {15494#true} {15494#true} #835#return; {15494#true} is VALID [2022-02-20 18:00:45,148 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:00:45,149 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:45,166 INFO L290 TraceCheckUtils]: 0: Hoare triple {15558#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15560#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:45,179 INFO L290 TraceCheckUtils]: 1: Hoare triple {15560#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {15560#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:45,180 INFO L290 TraceCheckUtils]: 2: Hoare triple {15560#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {15560#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:45,180 INFO L290 TraceCheckUtils]: 3: Hoare triple {15560#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {15561#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:45,180 INFO L290 TraceCheckUtils]: 4: Hoare triple {15561#(= 3 |setClientId_#in~handle|)} assume true; {15561#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:45,181 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {15561#(= 3 |setClientId_#in~handle|)} {15514#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #837#return; {15521#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:00:45,181 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:00:45,183 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:45,199 INFO L290 TraceCheckUtils]: 0: Hoare triple {15559#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15562#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:45,199 INFO L290 TraceCheckUtils]: 1: Hoare triple {15562#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15563#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:00:45,200 INFO L290 TraceCheckUtils]: 2: Hoare triple {15563#(= |setClientPrivateKey_#in~handle| 1)} assume true; {15563#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:00:45,200 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15563#(= |setClientPrivateKey_#in~handle| 1)} {15521#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #839#return; {15495#false} is VALID [2022-02-20 18:00:45,207 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 18:00:45,208 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:45,210 INFO L290 TraceCheckUtils]: 0: Hoare triple {15564#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15494#true} is VALID [2022-02-20 18:00:45,210 INFO L290 TraceCheckUtils]: 1: Hoare triple {15494#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15494#true} is VALID [2022-02-20 18:00:45,223 INFO L290 TraceCheckUtils]: 2: Hoare triple {15494#true} assume true; {15494#true} is VALID [2022-02-20 18:00:45,223 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15494#true} {15495#false} #825#return; {15495#false} is VALID [2022-02-20 18:00:45,223 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-02-20 18:00:45,227 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:45,229 INFO L290 TraceCheckUtils]: 0: Hoare triple {15494#true} ~handle := #in~handle;havoc ~retValue_acc~30; {15494#true} is VALID [2022-02-20 18:00:45,229 INFO L290 TraceCheckUtils]: 1: Hoare triple {15494#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {15494#true} is VALID [2022-02-20 18:00:45,229 INFO L290 TraceCheckUtils]: 2: Hoare triple {15494#true} assume true; {15494#true} is VALID [2022-02-20 18:00:45,229 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15494#true} {15495#false} #787#return; {15495#false} is VALID [2022-02-20 18:00:45,229 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83 [2022-02-20 18:00:45,230 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:45,231 INFO L290 TraceCheckUtils]: 0: Hoare triple {15564#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15494#true} is VALID [2022-02-20 18:00:45,231 INFO L290 TraceCheckUtils]: 1: Hoare triple {15494#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15494#true} is VALID [2022-02-20 18:00:45,231 INFO L290 TraceCheckUtils]: 2: Hoare triple {15494#true} assume true; {15494#true} is VALID [2022-02-20 18:00:45,231 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15494#true} {15495#false} #793#return; {15495#false} is VALID [2022-02-20 18:00:45,231 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 89 [2022-02-20 18:00:45,232 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:45,234 INFO L290 TraceCheckUtils]: 0: Hoare triple {15494#true} ~handle := #in~handle;havoc ~retValue_acc~33; {15494#true} is VALID [2022-02-20 18:00:45,234 INFO L290 TraceCheckUtils]: 1: Hoare triple {15494#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~33; {15494#true} is VALID [2022-02-20 18:00:45,234 INFO L290 TraceCheckUtils]: 2: Hoare triple {15494#true} assume true; {15494#true} is VALID [2022-02-20 18:00:45,234 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15494#true} {15495#false} #795#return; {15495#false} is VALID [2022-02-20 18:00:45,234 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 18:00:45,235 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:45,236 INFO L290 TraceCheckUtils]: 0: Hoare triple {15494#true} ~handle := #in~handle;havoc ~retValue_acc~30; {15494#true} is VALID [2022-02-20 18:00:45,236 INFO L290 TraceCheckUtils]: 1: Hoare triple {15494#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {15494#true} is VALID [2022-02-20 18:00:45,236 INFO L290 TraceCheckUtils]: 2: Hoare triple {15494#true} assume true; {15494#true} is VALID [2022-02-20 18:00:45,236 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15494#true} {15495#false} #797#return; {15495#false} is VALID [2022-02-20 18:00:45,236 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-02-20 18:00:45,244 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:45,246 INFO L290 TraceCheckUtils]: 0: Hoare triple {15494#true} ~handle := #in~handle;havoc ~retValue_acc~19; {15494#true} is VALID [2022-02-20 18:00:45,246 INFO L290 TraceCheckUtils]: 1: Hoare triple {15494#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {15494#true} is VALID [2022-02-20 18:00:45,246 INFO L290 TraceCheckUtils]: 2: Hoare triple {15494#true} assume true; {15494#true} is VALID [2022-02-20 18:00:45,247 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15494#true} {15495#false} #799#return; {15495#false} is VALID [2022-02-20 18:00:45,247 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 109 [2022-02-20 18:00:45,248 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:45,249 INFO L290 TraceCheckUtils]: 0: Hoare triple {15494#true} ~handle := #in~handle;havoc ~retValue_acc~34; {15494#true} is VALID [2022-02-20 18:00:45,249 INFO L290 TraceCheckUtils]: 1: Hoare triple {15494#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~34; {15494#true} is VALID [2022-02-20 18:00:45,250 INFO L290 TraceCheckUtils]: 2: Hoare triple {15494#true} assume true; {15494#true} is VALID [2022-02-20 18:00:45,250 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15494#true} {15495#false} #801#return; {15495#false} is VALID [2022-02-20 18:00:45,250 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 115 [2022-02-20 18:00:45,250 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:45,255 INFO L290 TraceCheckUtils]: 0: Hoare triple {15494#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~42;havoc ~__cil_tmp4~4.base, ~__cil_tmp4~4.offset;~__cil_tmp4~4.base, ~__cil_tmp4~4.offset := 32, 0;havoc #t~nondet76; {15494#true} is VALID [2022-02-20 18:00:45,255 INFO L290 TraceCheckUtils]: 1: Hoare triple {15494#true} assume 0 == ~publicKey;~retValue_acc~42 := 0;#res := ~retValue_acc~42; {15494#true} is VALID [2022-02-20 18:00:45,255 INFO L290 TraceCheckUtils]: 2: Hoare triple {15494#true} assume true; {15494#true} is VALID [2022-02-20 18:00:45,271 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15494#true} {15495#false} #803#return; {15495#false} is VALID [2022-02-20 18:00:45,271 INFO L290 TraceCheckUtils]: 0: Hoare triple {15494#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(21, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(44, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(11, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(100, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(20, 32);call #Ultimate.allocInit(13, 33);call #Ultimate.allocInit(19, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(19, 36);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(115, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_encrypted~0 := -1; {15494#true} is VALID [2022-02-20 18:00:45,272 INFO L290 TraceCheckUtils]: 1: Hoare triple {15494#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~9#1, main_~tmp~7#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {15494#true} is VALID [2022-02-20 18:00:45,272 INFO L290 TraceCheckUtils]: 2: Hoare triple {15494#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {15494#true} is VALID [2022-02-20 18:00:45,272 INFO L290 TraceCheckUtils]: 3: Hoare triple {15494#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {15494#true} is VALID [2022-02-20 18:00:45,272 INFO L290 TraceCheckUtils]: 4: Hoare triple {15494#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {15494#true} is VALID [2022-02-20 18:00:45,272 INFO L290 TraceCheckUtils]: 5: Hoare triple {15494#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {15494#true} is VALID [2022-02-20 18:00:45,273 INFO L272 TraceCheckUtils]: 6: Hoare triple {15494#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {15558#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:45,273 INFO L290 TraceCheckUtils]: 7: Hoare triple {15558#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15494#true} is VALID [2022-02-20 18:00:45,273 INFO L290 TraceCheckUtils]: 8: Hoare triple {15494#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {15494#true} is VALID [2022-02-20 18:00:45,273 INFO L290 TraceCheckUtils]: 9: Hoare triple {15494#true} assume true; {15494#true} is VALID [2022-02-20 18:00:45,273 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {15494#true} {15494#true} #829#return; {15494#true} is VALID [2022-02-20 18:00:45,273 INFO L290 TraceCheckUtils]: 11: Hoare triple {15494#true} assume { :end_inline_setup_bob__wrappee__Base } true; {15494#true} is VALID [2022-02-20 18:00:45,274 INFO L272 TraceCheckUtils]: 12: Hoare triple {15494#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {15559#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:45,274 INFO L290 TraceCheckUtils]: 13: Hoare triple {15559#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15494#true} is VALID [2022-02-20 18:00:45,274 INFO L290 TraceCheckUtils]: 14: Hoare triple {15494#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15494#true} is VALID [2022-02-20 18:00:45,274 INFO L290 TraceCheckUtils]: 15: Hoare triple {15494#true} assume true; {15494#true} is VALID [2022-02-20 18:00:45,274 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {15494#true} {15494#true} #831#return; {15494#true} is VALID [2022-02-20 18:00:45,274 INFO L290 TraceCheckUtils]: 17: Hoare triple {15494#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 24, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {15494#true} is VALID [2022-02-20 18:00:45,275 INFO L272 TraceCheckUtils]: 18: Hoare triple {15494#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {15558#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:45,275 INFO L290 TraceCheckUtils]: 19: Hoare triple {15558#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15494#true} is VALID [2022-02-20 18:00:45,275 INFO L290 TraceCheckUtils]: 20: Hoare triple {15494#true} assume !(1 == ~handle); {15494#true} is VALID [2022-02-20 18:00:45,275 INFO L290 TraceCheckUtils]: 21: Hoare triple {15494#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {15494#true} is VALID [2022-02-20 18:00:45,275 INFO L290 TraceCheckUtils]: 22: Hoare triple {15494#true} assume true; {15494#true} is VALID [2022-02-20 18:00:45,276 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {15494#true} {15494#true} #833#return; {15494#true} is VALID [2022-02-20 18:00:45,276 INFO L290 TraceCheckUtils]: 24: Hoare triple {15494#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {15494#true} is VALID [2022-02-20 18:00:45,276 INFO L272 TraceCheckUtils]: 25: Hoare triple {15494#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {15559#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:45,276 INFO L290 TraceCheckUtils]: 26: Hoare triple {15559#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15494#true} is VALID [2022-02-20 18:00:45,276 INFO L290 TraceCheckUtils]: 27: Hoare triple {15494#true} assume !(1 == ~handle); {15494#true} is VALID [2022-02-20 18:00:45,276 INFO L290 TraceCheckUtils]: 28: Hoare triple {15494#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {15494#true} is VALID [2022-02-20 18:00:45,277 INFO L290 TraceCheckUtils]: 29: Hoare triple {15494#true} assume true; {15494#true} is VALID [2022-02-20 18:00:45,277 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {15494#true} {15494#true} #835#return; {15494#true} is VALID [2022-02-20 18:00:45,277 INFO L290 TraceCheckUtils]: 31: Hoare triple {15494#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 25, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {15514#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:00:45,278 INFO L272 TraceCheckUtils]: 32: Hoare triple {15514#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {15558#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:45,278 INFO L290 TraceCheckUtils]: 33: Hoare triple {15558#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15560#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:45,278 INFO L290 TraceCheckUtils]: 34: Hoare triple {15560#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {15560#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:45,279 INFO L290 TraceCheckUtils]: 35: Hoare triple {15560#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {15560#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:45,279 INFO L290 TraceCheckUtils]: 36: Hoare triple {15560#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {15561#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:45,279 INFO L290 TraceCheckUtils]: 37: Hoare triple {15561#(= 3 |setClientId_#in~handle|)} assume true; {15561#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:45,280 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {15561#(= 3 |setClientId_#in~handle|)} {15514#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #837#return; {15521#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:00:45,280 INFO L290 TraceCheckUtils]: 39: Hoare triple {15521#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {15521#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:00:45,281 INFO L272 TraceCheckUtils]: 40: Hoare triple {15521#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {15559#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:45,281 INFO L290 TraceCheckUtils]: 41: Hoare triple {15559#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15562#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:45,281 INFO L290 TraceCheckUtils]: 42: Hoare triple {15562#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15563#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:00:45,281 INFO L290 TraceCheckUtils]: 43: Hoare triple {15563#(= |setClientPrivateKey_#in~handle| 1)} assume true; {15563#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:00:45,282 INFO L284 TraceCheckUtils]: 44: Hoare quadruple {15563#(= |setClientPrivateKey_#in~handle| 1)} {15521#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #839#return; {15495#false} is VALID [2022-02-20 18:00:45,282 INFO L290 TraceCheckUtils]: 45: Hoare triple {15495#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 26, 0;havoc setup_#t~nondet49#1; {15495#false} is VALID [2022-02-20 18:00:45,282 INFO L290 TraceCheckUtils]: 46: Hoare triple {15495#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {15495#false} is VALID [2022-02-20 18:00:45,282 INFO L290 TraceCheckUtils]: 47: Hoare triple {15495#false} assume !false; {15495#false} is VALID [2022-02-20 18:00:45,282 INFO L290 TraceCheckUtils]: 48: Hoare triple {15495#false} assume test_~splverifierCounter~0#1 < 4; {15495#false} is VALID [2022-02-20 18:00:45,282 INFO L290 TraceCheckUtils]: 49: Hoare triple {15495#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {15495#false} is VALID [2022-02-20 18:00:45,283 INFO L290 TraceCheckUtils]: 50: Hoare triple {15495#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet86#1 && test_#t~nondet86#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet86#1;havoc test_#t~nondet86#1; {15495#false} is VALID [2022-02-20 18:00:45,283 INFO L290 TraceCheckUtils]: 51: Hoare triple {15495#false} assume !(0 != test_~tmp___9~0#1); {15495#false} is VALID [2022-02-20 18:00:45,283 INFO L290 TraceCheckUtils]: 52: Hoare triple {15495#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet87#1 && test_#t~nondet87#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet87#1;havoc test_#t~nondet87#1; {15495#false} is VALID [2022-02-20 18:00:45,283 INFO L290 TraceCheckUtils]: 53: Hoare triple {15495#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {15495#false} is VALID [2022-02-20 18:00:45,283 INFO L290 TraceCheckUtils]: 54: Hoare triple {15495#false} assume !false; {15495#false} is VALID [2022-02-20 18:00:45,283 INFO L290 TraceCheckUtils]: 55: Hoare triple {15495#false} assume !(test_~splverifierCounter~0#1 < 4); {15495#false} is VALID [2022-02-20 18:00:45,283 INFO L290 TraceCheckUtils]: 56: Hoare triple {15495#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret42#1 := puts(22, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {15495#false} is VALID [2022-02-20 18:00:45,283 INFO L272 TraceCheckUtils]: 57: Hoare triple {15495#false} call sendEmail(~bob~0, ~rjh~0); {15495#false} is VALID [2022-02-20 18:00:45,283 INFO L290 TraceCheckUtils]: 58: Hoare triple {15495#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~5#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~5#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {15495#false} is VALID [2022-02-20 18:00:45,283 INFO L272 TraceCheckUtils]: 59: Hoare triple {15495#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {15564#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:45,284 INFO L290 TraceCheckUtils]: 60: Hoare triple {15564#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15494#true} is VALID [2022-02-20 18:00:45,284 INFO L290 TraceCheckUtils]: 61: Hoare triple {15494#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15494#true} is VALID [2022-02-20 18:00:45,284 INFO L290 TraceCheckUtils]: 62: Hoare triple {15494#true} assume true; {15494#true} is VALID [2022-02-20 18:00:45,284 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {15494#true} {15495#false} #825#return; {15495#false} is VALID [2022-02-20 18:00:45,284 INFO L290 TraceCheckUtils]: 64: Hoare triple {15495#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {15495#false} is VALID [2022-02-20 18:00:45,284 INFO L290 TraceCheckUtils]: 65: Hoare triple {15495#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {15495#false} is VALID [2022-02-20 18:00:45,284 INFO L290 TraceCheckUtils]: 66: Hoare triple {15495#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~5#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~5#1; {15495#false} is VALID [2022-02-20 18:00:45,284 INFO L290 TraceCheckUtils]: 67: Hoare triple {15495#false} #t~ret75#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret75#1 && #t~ret75#1 <= 2147483647;~tmp~16#1 := #t~ret75#1;havoc #t~ret75#1;~email~0#1 := ~tmp~16#1; {15495#false} is VALID [2022-02-20 18:00:45,284 INFO L272 TraceCheckUtils]: 68: Hoare triple {15495#false} call outgoing(~sender#1, ~email~0#1); {15495#false} is VALID [2022-02-20 18:00:45,285 INFO L290 TraceCheckUtils]: 69: Hoare triple {15495#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~13#1;havoc ~pubkey~0#1;havoc ~tmp___0~4#1; {15495#false} is VALID [2022-02-20 18:00:45,285 INFO L272 TraceCheckUtils]: 70: Hoare triple {15495#false} call #t~ret67#1 := getEmailTo(~msg#1); {15494#true} is VALID [2022-02-20 18:00:45,285 INFO L290 TraceCheckUtils]: 71: Hoare triple {15494#true} ~handle := #in~handle;havoc ~retValue_acc~30; {15494#true} is VALID [2022-02-20 18:00:45,285 INFO L290 TraceCheckUtils]: 72: Hoare triple {15494#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {15494#true} is VALID [2022-02-20 18:00:45,285 INFO L290 TraceCheckUtils]: 73: Hoare triple {15494#true} assume true; {15494#true} is VALID [2022-02-20 18:00:45,285 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {15494#true} {15495#false} #787#return; {15495#false} is VALID [2022-02-20 18:00:45,285 INFO L290 TraceCheckUtils]: 75: Hoare triple {15495#false} assume -2147483648 <= #t~ret67#1 && #t~ret67#1 <= 2147483647;~tmp~13#1 := #t~ret67#1;havoc #t~ret67#1;~receiver~0#1 := ~tmp~13#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~24#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~24#1; {15495#false} is VALID [2022-02-20 18:00:45,285 INFO L290 TraceCheckUtils]: 76: Hoare triple {15495#false} assume 1 == findPublicKey_~handle#1; {15495#false} is VALID [2022-02-20 18:00:45,285 INFO L290 TraceCheckUtils]: 77: Hoare triple {15495#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~24#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~24#1; {15495#false} is VALID [2022-02-20 18:00:45,286 INFO L290 TraceCheckUtils]: 78: Hoare triple {15495#false} #t~ret68#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret68#1 && #t~ret68#1 <= 2147483647;~tmp___0~4#1 := #t~ret68#1;havoc #t~ret68#1;~pubkey~0#1 := ~tmp___0~4#1; {15495#false} is VALID [2022-02-20 18:00:45,286 INFO L290 TraceCheckUtils]: 79: Hoare triple {15495#false} assume !(0 != ~pubkey~0#1); {15495#false} is VALID [2022-02-20 18:00:45,286 INFO L290 TraceCheckUtils]: 80: Hoare triple {15495#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret66#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~12#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {15495#false} is VALID [2022-02-20 18:00:45,286 INFO L290 TraceCheckUtils]: 81: Hoare triple {15495#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {15495#false} is VALID [2022-02-20 18:00:45,286 INFO L290 TraceCheckUtils]: 82: Hoare triple {15495#false} outgoing__wrappee__Keys_#t~ret66#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret66#1 && outgoing__wrappee__Keys_#t~ret66#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~12#1 := outgoing__wrappee__Keys_#t~ret66#1;havoc outgoing__wrappee__Keys_#t~ret66#1; {15495#false} is VALID [2022-02-20 18:00:45,286 INFO L272 TraceCheckUtils]: 83: Hoare triple {15495#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1); {15564#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:45,286 INFO L290 TraceCheckUtils]: 84: Hoare triple {15564#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15494#true} is VALID [2022-02-20 18:00:45,286 INFO L290 TraceCheckUtils]: 85: Hoare triple {15494#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15494#true} is VALID [2022-02-20 18:00:45,286 INFO L290 TraceCheckUtils]: 86: Hoare triple {15494#true} assume true; {15494#true} is VALID [2022-02-20 18:00:45,286 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {15494#true} {15495#false} #793#return; {15495#false} is VALID [2022-02-20 18:00:45,287 INFO L290 TraceCheckUtils]: 88: Hoare triple {15495#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret64#1, mail_#t~ret65#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~11#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~11#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 := puts(33, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1; {15495#false} is VALID [2022-02-20 18:00:45,287 INFO L272 TraceCheckUtils]: 89: Hoare triple {15495#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {15494#true} is VALID [2022-02-20 18:00:45,287 INFO L290 TraceCheckUtils]: 90: Hoare triple {15494#true} ~handle := #in~handle;havoc ~retValue_acc~33; {15494#true} is VALID [2022-02-20 18:00:45,287 INFO L290 TraceCheckUtils]: 91: Hoare triple {15494#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~33; {15494#true} is VALID [2022-02-20 18:00:45,287 INFO L290 TraceCheckUtils]: 92: Hoare triple {15494#true} assume true; {15494#true} is VALID [2022-02-20 18:00:45,287 INFO L284 TraceCheckUtils]: 93: Hoare quadruple {15494#true} {15495#false} #795#return; {15495#false} is VALID [2022-02-20 18:00:45,287 INFO L290 TraceCheckUtils]: 94: Hoare triple {15495#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset := 34, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1; {15495#false} is VALID [2022-02-20 18:00:45,287 INFO L290 TraceCheckUtils]: 95: Hoare triple {15495#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret64#1 := puts(30, 0);assume -2147483648 <= mail_#t~ret64#1 && mail_#t~ret64#1 <= 2147483647;havoc mail_#t~ret64#1; {15495#false} is VALID [2022-02-20 18:00:45,287 INFO L272 TraceCheckUtils]: 96: Hoare triple {15495#false} call mail_#t~ret65#1 := getEmailTo(mail_~msg#1); {15494#true} is VALID [2022-02-20 18:00:45,288 INFO L290 TraceCheckUtils]: 97: Hoare triple {15494#true} ~handle := #in~handle;havoc ~retValue_acc~30; {15494#true} is VALID [2022-02-20 18:00:45,288 INFO L290 TraceCheckUtils]: 98: Hoare triple {15494#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {15494#true} is VALID [2022-02-20 18:00:45,288 INFO L290 TraceCheckUtils]: 99: Hoare triple {15494#true} assume true; {15494#true} is VALID [2022-02-20 18:00:45,288 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {15494#true} {15495#false} #797#return; {15495#false} is VALID [2022-02-20 18:00:45,288 INFO L290 TraceCheckUtils]: 101: Hoare triple {15495#false} assume -2147483648 <= mail_#t~ret65#1 && mail_#t~ret65#1 <= 2147483647;mail_~tmp~11#1 := mail_#t~ret65#1;havoc mail_#t~ret65#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~11#1, mail_~msg#1;havoc incoming_#t~ret70#1, incoming_#t~ret71#1, incoming_#t~ret72#1, incoming_#t~ret73#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~14#1, incoming_~tmp___0~5#1, incoming_~tmp___1~2#1, incoming_~tmp___2~1#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~14#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~2#1;havoc incoming_~tmp___2~1#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 := puts(35, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset := 36, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1; {15495#false} is VALID [2022-02-20 18:00:45,288 INFO L290 TraceCheckUtils]: 102: Hoare triple {15495#false} assume 1 == ~sent_encrypted~0; {15495#false} is VALID [2022-02-20 18:00:45,288 INFO L272 TraceCheckUtils]: 103: Hoare triple {15495#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {15494#true} is VALID [2022-02-20 18:00:45,288 INFO L290 TraceCheckUtils]: 104: Hoare triple {15494#true} ~handle := #in~handle;havoc ~retValue_acc~19; {15494#true} is VALID [2022-02-20 18:00:45,290 INFO L290 TraceCheckUtils]: 105: Hoare triple {15494#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {15494#true} is VALID [2022-02-20 18:00:45,290 INFO L290 TraceCheckUtils]: 106: Hoare triple {15494#true} assume true; {15494#true} is VALID [2022-02-20 18:00:45,290 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {15494#true} {15495#false} #799#return; {15495#false} is VALID [2022-02-20 18:00:45,290 INFO L290 TraceCheckUtils]: 108: Hoare triple {15495#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~17#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1; {15495#false} is VALID [2022-02-20 18:00:45,290 INFO L272 TraceCheckUtils]: 109: Hoare triple {15495#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {15494#true} is VALID [2022-02-20 18:00:45,290 INFO L290 TraceCheckUtils]: 110: Hoare triple {15494#true} ~handle := #in~handle;havoc ~retValue_acc~34; {15494#true} is VALID [2022-02-20 18:00:45,291 INFO L290 TraceCheckUtils]: 111: Hoare triple {15494#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~34; {15494#true} is VALID [2022-02-20 18:00:45,291 INFO L290 TraceCheckUtils]: 112: Hoare triple {15494#true} assume true; {15494#true} is VALID [2022-02-20 18:00:45,291 INFO L284 TraceCheckUtils]: 113: Hoare quadruple {15494#true} {15495#false} #801#return; {15495#false} is VALID [2022-02-20 18:00:45,291 INFO L290 TraceCheckUtils]: 114: Hoare triple {15495#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1; {15495#false} is VALID [2022-02-20 18:00:45,291 INFO L272 TraceCheckUtils]: 115: Hoare triple {15495#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1); {15494#true} is VALID [2022-02-20 18:00:45,291 INFO L290 TraceCheckUtils]: 116: Hoare triple {15494#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~42;havoc ~__cil_tmp4~4.base, ~__cil_tmp4~4.offset;~__cil_tmp4~4.base, ~__cil_tmp4~4.offset := 32, 0;havoc #t~nondet76; {15494#true} is VALID [2022-02-20 18:00:45,291 INFO L290 TraceCheckUtils]: 117: Hoare triple {15494#true} assume 0 == ~publicKey;~retValue_acc~42 := 0;#res := ~retValue_acc~42; {15494#true} is VALID [2022-02-20 18:00:45,291 INFO L290 TraceCheckUtils]: 118: Hoare triple {15494#true} assume true; {15494#true} is VALID [2022-02-20 18:00:45,291 INFO L284 TraceCheckUtils]: 119: Hoare quadruple {15494#true} {15495#false} #803#return; {15495#false} is VALID [2022-02-20 18:00:45,292 INFO L290 TraceCheckUtils]: 120: Hoare triple {15495#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1; {15495#false} is VALID [2022-02-20 18:00:45,292 INFO L290 TraceCheckUtils]: 121: Hoare triple {15495#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1);assume { :begin_inline___automaton_fail } true; {15495#false} is VALID [2022-02-20 18:00:45,292 INFO L290 TraceCheckUtils]: 122: Hoare triple {15495#false} assume !false; {15495#false} is VALID [2022-02-20 18:00:45,292 INFO L134 CoverageAnalysis]: Checked inductivity of 35 backedges. 13 proven. 0 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 18:00:45,292 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:00:45,292 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [176862071] [2022-02-20 18:00:45,292 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [176862071] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:00:45,293 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:00:45,293 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [11] imperfect sequences [] total 11 [2022-02-20 18:00:45,293 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [957787266] [2022-02-20 18:00:45,293 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:00:45,293 INFO L78 Accepts]: Start accepts. Automaton has has 11 states, 10 states have (on average 8.2) internal successors, (82), 8 states have internal predecessors, (82), 4 states have call successors, (16), 5 states have call predecessors, (16), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) Word has length 123 [2022-02-20 18:00:45,294 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:00:45,294 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 11 states, 10 states have (on average 8.2) internal successors, (82), 8 states have internal predecessors, (82), 4 states have call successors, (16), 5 states have call predecessors, (16), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) [2022-02-20 18:00:45,396 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 112 edges. 112 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:45,397 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 11 states [2022-02-20 18:00:45,397 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:00:45,397 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 11 interpolants. [2022-02-20 18:00:45,398 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=19, Invalid=91, Unknown=0, NotChecked=0, Total=110 [2022-02-20 18:00:45,398 INFO L87 Difference]: Start difference. First operand 319 states and 489 transitions. Second operand has 11 states, 10 states have (on average 8.2) internal successors, (82), 8 states have internal predecessors, (82), 4 states have call successors, (16), 5 states have call predecessors, (16), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) [2022-02-20 18:00:52,714 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:52,714 INFO L93 Difference]: Finished difference Result 665 states and 1024 transitions. [2022-02-20 18:00:52,714 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 12 states. [2022-02-20 18:00:52,715 INFO L78 Accepts]: Start accepts. Automaton has has 11 states, 10 states have (on average 8.2) internal successors, (82), 8 states have internal predecessors, (82), 4 states have call successors, (16), 5 states have call predecessors, (16), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) Word has length 123 [2022-02-20 18:00:52,716 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:00:52,731 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 11 states, 10 states have (on average 8.2) internal successors, (82), 8 states have internal predecessors, (82), 4 states have call successors, (16), 5 states have call predecessors, (16), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) [2022-02-20 18:00:52,737 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 12 states to 12 states and 858 transitions. [2022-02-20 18:00:52,738 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 11 states, 10 states have (on average 8.2) internal successors, (82), 8 states have internal predecessors, (82), 4 states have call successors, (16), 5 states have call predecessors, (16), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) [2022-02-20 18:00:52,743 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 12 states to 12 states and 858 transitions. [2022-02-20 18:00:52,743 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 12 states and 858 transitions. [2022-02-20 18:00:53,653 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 858 edges. 858 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:53,661 INFO L225 Difference]: With dead ends: 665 [2022-02-20 18:00:53,662 INFO L226 Difference]: Without dead ends: 373 [2022-02-20 18:00:53,663 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 50 GetRequests, 31 SyntacticMatches, 0 SemanticMatches, 19 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 46 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=84, Invalid=336, Unknown=0, NotChecked=0, Total=420 [2022-02-20 18:00:53,663 INFO L933 BasicCegarLoop]: 412 mSDtfsCounter, 796 mSDsluCounter, 952 mSDsCounter, 0 mSdLazyCounter, 2251 mSolverCounterSat, 270 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 796 SdHoareTripleChecker+Valid, 1364 SdHoareTripleChecker+Invalid, 2521 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 270 IncrementalHoareTripleChecker+Valid, 2251 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.3s IncrementalHoareTripleChecker+Time [2022-02-20 18:00:53,663 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [796 Valid, 1364 Invalid, 2521 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [270 Valid, 2251 Invalid, 0 Unknown, 0 Unchecked, 3.3s Time] [2022-02-20 18:00:53,664 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 373 states. [2022-02-20 18:00:53,754 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 373 to 319. [2022-02-20 18:00:53,755 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:00:53,761 INFO L82 GeneralOperation]: Start isEquivalent. First operand 373 states. Second operand has 319 states, 244 states have (on average 1.5327868852459017) internal successors, (374), 250 states have internal predecessors, (374), 54 states have call successors, (54), 17 states have call predecessors, (54), 20 states have return successors, (60), 53 states have call predecessors, (60), 53 states have call successors, (60) [2022-02-20 18:00:53,762 INFO L74 IsIncluded]: Start isIncluded. First operand 373 states. Second operand has 319 states, 244 states have (on average 1.5327868852459017) internal successors, (374), 250 states have internal predecessors, (374), 54 states have call successors, (54), 17 states have call predecessors, (54), 20 states have return successors, (60), 53 states have call predecessors, (60), 53 states have call successors, (60) [2022-02-20 18:00:53,764 INFO L87 Difference]: Start difference. First operand 373 states. Second operand has 319 states, 244 states have (on average 1.5327868852459017) internal successors, (374), 250 states have internal predecessors, (374), 54 states have call successors, (54), 17 states have call predecessors, (54), 20 states have return successors, (60), 53 states have call predecessors, (60), 53 states have call successors, (60) [2022-02-20 18:00:53,774 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:53,774 INFO L93 Difference]: Finished difference Result 373 states and 572 transitions. [2022-02-20 18:00:53,774 INFO L276 IsEmpty]: Start isEmpty. Operand 373 states and 572 transitions. [2022-02-20 18:00:53,776 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:53,776 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:53,777 INFO L74 IsIncluded]: Start isIncluded. First operand has 319 states, 244 states have (on average 1.5327868852459017) internal successors, (374), 250 states have internal predecessors, (374), 54 states have call successors, (54), 17 states have call predecessors, (54), 20 states have return successors, (60), 53 states have call predecessors, (60), 53 states have call successors, (60) Second operand 373 states. [2022-02-20 18:00:53,778 INFO L87 Difference]: Start difference. First operand has 319 states, 244 states have (on average 1.5327868852459017) internal successors, (374), 250 states have internal predecessors, (374), 54 states have call successors, (54), 17 states have call predecessors, (54), 20 states have return successors, (60), 53 states have call predecessors, (60), 53 states have call successors, (60) Second operand 373 states. [2022-02-20 18:00:53,787 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:53,787 INFO L93 Difference]: Finished difference Result 373 states and 572 transitions. [2022-02-20 18:00:53,787 INFO L276 IsEmpty]: Start isEmpty. Operand 373 states and 572 transitions. [2022-02-20 18:00:53,788 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:53,788 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:53,789 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:00:53,789 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:00:53,789 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 319 states, 244 states have (on average 1.5327868852459017) internal successors, (374), 250 states have internal predecessors, (374), 54 states have call successors, (54), 17 states have call predecessors, (54), 20 states have return successors, (60), 53 states have call predecessors, (60), 53 states have call successors, (60) [2022-02-20 18:00:53,796 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 319 states to 319 states and 488 transitions. [2022-02-20 18:00:53,797 INFO L78 Accepts]: Start accepts. Automaton has 319 states and 488 transitions. Word has length 123 [2022-02-20 18:00:53,797 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:00:53,797 INFO L470 AbstractCegarLoop]: Abstraction has 319 states and 488 transitions. [2022-02-20 18:00:53,797 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 11 states, 10 states have (on average 8.2) internal successors, (82), 8 states have internal predecessors, (82), 4 states have call successors, (16), 5 states have call predecessors, (16), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) [2022-02-20 18:00:53,797 INFO L276 IsEmpty]: Start isEmpty. Operand 319 states and 488 transitions. [2022-02-20 18:00:53,799 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 125 [2022-02-20 18:00:53,799 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:00:53,799 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:00:53,800 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-02-20 18:00:53,800 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:00:53,800 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:00:53,800 INFO L85 PathProgramCache]: Analyzing trace with hash 334111285, now seen corresponding path program 2 times [2022-02-20 18:00:53,800 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:00:53,800 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1580565232] [2022-02-20 18:00:53,800 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:53,801 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:00:53,838 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:53,862 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:00:53,864 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:53,865 INFO L290 TraceCheckUtils]: 0: Hoare triple {17793#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17728#true} is VALID [2022-02-20 18:00:53,866 INFO L290 TraceCheckUtils]: 1: Hoare triple {17728#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17728#true} is VALID [2022-02-20 18:00:53,866 INFO L290 TraceCheckUtils]: 2: Hoare triple {17728#true} assume true; {17728#true} is VALID [2022-02-20 18:00:53,866 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17728#true} {17728#true} #829#return; {17728#true} is VALID [2022-02-20 18:00:53,871 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:00:53,872 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:53,874 INFO L290 TraceCheckUtils]: 0: Hoare triple {17794#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17728#true} is VALID [2022-02-20 18:00:53,874 INFO L290 TraceCheckUtils]: 1: Hoare triple {17728#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {17728#true} is VALID [2022-02-20 18:00:53,874 INFO L290 TraceCheckUtils]: 2: Hoare triple {17728#true} assume true; {17728#true} is VALID [2022-02-20 18:00:53,874 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17728#true} {17728#true} #831#return; {17728#true} is VALID [2022-02-20 18:00:53,874 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:00:53,875 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:53,878 INFO L290 TraceCheckUtils]: 0: Hoare triple {17793#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17728#true} is VALID [2022-02-20 18:00:53,878 INFO L290 TraceCheckUtils]: 1: Hoare triple {17728#true} assume !(1 == ~handle); {17728#true} is VALID [2022-02-20 18:00:53,878 INFO L290 TraceCheckUtils]: 2: Hoare triple {17728#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {17728#true} is VALID [2022-02-20 18:00:53,878 INFO L290 TraceCheckUtils]: 3: Hoare triple {17728#true} assume true; {17728#true} is VALID [2022-02-20 18:00:53,878 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {17728#true} {17728#true} #833#return; {17728#true} is VALID [2022-02-20 18:00:53,878 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:00:53,880 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:53,883 INFO L290 TraceCheckUtils]: 0: Hoare triple {17794#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17728#true} is VALID [2022-02-20 18:00:53,883 INFO L290 TraceCheckUtils]: 1: Hoare triple {17728#true} assume !(1 == ~handle); {17728#true} is VALID [2022-02-20 18:00:53,883 INFO L290 TraceCheckUtils]: 2: Hoare triple {17728#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {17728#true} is VALID [2022-02-20 18:00:53,883 INFO L290 TraceCheckUtils]: 3: Hoare triple {17728#true} assume true; {17728#true} is VALID [2022-02-20 18:00:53,883 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {17728#true} {17728#true} #835#return; {17728#true} is VALID [2022-02-20 18:00:53,883 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:00:53,885 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:53,897 INFO L290 TraceCheckUtils]: 0: Hoare triple {17793#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17795#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:53,898 INFO L290 TraceCheckUtils]: 1: Hoare triple {17795#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {17795#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:53,898 INFO L290 TraceCheckUtils]: 2: Hoare triple {17795#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {17795#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:53,898 INFO L290 TraceCheckUtils]: 3: Hoare triple {17795#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {17796#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:53,899 INFO L290 TraceCheckUtils]: 4: Hoare triple {17796#(= 3 |setClientId_#in~handle|)} assume true; {17796#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:53,899 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {17796#(= 3 |setClientId_#in~handle|)} {17748#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #837#return; {17755#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:00:53,899 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:00:53,901 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:53,914 INFO L290 TraceCheckUtils]: 0: Hoare triple {17794#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17797#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:53,915 INFO L290 TraceCheckUtils]: 1: Hoare triple {17797#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {17797#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:53,915 INFO L290 TraceCheckUtils]: 2: Hoare triple {17797#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {17798#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:53,915 INFO L290 TraceCheckUtils]: 3: Hoare triple {17798#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {17798#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:53,916 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {17798#(= 2 |setClientPrivateKey_#in~handle|)} {17755#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #839#return; {17729#false} is VALID [2022-02-20 18:00:53,923 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-02-20 18:00:53,924 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:53,928 INFO L290 TraceCheckUtils]: 0: Hoare triple {17799#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17728#true} is VALID [2022-02-20 18:00:53,928 INFO L290 TraceCheckUtils]: 1: Hoare triple {17728#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17728#true} is VALID [2022-02-20 18:00:53,928 INFO L290 TraceCheckUtils]: 2: Hoare triple {17728#true} assume true; {17728#true} is VALID [2022-02-20 18:00:53,928 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17728#true} {17729#false} #825#return; {17729#false} is VALID [2022-02-20 18:00:53,928 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 71 [2022-02-20 18:00:53,929 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:53,930 INFO L290 TraceCheckUtils]: 0: Hoare triple {17728#true} ~handle := #in~handle;havoc ~retValue_acc~30; {17728#true} is VALID [2022-02-20 18:00:53,930 INFO L290 TraceCheckUtils]: 1: Hoare triple {17728#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {17728#true} is VALID [2022-02-20 18:00:53,931 INFO L290 TraceCheckUtils]: 2: Hoare triple {17728#true} assume true; {17728#true} is VALID [2022-02-20 18:00:53,931 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17728#true} {17729#false} #787#return; {17729#false} is VALID [2022-02-20 18:00:53,931 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 18:00:53,931 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:53,933 INFO L290 TraceCheckUtils]: 0: Hoare triple {17799#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17728#true} is VALID [2022-02-20 18:00:53,933 INFO L290 TraceCheckUtils]: 1: Hoare triple {17728#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17728#true} is VALID [2022-02-20 18:00:53,933 INFO L290 TraceCheckUtils]: 2: Hoare triple {17728#true} assume true; {17728#true} is VALID [2022-02-20 18:00:53,933 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17728#true} {17729#false} #793#return; {17729#false} is VALID [2022-02-20 18:00:53,933 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90 [2022-02-20 18:00:53,933 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:53,935 INFO L290 TraceCheckUtils]: 0: Hoare triple {17728#true} ~handle := #in~handle;havoc ~retValue_acc~33; {17728#true} is VALID [2022-02-20 18:00:53,935 INFO L290 TraceCheckUtils]: 1: Hoare triple {17728#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~33; {17728#true} is VALID [2022-02-20 18:00:53,935 INFO L290 TraceCheckUtils]: 2: Hoare triple {17728#true} assume true; {17728#true} is VALID [2022-02-20 18:00:53,935 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17728#true} {17729#false} #795#return; {17729#false} is VALID [2022-02-20 18:00:53,935 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 97 [2022-02-20 18:00:53,938 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:53,939 INFO L290 TraceCheckUtils]: 0: Hoare triple {17728#true} ~handle := #in~handle;havoc ~retValue_acc~30; {17728#true} is VALID [2022-02-20 18:00:53,939 INFO L290 TraceCheckUtils]: 1: Hoare triple {17728#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {17728#true} is VALID [2022-02-20 18:00:53,939 INFO L290 TraceCheckUtils]: 2: Hoare triple {17728#true} assume true; {17728#true} is VALID [2022-02-20 18:00:53,939 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17728#true} {17729#false} #797#return; {17729#false} is VALID [2022-02-20 18:00:53,939 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 104 [2022-02-20 18:00:53,940 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:53,942 INFO L290 TraceCheckUtils]: 0: Hoare triple {17728#true} ~handle := #in~handle;havoc ~retValue_acc~19; {17728#true} is VALID [2022-02-20 18:00:53,942 INFO L290 TraceCheckUtils]: 1: Hoare triple {17728#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {17728#true} is VALID [2022-02-20 18:00:53,942 INFO L290 TraceCheckUtils]: 2: Hoare triple {17728#true} assume true; {17728#true} is VALID [2022-02-20 18:00:53,942 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17728#true} {17729#false} #799#return; {17729#false} is VALID [2022-02-20 18:00:53,942 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 110 [2022-02-20 18:00:53,943 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:53,944 INFO L290 TraceCheckUtils]: 0: Hoare triple {17728#true} ~handle := #in~handle;havoc ~retValue_acc~34; {17728#true} is VALID [2022-02-20 18:00:53,944 INFO L290 TraceCheckUtils]: 1: Hoare triple {17728#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~34; {17728#true} is VALID [2022-02-20 18:00:53,944 INFO L290 TraceCheckUtils]: 2: Hoare triple {17728#true} assume true; {17728#true} is VALID [2022-02-20 18:00:53,944 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17728#true} {17729#false} #801#return; {17729#false} is VALID [2022-02-20 18:00:53,944 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 116 [2022-02-20 18:00:53,945 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:53,947 INFO L290 TraceCheckUtils]: 0: Hoare triple {17728#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~42;havoc ~__cil_tmp4~4.base, ~__cil_tmp4~4.offset;~__cil_tmp4~4.base, ~__cil_tmp4~4.offset := 32, 0;havoc #t~nondet76; {17728#true} is VALID [2022-02-20 18:00:53,948 INFO L290 TraceCheckUtils]: 1: Hoare triple {17728#true} assume 0 == ~publicKey;~retValue_acc~42 := 0;#res := ~retValue_acc~42; {17728#true} is VALID [2022-02-20 18:00:53,948 INFO L290 TraceCheckUtils]: 2: Hoare triple {17728#true} assume true; {17728#true} is VALID [2022-02-20 18:00:53,948 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17728#true} {17729#false} #803#return; {17729#false} is VALID [2022-02-20 18:00:53,948 INFO L290 TraceCheckUtils]: 0: Hoare triple {17728#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(21, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(44, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(11, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(100, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(20, 32);call #Ultimate.allocInit(13, 33);call #Ultimate.allocInit(19, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(19, 36);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(115, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_encrypted~0 := -1; {17728#true} is VALID [2022-02-20 18:00:53,948 INFO L290 TraceCheckUtils]: 1: Hoare triple {17728#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~9#1, main_~tmp~7#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {17728#true} is VALID [2022-02-20 18:00:53,948 INFO L290 TraceCheckUtils]: 2: Hoare triple {17728#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {17728#true} is VALID [2022-02-20 18:00:53,948 INFO L290 TraceCheckUtils]: 3: Hoare triple {17728#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {17728#true} is VALID [2022-02-20 18:00:53,948 INFO L290 TraceCheckUtils]: 4: Hoare triple {17728#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {17728#true} is VALID [2022-02-20 18:00:53,949 INFO L290 TraceCheckUtils]: 5: Hoare triple {17728#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {17728#true} is VALID [2022-02-20 18:00:53,949 INFO L272 TraceCheckUtils]: 6: Hoare triple {17728#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {17793#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:53,949 INFO L290 TraceCheckUtils]: 7: Hoare triple {17793#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17728#true} is VALID [2022-02-20 18:00:53,949 INFO L290 TraceCheckUtils]: 8: Hoare triple {17728#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17728#true} is VALID [2022-02-20 18:00:53,949 INFO L290 TraceCheckUtils]: 9: Hoare triple {17728#true} assume true; {17728#true} is VALID [2022-02-20 18:00:53,950 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {17728#true} {17728#true} #829#return; {17728#true} is VALID [2022-02-20 18:00:53,950 INFO L290 TraceCheckUtils]: 11: Hoare triple {17728#true} assume { :end_inline_setup_bob__wrappee__Base } true; {17728#true} is VALID [2022-02-20 18:00:53,950 INFO L272 TraceCheckUtils]: 12: Hoare triple {17728#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {17794#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:53,950 INFO L290 TraceCheckUtils]: 13: Hoare triple {17794#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17728#true} is VALID [2022-02-20 18:00:53,950 INFO L290 TraceCheckUtils]: 14: Hoare triple {17728#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {17728#true} is VALID [2022-02-20 18:00:53,951 INFO L290 TraceCheckUtils]: 15: Hoare triple {17728#true} assume true; {17728#true} is VALID [2022-02-20 18:00:53,951 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {17728#true} {17728#true} #831#return; {17728#true} is VALID [2022-02-20 18:00:53,951 INFO L290 TraceCheckUtils]: 17: Hoare triple {17728#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 24, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {17728#true} is VALID [2022-02-20 18:00:53,951 INFO L272 TraceCheckUtils]: 18: Hoare triple {17728#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {17793#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:53,951 INFO L290 TraceCheckUtils]: 19: Hoare triple {17793#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17728#true} is VALID [2022-02-20 18:00:53,951 INFO L290 TraceCheckUtils]: 20: Hoare triple {17728#true} assume !(1 == ~handle); {17728#true} is VALID [2022-02-20 18:00:53,952 INFO L290 TraceCheckUtils]: 21: Hoare triple {17728#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {17728#true} is VALID [2022-02-20 18:00:53,952 INFO L290 TraceCheckUtils]: 22: Hoare triple {17728#true} assume true; {17728#true} is VALID [2022-02-20 18:00:53,952 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {17728#true} {17728#true} #833#return; {17728#true} is VALID [2022-02-20 18:00:53,952 INFO L290 TraceCheckUtils]: 24: Hoare triple {17728#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {17728#true} is VALID [2022-02-20 18:00:53,952 INFO L272 TraceCheckUtils]: 25: Hoare triple {17728#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {17794#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:53,953 INFO L290 TraceCheckUtils]: 26: Hoare triple {17794#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17728#true} is VALID [2022-02-20 18:00:53,953 INFO L290 TraceCheckUtils]: 27: Hoare triple {17728#true} assume !(1 == ~handle); {17728#true} is VALID [2022-02-20 18:00:53,953 INFO L290 TraceCheckUtils]: 28: Hoare triple {17728#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {17728#true} is VALID [2022-02-20 18:00:53,953 INFO L290 TraceCheckUtils]: 29: Hoare triple {17728#true} assume true; {17728#true} is VALID [2022-02-20 18:00:53,953 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {17728#true} {17728#true} #835#return; {17728#true} is VALID [2022-02-20 18:00:53,953 INFO L290 TraceCheckUtils]: 31: Hoare triple {17728#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 25, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {17748#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:00:53,954 INFO L272 TraceCheckUtils]: 32: Hoare triple {17748#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {17793#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:53,954 INFO L290 TraceCheckUtils]: 33: Hoare triple {17793#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17795#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:53,954 INFO L290 TraceCheckUtils]: 34: Hoare triple {17795#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {17795#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:53,955 INFO L290 TraceCheckUtils]: 35: Hoare triple {17795#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {17795#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:53,955 INFO L290 TraceCheckUtils]: 36: Hoare triple {17795#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {17796#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:53,955 INFO L290 TraceCheckUtils]: 37: Hoare triple {17796#(= 3 |setClientId_#in~handle|)} assume true; {17796#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:53,956 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {17796#(= 3 |setClientId_#in~handle|)} {17748#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #837#return; {17755#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:00:53,956 INFO L290 TraceCheckUtils]: 39: Hoare triple {17755#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} assume { :end_inline_setup_chuck__wrappee__Base } true; {17755#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:00:53,957 INFO L272 TraceCheckUtils]: 40: Hoare triple {17755#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {17794#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:53,957 INFO L290 TraceCheckUtils]: 41: Hoare triple {17794#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17797#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:53,957 INFO L290 TraceCheckUtils]: 42: Hoare triple {17797#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {17797#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:53,957 INFO L290 TraceCheckUtils]: 43: Hoare triple {17797#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {17798#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:53,958 INFO L290 TraceCheckUtils]: 44: Hoare triple {17798#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {17798#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:00:53,958 INFO L284 TraceCheckUtils]: 45: Hoare quadruple {17798#(= 2 |setClientPrivateKey_#in~handle|)} {17755#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #839#return; {17729#false} is VALID [2022-02-20 18:00:53,958 INFO L290 TraceCheckUtils]: 46: Hoare triple {17729#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 26, 0;havoc setup_#t~nondet49#1; {17729#false} is VALID [2022-02-20 18:00:53,958 INFO L290 TraceCheckUtils]: 47: Hoare triple {17729#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {17729#false} is VALID [2022-02-20 18:00:53,958 INFO L290 TraceCheckUtils]: 48: Hoare triple {17729#false} assume !false; {17729#false} is VALID [2022-02-20 18:00:53,959 INFO L290 TraceCheckUtils]: 49: Hoare triple {17729#false} assume test_~splverifierCounter~0#1 < 4; {17729#false} is VALID [2022-02-20 18:00:53,959 INFO L290 TraceCheckUtils]: 50: Hoare triple {17729#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {17729#false} is VALID [2022-02-20 18:00:53,959 INFO L290 TraceCheckUtils]: 51: Hoare triple {17729#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet86#1 && test_#t~nondet86#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet86#1;havoc test_#t~nondet86#1; {17729#false} is VALID [2022-02-20 18:00:53,959 INFO L290 TraceCheckUtils]: 52: Hoare triple {17729#false} assume !(0 != test_~tmp___9~0#1); {17729#false} is VALID [2022-02-20 18:00:53,959 INFO L290 TraceCheckUtils]: 53: Hoare triple {17729#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet87#1 && test_#t~nondet87#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet87#1;havoc test_#t~nondet87#1; {17729#false} is VALID [2022-02-20 18:00:53,959 INFO L290 TraceCheckUtils]: 54: Hoare triple {17729#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {17729#false} is VALID [2022-02-20 18:00:53,959 INFO L290 TraceCheckUtils]: 55: Hoare triple {17729#false} assume !false; {17729#false} is VALID [2022-02-20 18:00:53,959 INFO L290 TraceCheckUtils]: 56: Hoare triple {17729#false} assume !(test_~splverifierCounter~0#1 < 4); {17729#false} is VALID [2022-02-20 18:00:53,959 INFO L290 TraceCheckUtils]: 57: Hoare triple {17729#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret42#1 := puts(22, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {17729#false} is VALID [2022-02-20 18:00:53,959 INFO L272 TraceCheckUtils]: 58: Hoare triple {17729#false} call sendEmail(~bob~0, ~rjh~0); {17729#false} is VALID [2022-02-20 18:00:53,960 INFO L290 TraceCheckUtils]: 59: Hoare triple {17729#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~5#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~5#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {17729#false} is VALID [2022-02-20 18:00:53,960 INFO L272 TraceCheckUtils]: 60: Hoare triple {17729#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {17799#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:53,960 INFO L290 TraceCheckUtils]: 61: Hoare triple {17799#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17728#true} is VALID [2022-02-20 18:00:53,960 INFO L290 TraceCheckUtils]: 62: Hoare triple {17728#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17728#true} is VALID [2022-02-20 18:00:53,960 INFO L290 TraceCheckUtils]: 63: Hoare triple {17728#true} assume true; {17728#true} is VALID [2022-02-20 18:00:53,960 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {17728#true} {17729#false} #825#return; {17729#false} is VALID [2022-02-20 18:00:53,960 INFO L290 TraceCheckUtils]: 65: Hoare triple {17729#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {17729#false} is VALID [2022-02-20 18:00:53,960 INFO L290 TraceCheckUtils]: 66: Hoare triple {17729#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {17729#false} is VALID [2022-02-20 18:00:53,960 INFO L290 TraceCheckUtils]: 67: Hoare triple {17729#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~5#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~5#1; {17729#false} is VALID [2022-02-20 18:00:53,960 INFO L290 TraceCheckUtils]: 68: Hoare triple {17729#false} #t~ret75#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret75#1 && #t~ret75#1 <= 2147483647;~tmp~16#1 := #t~ret75#1;havoc #t~ret75#1;~email~0#1 := ~tmp~16#1; {17729#false} is VALID [2022-02-20 18:00:53,961 INFO L272 TraceCheckUtils]: 69: Hoare triple {17729#false} call outgoing(~sender#1, ~email~0#1); {17729#false} is VALID [2022-02-20 18:00:53,961 INFO L290 TraceCheckUtils]: 70: Hoare triple {17729#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~13#1;havoc ~pubkey~0#1;havoc ~tmp___0~4#1; {17729#false} is VALID [2022-02-20 18:00:53,961 INFO L272 TraceCheckUtils]: 71: Hoare triple {17729#false} call #t~ret67#1 := getEmailTo(~msg#1); {17728#true} is VALID [2022-02-20 18:00:53,961 INFO L290 TraceCheckUtils]: 72: Hoare triple {17728#true} ~handle := #in~handle;havoc ~retValue_acc~30; {17728#true} is VALID [2022-02-20 18:00:53,961 INFO L290 TraceCheckUtils]: 73: Hoare triple {17728#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {17728#true} is VALID [2022-02-20 18:00:53,961 INFO L290 TraceCheckUtils]: 74: Hoare triple {17728#true} assume true; {17728#true} is VALID [2022-02-20 18:00:53,961 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {17728#true} {17729#false} #787#return; {17729#false} is VALID [2022-02-20 18:00:53,961 INFO L290 TraceCheckUtils]: 76: Hoare triple {17729#false} assume -2147483648 <= #t~ret67#1 && #t~ret67#1 <= 2147483647;~tmp~13#1 := #t~ret67#1;havoc #t~ret67#1;~receiver~0#1 := ~tmp~13#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~24#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~24#1; {17729#false} is VALID [2022-02-20 18:00:53,961 INFO L290 TraceCheckUtils]: 77: Hoare triple {17729#false} assume 1 == findPublicKey_~handle#1; {17729#false} is VALID [2022-02-20 18:00:53,962 INFO L290 TraceCheckUtils]: 78: Hoare triple {17729#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~24#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~24#1; {17729#false} is VALID [2022-02-20 18:00:53,962 INFO L290 TraceCheckUtils]: 79: Hoare triple {17729#false} #t~ret68#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret68#1 && #t~ret68#1 <= 2147483647;~tmp___0~4#1 := #t~ret68#1;havoc #t~ret68#1;~pubkey~0#1 := ~tmp___0~4#1; {17729#false} is VALID [2022-02-20 18:00:53,962 INFO L290 TraceCheckUtils]: 80: Hoare triple {17729#false} assume !(0 != ~pubkey~0#1); {17729#false} is VALID [2022-02-20 18:00:53,962 INFO L290 TraceCheckUtils]: 81: Hoare triple {17729#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret66#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~12#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {17729#false} is VALID [2022-02-20 18:00:53,962 INFO L290 TraceCheckUtils]: 82: Hoare triple {17729#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {17729#false} is VALID [2022-02-20 18:00:53,962 INFO L290 TraceCheckUtils]: 83: Hoare triple {17729#false} outgoing__wrappee__Keys_#t~ret66#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret66#1 && outgoing__wrappee__Keys_#t~ret66#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~12#1 := outgoing__wrappee__Keys_#t~ret66#1;havoc outgoing__wrappee__Keys_#t~ret66#1; {17729#false} is VALID [2022-02-20 18:00:53,962 INFO L272 TraceCheckUtils]: 84: Hoare triple {17729#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1); {17799#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:53,962 INFO L290 TraceCheckUtils]: 85: Hoare triple {17799#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17728#true} is VALID [2022-02-20 18:00:53,962 INFO L290 TraceCheckUtils]: 86: Hoare triple {17728#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17728#true} is VALID [2022-02-20 18:00:53,962 INFO L290 TraceCheckUtils]: 87: Hoare triple {17728#true} assume true; {17728#true} is VALID [2022-02-20 18:00:53,963 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {17728#true} {17729#false} #793#return; {17729#false} is VALID [2022-02-20 18:00:53,963 INFO L290 TraceCheckUtils]: 89: Hoare triple {17729#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret64#1, mail_#t~ret65#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~11#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~11#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 := puts(33, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1; {17729#false} is VALID [2022-02-20 18:00:53,963 INFO L272 TraceCheckUtils]: 90: Hoare triple {17729#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {17728#true} is VALID [2022-02-20 18:00:53,963 INFO L290 TraceCheckUtils]: 91: Hoare triple {17728#true} ~handle := #in~handle;havoc ~retValue_acc~33; {17728#true} is VALID [2022-02-20 18:00:53,963 INFO L290 TraceCheckUtils]: 92: Hoare triple {17728#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~33; {17728#true} is VALID [2022-02-20 18:00:53,963 INFO L290 TraceCheckUtils]: 93: Hoare triple {17728#true} assume true; {17728#true} is VALID [2022-02-20 18:00:53,963 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {17728#true} {17729#false} #795#return; {17729#false} is VALID [2022-02-20 18:00:53,963 INFO L290 TraceCheckUtils]: 95: Hoare triple {17729#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset := 34, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1; {17729#false} is VALID [2022-02-20 18:00:53,963 INFO L290 TraceCheckUtils]: 96: Hoare triple {17729#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret64#1 := puts(30, 0);assume -2147483648 <= mail_#t~ret64#1 && mail_#t~ret64#1 <= 2147483647;havoc mail_#t~ret64#1; {17729#false} is VALID [2022-02-20 18:00:53,963 INFO L272 TraceCheckUtils]: 97: Hoare triple {17729#false} call mail_#t~ret65#1 := getEmailTo(mail_~msg#1); {17728#true} is VALID [2022-02-20 18:00:53,964 INFO L290 TraceCheckUtils]: 98: Hoare triple {17728#true} ~handle := #in~handle;havoc ~retValue_acc~30; {17728#true} is VALID [2022-02-20 18:00:53,964 INFO L290 TraceCheckUtils]: 99: Hoare triple {17728#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {17728#true} is VALID [2022-02-20 18:00:53,964 INFO L290 TraceCheckUtils]: 100: Hoare triple {17728#true} assume true; {17728#true} is VALID [2022-02-20 18:00:53,964 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {17728#true} {17729#false} #797#return; {17729#false} is VALID [2022-02-20 18:00:53,964 INFO L290 TraceCheckUtils]: 102: Hoare triple {17729#false} assume -2147483648 <= mail_#t~ret65#1 && mail_#t~ret65#1 <= 2147483647;mail_~tmp~11#1 := mail_#t~ret65#1;havoc mail_#t~ret65#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~11#1, mail_~msg#1;havoc incoming_#t~ret70#1, incoming_#t~ret71#1, incoming_#t~ret72#1, incoming_#t~ret73#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~14#1, incoming_~tmp___0~5#1, incoming_~tmp___1~2#1, incoming_~tmp___2~1#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~14#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~2#1;havoc incoming_~tmp___2~1#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 := puts(35, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset := 36, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1; {17729#false} is VALID [2022-02-20 18:00:53,964 INFO L290 TraceCheckUtils]: 103: Hoare triple {17729#false} assume 1 == ~sent_encrypted~0; {17729#false} is VALID [2022-02-20 18:00:53,964 INFO L272 TraceCheckUtils]: 104: Hoare triple {17729#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {17728#true} is VALID [2022-02-20 18:00:53,964 INFO L290 TraceCheckUtils]: 105: Hoare triple {17728#true} ~handle := #in~handle;havoc ~retValue_acc~19; {17728#true} is VALID [2022-02-20 18:00:53,964 INFO L290 TraceCheckUtils]: 106: Hoare triple {17728#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {17728#true} is VALID [2022-02-20 18:00:53,965 INFO L290 TraceCheckUtils]: 107: Hoare triple {17728#true} assume true; {17728#true} is VALID [2022-02-20 18:00:53,965 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {17728#true} {17729#false} #799#return; {17729#false} is VALID [2022-02-20 18:00:53,965 INFO L290 TraceCheckUtils]: 109: Hoare triple {17729#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~17#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1; {17729#false} is VALID [2022-02-20 18:00:53,965 INFO L272 TraceCheckUtils]: 110: Hoare triple {17729#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {17728#true} is VALID [2022-02-20 18:00:53,965 INFO L290 TraceCheckUtils]: 111: Hoare triple {17728#true} ~handle := #in~handle;havoc ~retValue_acc~34; {17728#true} is VALID [2022-02-20 18:00:53,965 INFO L290 TraceCheckUtils]: 112: Hoare triple {17728#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~34; {17728#true} is VALID [2022-02-20 18:00:53,965 INFO L290 TraceCheckUtils]: 113: Hoare triple {17728#true} assume true; {17728#true} is VALID [2022-02-20 18:00:53,965 INFO L284 TraceCheckUtils]: 114: Hoare quadruple {17728#true} {17729#false} #801#return; {17729#false} is VALID [2022-02-20 18:00:53,965 INFO L290 TraceCheckUtils]: 115: Hoare triple {17729#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1; {17729#false} is VALID [2022-02-20 18:00:53,965 INFO L272 TraceCheckUtils]: 116: Hoare triple {17729#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1); {17728#true} is VALID [2022-02-20 18:00:53,966 INFO L290 TraceCheckUtils]: 117: Hoare triple {17728#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~42;havoc ~__cil_tmp4~4.base, ~__cil_tmp4~4.offset;~__cil_tmp4~4.base, ~__cil_tmp4~4.offset := 32, 0;havoc #t~nondet76; {17728#true} is VALID [2022-02-20 18:00:53,966 INFO L290 TraceCheckUtils]: 118: Hoare triple {17728#true} assume 0 == ~publicKey;~retValue_acc~42 := 0;#res := ~retValue_acc~42; {17728#true} is VALID [2022-02-20 18:00:53,966 INFO L290 TraceCheckUtils]: 119: Hoare triple {17728#true} assume true; {17728#true} is VALID [2022-02-20 18:00:53,966 INFO L284 TraceCheckUtils]: 120: Hoare quadruple {17728#true} {17729#false} #803#return; {17729#false} is VALID [2022-02-20 18:00:53,966 INFO L290 TraceCheckUtils]: 121: Hoare triple {17729#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1; {17729#false} is VALID [2022-02-20 18:00:53,966 INFO L290 TraceCheckUtils]: 122: Hoare triple {17729#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1);assume { :begin_inline___automaton_fail } true; {17729#false} is VALID [2022-02-20 18:00:53,966 INFO L290 TraceCheckUtils]: 123: Hoare triple {17729#false} assume !false; {17729#false} is VALID [2022-02-20 18:00:53,967 INFO L134 CoverageAnalysis]: Checked inductivity of 36 backedges. 14 proven. 0 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 18:00:53,967 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:00:53,967 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1580565232] [2022-02-20 18:00:53,967 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1580565232] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:00:53,967 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:00:53,967 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [11] imperfect sequences [] total 11 [2022-02-20 18:00:53,967 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1374747604] [2022-02-20 18:00:53,967 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:00:53,968 INFO L78 Accepts]: Start accepts. Automaton has has 11 states, 10 states have (on average 8.3) internal successors, (83), 8 states have internal predecessors, (83), 4 states have call successors, (16), 5 states have call predecessors, (16), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) Word has length 124 [2022-02-20 18:00:53,968 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:00:53,968 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 11 states, 10 states have (on average 8.3) internal successors, (83), 8 states have internal predecessors, (83), 4 states have call successors, (16), 5 states have call predecessors, (16), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) [2022-02-20 18:00:54,056 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 113 edges. 113 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:54,057 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 11 states [2022-02-20 18:00:54,057 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:00:54,058 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 11 interpolants. [2022-02-20 18:00:54,058 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=19, Invalid=91, Unknown=0, NotChecked=0, Total=110 [2022-02-20 18:00:54,058 INFO L87 Difference]: Start difference. First operand 319 states and 488 transitions. Second operand has 11 states, 10 states have (on average 8.3) internal successors, (83), 8 states have internal predecessors, (83), 4 states have call successors, (16), 5 states have call predecessors, (16), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) [2022-02-20 18:00:59,612 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:59,612 INFO L93 Difference]: Finished difference Result 667 states and 1030 transitions. [2022-02-20 18:00:59,612 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 12 states. [2022-02-20 18:00:59,613 INFO L78 Accepts]: Start accepts. Automaton has has 11 states, 10 states have (on average 8.3) internal successors, (83), 8 states have internal predecessors, (83), 4 states have call successors, (16), 5 states have call predecessors, (16), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) Word has length 124 [2022-02-20 18:00:59,613 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:00:59,613 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 11 states, 10 states have (on average 8.3) internal successors, (83), 8 states have internal predecessors, (83), 4 states have call successors, (16), 5 states have call predecessors, (16), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) [2022-02-20 18:00:59,618 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 12 states to 12 states and 859 transitions. [2022-02-20 18:00:59,618 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 11 states, 10 states have (on average 8.3) internal successors, (83), 8 states have internal predecessors, (83), 4 states have call successors, (16), 5 states have call predecessors, (16), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) [2022-02-20 18:00:59,623 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 12 states to 12 states and 859 transitions. [2022-02-20 18:00:59,623 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 12 states and 859 transitions. [2022-02-20 18:01:00,090 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 859 edges. 859 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:00,098 INFO L225 Difference]: With dead ends: 667 [2022-02-20 18:01:00,098 INFO L226 Difference]: Without dead ends: 375 [2022-02-20 18:01:00,099 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 50 GetRequests, 31 SyntacticMatches, 0 SemanticMatches, 19 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 46 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=84, Invalid=336, Unknown=0, NotChecked=0, Total=420 [2022-02-20 18:01:00,100 INFO L933 BasicCegarLoop]: 413 mSDtfsCounter, 792 mSDsluCounter, 952 mSDsCounter, 0 mSdLazyCounter, 2282 mSolverCounterSat, 266 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.5s Time, 0 mProtectedPredicate, 0 mProtectedAction, 792 SdHoareTripleChecker+Valid, 1365 SdHoareTripleChecker+Invalid, 2548 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 266 IncrementalHoareTripleChecker+Valid, 2282 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.5s IncrementalHoareTripleChecker+Time [2022-02-20 18:01:00,101 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [792 Valid, 1365 Invalid, 2548 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [266 Valid, 2282 Invalid, 0 Unknown, 0 Unchecked, 2.5s Time] [2022-02-20 18:01:00,101 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 375 states. [2022-02-20 18:01:00,166 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 375 to 321. [2022-02-20 18:01:00,166 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:01:00,168 INFO L82 GeneralOperation]: Start isEquivalent. First operand 375 states. Second operand has 321 states, 245 states have (on average 1.530612244897959) internal successors, (375), 252 states have internal predecessors, (375), 54 states have call successors, (54), 17 states have call predecessors, (54), 21 states have return successors, (65), 53 states have call predecessors, (65), 53 states have call successors, (65) [2022-02-20 18:01:00,169 INFO L74 IsIncluded]: Start isIncluded. First operand 375 states. Second operand has 321 states, 245 states have (on average 1.530612244897959) internal successors, (375), 252 states have internal predecessors, (375), 54 states have call successors, (54), 17 states have call predecessors, (54), 21 states have return successors, (65), 53 states have call predecessors, (65), 53 states have call successors, (65) [2022-02-20 18:01:00,169 INFO L87 Difference]: Start difference. First operand 375 states. Second operand has 321 states, 245 states have (on average 1.530612244897959) internal successors, (375), 252 states have internal predecessors, (375), 54 states have call successors, (54), 17 states have call predecessors, (54), 21 states have return successors, (65), 53 states have call predecessors, (65), 53 states have call successors, (65) [2022-02-20 18:01:00,177 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:00,177 INFO L93 Difference]: Finished difference Result 375 states and 578 transitions. [2022-02-20 18:01:00,177 INFO L276 IsEmpty]: Start isEmpty. Operand 375 states and 578 transitions. [2022-02-20 18:01:00,178 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:00,178 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:00,179 INFO L74 IsIncluded]: Start isIncluded. First operand has 321 states, 245 states have (on average 1.530612244897959) internal successors, (375), 252 states have internal predecessors, (375), 54 states have call successors, (54), 17 states have call predecessors, (54), 21 states have return successors, (65), 53 states have call predecessors, (65), 53 states have call successors, (65) Second operand 375 states. [2022-02-20 18:01:00,179 INFO L87 Difference]: Start difference. First operand has 321 states, 245 states have (on average 1.530612244897959) internal successors, (375), 252 states have internal predecessors, (375), 54 states have call successors, (54), 17 states have call predecessors, (54), 21 states have return successors, (65), 53 states have call predecessors, (65), 53 states have call successors, (65) Second operand 375 states. [2022-02-20 18:01:00,188 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:00,188 INFO L93 Difference]: Finished difference Result 375 states and 578 transitions. [2022-02-20 18:01:00,188 INFO L276 IsEmpty]: Start isEmpty. Operand 375 states and 578 transitions. [2022-02-20 18:01:00,189 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:00,189 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:00,190 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:01:00,190 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:01:00,190 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 321 states, 245 states have (on average 1.530612244897959) internal successors, (375), 252 states have internal predecessors, (375), 54 states have call successors, (54), 17 states have call predecessors, (54), 21 states have return successors, (65), 53 states have call predecessors, (65), 53 states have call successors, (65) [2022-02-20 18:01:00,198 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 321 states to 321 states and 494 transitions. [2022-02-20 18:01:00,199 INFO L78 Accepts]: Start accepts. Automaton has 321 states and 494 transitions. Word has length 124 [2022-02-20 18:01:00,199 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:01:00,199 INFO L470 AbstractCegarLoop]: Abstraction has 321 states and 494 transitions. [2022-02-20 18:01:00,199 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 11 states, 10 states have (on average 8.3) internal successors, (83), 8 states have internal predecessors, (83), 4 states have call successors, (16), 5 states have call predecessors, (16), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) [2022-02-20 18:01:00,200 INFO L276 IsEmpty]: Start isEmpty. Operand 321 states and 494 transitions. [2022-02-20 18:01:00,201 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 126 [2022-02-20 18:01:00,201 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:01:00,201 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:01:00,201 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-02-20 18:01:00,201 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:01:00,201 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:01:00,202 INFO L85 PathProgramCache]: Analyzing trace with hash -1355788075, now seen corresponding path program 1 times [2022-02-20 18:01:00,202 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:01:00,202 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1282767001] [2022-02-20 18:01:00,202 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:00,202 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:01:00,240 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:00,266 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:01:00,267 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:00,269 INFO L290 TraceCheckUtils]: 0: Hoare triple {20037#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19971#true} is VALID [2022-02-20 18:01:00,269 INFO L290 TraceCheckUtils]: 1: Hoare triple {19971#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19971#true} is VALID [2022-02-20 18:01:00,269 INFO L290 TraceCheckUtils]: 2: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:00,269 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19971#true} {19971#true} #829#return; {19971#true} is VALID [2022-02-20 18:01:00,274 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:01:00,275 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:00,277 INFO L290 TraceCheckUtils]: 0: Hoare triple {20038#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19971#true} is VALID [2022-02-20 18:01:00,277 INFO L290 TraceCheckUtils]: 1: Hoare triple {19971#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {19971#true} is VALID [2022-02-20 18:01:00,277 INFO L290 TraceCheckUtils]: 2: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:00,277 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19971#true} {19971#true} #831#return; {19971#true} is VALID [2022-02-20 18:01:00,277 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:01:00,279 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:00,280 INFO L290 TraceCheckUtils]: 0: Hoare triple {20037#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19971#true} is VALID [2022-02-20 18:01:00,280 INFO L290 TraceCheckUtils]: 1: Hoare triple {19971#true} assume !(1 == ~handle); {19971#true} is VALID [2022-02-20 18:01:00,280 INFO L290 TraceCheckUtils]: 2: Hoare triple {19971#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {19971#true} is VALID [2022-02-20 18:01:00,280 INFO L290 TraceCheckUtils]: 3: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:00,280 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {19971#true} {19971#true} #833#return; {19971#true} is VALID [2022-02-20 18:01:00,280 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:01:00,281 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:00,283 INFO L290 TraceCheckUtils]: 0: Hoare triple {20038#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19971#true} is VALID [2022-02-20 18:01:00,283 INFO L290 TraceCheckUtils]: 1: Hoare triple {19971#true} assume !(1 == ~handle); {19971#true} is VALID [2022-02-20 18:01:00,283 INFO L290 TraceCheckUtils]: 2: Hoare triple {19971#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {19971#true} is VALID [2022-02-20 18:01:00,283 INFO L290 TraceCheckUtils]: 3: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:00,283 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {19971#true} {19971#true} #835#return; {19971#true} is VALID [2022-02-20 18:01:00,283 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:01:00,284 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:00,287 INFO L290 TraceCheckUtils]: 0: Hoare triple {20037#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19971#true} is VALID [2022-02-20 18:01:00,287 INFO L290 TraceCheckUtils]: 1: Hoare triple {19971#true} assume !(1 == ~handle); {19971#true} is VALID [2022-02-20 18:01:00,287 INFO L290 TraceCheckUtils]: 2: Hoare triple {19971#true} assume !(2 == ~handle); {19971#true} is VALID [2022-02-20 18:01:00,287 INFO L290 TraceCheckUtils]: 3: Hoare triple {19971#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {19971#true} is VALID [2022-02-20 18:01:00,287 INFO L290 TraceCheckUtils]: 4: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:00,287 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {19971#true} {19971#true} #837#return; {19971#true} is VALID [2022-02-20 18:01:00,288 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:01:00,289 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:00,290 INFO L290 TraceCheckUtils]: 0: Hoare triple {20038#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19971#true} is VALID [2022-02-20 18:01:00,290 INFO L290 TraceCheckUtils]: 1: Hoare triple {19971#true} assume !(1 == ~handle); {19971#true} is VALID [2022-02-20 18:01:00,290 INFO L290 TraceCheckUtils]: 2: Hoare triple {19971#true} assume !(2 == ~handle); {19971#true} is VALID [2022-02-20 18:01:00,290 INFO L290 TraceCheckUtils]: 3: Hoare triple {19971#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {19971#true} is VALID [2022-02-20 18:01:00,290 INFO L290 TraceCheckUtils]: 4: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:00,291 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {19971#true} {19971#true} #839#return; {19971#true} is VALID [2022-02-20 18:01:00,295 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 18:01:00,295 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:00,297 INFO L290 TraceCheckUtils]: 0: Hoare triple {20039#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19971#true} is VALID [2022-02-20 18:01:00,297 INFO L290 TraceCheckUtils]: 1: Hoare triple {19971#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19971#true} is VALID [2022-02-20 18:01:00,297 INFO L290 TraceCheckUtils]: 2: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:00,297 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19971#true} {19972#false} #825#return; {19972#false} is VALID [2022-02-20 18:01:00,297 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 18:01:00,298 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:00,299 INFO L290 TraceCheckUtils]: 0: Hoare triple {19971#true} ~handle := #in~handle;havoc ~retValue_acc~30; {19971#true} is VALID [2022-02-20 18:01:00,299 INFO L290 TraceCheckUtils]: 1: Hoare triple {19971#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {19971#true} is VALID [2022-02-20 18:01:00,299 INFO L290 TraceCheckUtils]: 2: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:00,299 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19971#true} {19972#false} #787#return; {19972#false} is VALID [2022-02-20 18:01:00,299 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 18:01:00,300 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:00,302 INFO L290 TraceCheckUtils]: 0: Hoare triple {20039#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19971#true} is VALID [2022-02-20 18:01:00,302 INFO L290 TraceCheckUtils]: 1: Hoare triple {19971#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19971#true} is VALID [2022-02-20 18:01:00,302 INFO L290 TraceCheckUtils]: 2: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:00,302 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19971#true} {19972#false} #793#return; {19972#false} is VALID [2022-02-20 18:01:00,302 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91 [2022-02-20 18:01:00,303 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:00,304 INFO L290 TraceCheckUtils]: 0: Hoare triple {19971#true} ~handle := #in~handle;havoc ~retValue_acc~33; {19971#true} is VALID [2022-02-20 18:01:00,304 INFO L290 TraceCheckUtils]: 1: Hoare triple {19971#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~33; {19971#true} is VALID [2022-02-20 18:01:00,304 INFO L290 TraceCheckUtils]: 2: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:00,304 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19971#true} {19972#false} #795#return; {19972#false} is VALID [2022-02-20 18:01:00,304 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 18:01:00,305 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:00,306 INFO L290 TraceCheckUtils]: 0: Hoare triple {19971#true} ~handle := #in~handle;havoc ~retValue_acc~30; {19971#true} is VALID [2022-02-20 18:01:00,306 INFO L290 TraceCheckUtils]: 1: Hoare triple {19971#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {19971#true} is VALID [2022-02-20 18:01:00,307 INFO L290 TraceCheckUtils]: 2: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:00,307 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19971#true} {19972#false} #797#return; {19972#false} is VALID [2022-02-20 18:01:00,307 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 105 [2022-02-20 18:01:00,307 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:00,308 INFO L290 TraceCheckUtils]: 0: Hoare triple {19971#true} ~handle := #in~handle;havoc ~retValue_acc~19; {19971#true} is VALID [2022-02-20 18:01:00,308 INFO L290 TraceCheckUtils]: 1: Hoare triple {19971#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {19971#true} is VALID [2022-02-20 18:01:00,308 INFO L290 TraceCheckUtils]: 2: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:00,309 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19971#true} {19972#false} #799#return; {19972#false} is VALID [2022-02-20 18:01:00,309 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 111 [2022-02-20 18:01:00,309 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:00,310 INFO L290 TraceCheckUtils]: 0: Hoare triple {19971#true} ~handle := #in~handle;havoc ~retValue_acc~34; {19971#true} is VALID [2022-02-20 18:01:00,310 INFO L290 TraceCheckUtils]: 1: Hoare triple {19971#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~34; {19971#true} is VALID [2022-02-20 18:01:00,310 INFO L290 TraceCheckUtils]: 2: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:00,311 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19971#true} {19972#false} #801#return; {19972#false} is VALID [2022-02-20 18:01:00,311 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 117 [2022-02-20 18:01:00,311 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:00,312 INFO L290 TraceCheckUtils]: 0: Hoare triple {19971#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~42;havoc ~__cil_tmp4~4.base, ~__cil_tmp4~4.offset;~__cil_tmp4~4.base, ~__cil_tmp4~4.offset := 32, 0;havoc #t~nondet76; {19971#true} is VALID [2022-02-20 18:01:00,312 INFO L290 TraceCheckUtils]: 1: Hoare triple {19971#true} assume 0 == ~publicKey;~retValue_acc~42 := 0;#res := ~retValue_acc~42; {19971#true} is VALID [2022-02-20 18:01:00,313 INFO L290 TraceCheckUtils]: 2: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:00,313 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19971#true} {19972#false} #803#return; {19972#false} is VALID [2022-02-20 18:01:00,313 INFO L290 TraceCheckUtils]: 0: Hoare triple {19971#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(21, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(44, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(11, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(100, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(20, 32);call #Ultimate.allocInit(13, 33);call #Ultimate.allocInit(19, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(19, 36);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(115, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_encrypted~0 := -1; {19971#true} is VALID [2022-02-20 18:01:00,313 INFO L290 TraceCheckUtils]: 1: Hoare triple {19971#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~9#1, main_~tmp~7#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {19971#true} is VALID [2022-02-20 18:01:00,313 INFO L290 TraceCheckUtils]: 2: Hoare triple {19971#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {19971#true} is VALID [2022-02-20 18:01:00,313 INFO L290 TraceCheckUtils]: 3: Hoare triple {19971#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {19971#true} is VALID [2022-02-20 18:01:00,313 INFO L290 TraceCheckUtils]: 4: Hoare triple {19971#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {19971#true} is VALID [2022-02-20 18:01:00,313 INFO L290 TraceCheckUtils]: 5: Hoare triple {19971#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {19971#true} is VALID [2022-02-20 18:01:00,314 INFO L272 TraceCheckUtils]: 6: Hoare triple {19971#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {20037#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:00,314 INFO L290 TraceCheckUtils]: 7: Hoare triple {20037#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19971#true} is VALID [2022-02-20 18:01:00,314 INFO L290 TraceCheckUtils]: 8: Hoare triple {19971#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19971#true} is VALID [2022-02-20 18:01:00,314 INFO L290 TraceCheckUtils]: 9: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:00,314 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {19971#true} {19971#true} #829#return; {19971#true} is VALID [2022-02-20 18:01:00,314 INFO L290 TraceCheckUtils]: 11: Hoare triple {19971#true} assume { :end_inline_setup_bob__wrappee__Base } true; {19971#true} is VALID [2022-02-20 18:01:00,327 INFO L272 TraceCheckUtils]: 12: Hoare triple {19971#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {20038#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:00,327 INFO L290 TraceCheckUtils]: 13: Hoare triple {20038#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19971#true} is VALID [2022-02-20 18:01:00,327 INFO L290 TraceCheckUtils]: 14: Hoare triple {19971#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {19971#true} is VALID [2022-02-20 18:01:00,327 INFO L290 TraceCheckUtils]: 15: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:00,327 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {19971#true} {19971#true} #831#return; {19971#true} is VALID [2022-02-20 18:01:00,327 INFO L290 TraceCheckUtils]: 17: Hoare triple {19971#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 24, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {19971#true} is VALID [2022-02-20 18:01:00,328 INFO L272 TraceCheckUtils]: 18: Hoare triple {19971#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {20037#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:00,328 INFO L290 TraceCheckUtils]: 19: Hoare triple {20037#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19971#true} is VALID [2022-02-20 18:01:00,328 INFO L290 TraceCheckUtils]: 20: Hoare triple {19971#true} assume !(1 == ~handle); {19971#true} is VALID [2022-02-20 18:01:00,328 INFO L290 TraceCheckUtils]: 21: Hoare triple {19971#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {19971#true} is VALID [2022-02-20 18:01:00,328 INFO L290 TraceCheckUtils]: 22: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:00,328 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {19971#true} {19971#true} #833#return; {19971#true} is VALID [2022-02-20 18:01:00,328 INFO L290 TraceCheckUtils]: 24: Hoare triple {19971#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {19971#true} is VALID [2022-02-20 18:01:00,329 INFO L272 TraceCheckUtils]: 25: Hoare triple {19971#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {20038#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:00,329 INFO L290 TraceCheckUtils]: 26: Hoare triple {20038#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19971#true} is VALID [2022-02-20 18:01:00,329 INFO L290 TraceCheckUtils]: 27: Hoare triple {19971#true} assume !(1 == ~handle); {19971#true} is VALID [2022-02-20 18:01:00,329 INFO L290 TraceCheckUtils]: 28: Hoare triple {19971#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {19971#true} is VALID [2022-02-20 18:01:00,329 INFO L290 TraceCheckUtils]: 29: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:00,329 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {19971#true} {19971#true} #835#return; {19971#true} is VALID [2022-02-20 18:01:00,330 INFO L290 TraceCheckUtils]: 31: Hoare triple {19971#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 25, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {19971#true} is VALID [2022-02-20 18:01:00,330 INFO L272 TraceCheckUtils]: 32: Hoare triple {19971#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {20037#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:00,330 INFO L290 TraceCheckUtils]: 33: Hoare triple {20037#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19971#true} is VALID [2022-02-20 18:01:00,330 INFO L290 TraceCheckUtils]: 34: Hoare triple {19971#true} assume !(1 == ~handle); {19971#true} is VALID [2022-02-20 18:01:00,330 INFO L290 TraceCheckUtils]: 35: Hoare triple {19971#true} assume !(2 == ~handle); {19971#true} is VALID [2022-02-20 18:01:00,330 INFO L290 TraceCheckUtils]: 36: Hoare triple {19971#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {19971#true} is VALID [2022-02-20 18:01:00,331 INFO L290 TraceCheckUtils]: 37: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:00,331 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {19971#true} {19971#true} #837#return; {19971#true} is VALID [2022-02-20 18:01:00,331 INFO L290 TraceCheckUtils]: 39: Hoare triple {19971#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {19971#true} is VALID [2022-02-20 18:01:00,331 INFO L272 TraceCheckUtils]: 40: Hoare triple {19971#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {20038#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:00,331 INFO L290 TraceCheckUtils]: 41: Hoare triple {20038#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19971#true} is VALID [2022-02-20 18:01:00,332 INFO L290 TraceCheckUtils]: 42: Hoare triple {19971#true} assume !(1 == ~handle); {19971#true} is VALID [2022-02-20 18:01:00,332 INFO L290 TraceCheckUtils]: 43: Hoare triple {19971#true} assume !(2 == ~handle); {19971#true} is VALID [2022-02-20 18:01:00,332 INFO L290 TraceCheckUtils]: 44: Hoare triple {19971#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {19971#true} is VALID [2022-02-20 18:01:00,332 INFO L290 TraceCheckUtils]: 45: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:00,332 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {19971#true} {19971#true} #839#return; {19971#true} is VALID [2022-02-20 18:01:00,332 INFO L290 TraceCheckUtils]: 47: Hoare triple {19971#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 26, 0;havoc setup_#t~nondet49#1; {19971#true} is VALID [2022-02-20 18:01:00,332 INFO L290 TraceCheckUtils]: 48: Hoare triple {19971#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {20003#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:01:00,333 INFO L290 TraceCheckUtils]: 49: Hoare triple {20003#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {20003#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:01:00,333 INFO L290 TraceCheckUtils]: 50: Hoare triple {20003#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {20003#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:01:00,333 INFO L290 TraceCheckUtils]: 51: Hoare triple {20003#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {20004#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:01:00,333 INFO L290 TraceCheckUtils]: 52: Hoare triple {20004#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet86#1 && test_#t~nondet86#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet86#1;havoc test_#t~nondet86#1; {20004#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:01:00,334 INFO L290 TraceCheckUtils]: 53: Hoare triple {20004#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(0 != test_~tmp___9~0#1); {20004#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:01:00,334 INFO L290 TraceCheckUtils]: 54: Hoare triple {20004#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet87#1 && test_#t~nondet87#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet87#1;havoc test_#t~nondet87#1; {20004#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:01:00,334 INFO L290 TraceCheckUtils]: 55: Hoare triple {20004#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {20004#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:01:00,334 INFO L290 TraceCheckUtils]: 56: Hoare triple {20004#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !false; {20004#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:01:00,335 INFO L290 TraceCheckUtils]: 57: Hoare triple {20004#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(test_~splverifierCounter~0#1 < 4); {19972#false} is VALID [2022-02-20 18:01:00,335 INFO L290 TraceCheckUtils]: 58: Hoare triple {19972#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret42#1 := puts(22, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {19972#false} is VALID [2022-02-20 18:01:00,335 INFO L272 TraceCheckUtils]: 59: Hoare triple {19972#false} call sendEmail(~bob~0, ~rjh~0); {19972#false} is VALID [2022-02-20 18:01:00,335 INFO L290 TraceCheckUtils]: 60: Hoare triple {19972#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~5#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~5#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {19972#false} is VALID [2022-02-20 18:01:00,335 INFO L272 TraceCheckUtils]: 61: Hoare triple {19972#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {20039#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:00,335 INFO L290 TraceCheckUtils]: 62: Hoare triple {20039#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19971#true} is VALID [2022-02-20 18:01:00,335 INFO L290 TraceCheckUtils]: 63: Hoare triple {19971#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19971#true} is VALID [2022-02-20 18:01:00,336 INFO L290 TraceCheckUtils]: 64: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:00,336 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {19971#true} {19972#false} #825#return; {19972#false} is VALID [2022-02-20 18:01:00,336 INFO L290 TraceCheckUtils]: 66: Hoare triple {19972#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {19972#false} is VALID [2022-02-20 18:01:00,336 INFO L290 TraceCheckUtils]: 67: Hoare triple {19972#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {19972#false} is VALID [2022-02-20 18:01:00,336 INFO L290 TraceCheckUtils]: 68: Hoare triple {19972#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~5#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~5#1; {19972#false} is VALID [2022-02-20 18:01:00,336 INFO L290 TraceCheckUtils]: 69: Hoare triple {19972#false} #t~ret75#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret75#1 && #t~ret75#1 <= 2147483647;~tmp~16#1 := #t~ret75#1;havoc #t~ret75#1;~email~0#1 := ~tmp~16#1; {19972#false} is VALID [2022-02-20 18:01:00,336 INFO L272 TraceCheckUtils]: 70: Hoare triple {19972#false} call outgoing(~sender#1, ~email~0#1); {19972#false} is VALID [2022-02-20 18:01:00,336 INFO L290 TraceCheckUtils]: 71: Hoare triple {19972#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~13#1;havoc ~pubkey~0#1;havoc ~tmp___0~4#1; {19972#false} is VALID [2022-02-20 18:01:00,336 INFO L272 TraceCheckUtils]: 72: Hoare triple {19972#false} call #t~ret67#1 := getEmailTo(~msg#1); {19971#true} is VALID [2022-02-20 18:01:00,336 INFO L290 TraceCheckUtils]: 73: Hoare triple {19971#true} ~handle := #in~handle;havoc ~retValue_acc~30; {19971#true} is VALID [2022-02-20 18:01:00,337 INFO L290 TraceCheckUtils]: 74: Hoare triple {19971#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {19971#true} is VALID [2022-02-20 18:01:00,337 INFO L290 TraceCheckUtils]: 75: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:00,337 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {19971#true} {19972#false} #787#return; {19972#false} is VALID [2022-02-20 18:01:00,337 INFO L290 TraceCheckUtils]: 77: Hoare triple {19972#false} assume -2147483648 <= #t~ret67#1 && #t~ret67#1 <= 2147483647;~tmp~13#1 := #t~ret67#1;havoc #t~ret67#1;~receiver~0#1 := ~tmp~13#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~24#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~24#1; {19972#false} is VALID [2022-02-20 18:01:00,337 INFO L290 TraceCheckUtils]: 78: Hoare triple {19972#false} assume 1 == findPublicKey_~handle#1; {19972#false} is VALID [2022-02-20 18:01:00,337 INFO L290 TraceCheckUtils]: 79: Hoare triple {19972#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~24#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~24#1; {19972#false} is VALID [2022-02-20 18:01:00,337 INFO L290 TraceCheckUtils]: 80: Hoare triple {19972#false} #t~ret68#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret68#1 && #t~ret68#1 <= 2147483647;~tmp___0~4#1 := #t~ret68#1;havoc #t~ret68#1;~pubkey~0#1 := ~tmp___0~4#1; {19972#false} is VALID [2022-02-20 18:01:00,337 INFO L290 TraceCheckUtils]: 81: Hoare triple {19972#false} assume !(0 != ~pubkey~0#1); {19972#false} is VALID [2022-02-20 18:01:00,337 INFO L290 TraceCheckUtils]: 82: Hoare triple {19972#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret66#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~12#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {19972#false} is VALID [2022-02-20 18:01:00,338 INFO L290 TraceCheckUtils]: 83: Hoare triple {19972#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {19972#false} is VALID [2022-02-20 18:01:00,338 INFO L290 TraceCheckUtils]: 84: Hoare triple {19972#false} outgoing__wrappee__Keys_#t~ret66#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret66#1 && outgoing__wrappee__Keys_#t~ret66#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~12#1 := outgoing__wrappee__Keys_#t~ret66#1;havoc outgoing__wrappee__Keys_#t~ret66#1; {19972#false} is VALID [2022-02-20 18:01:00,338 INFO L272 TraceCheckUtils]: 85: Hoare triple {19972#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1); {20039#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:00,338 INFO L290 TraceCheckUtils]: 86: Hoare triple {20039#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19971#true} is VALID [2022-02-20 18:01:00,338 INFO L290 TraceCheckUtils]: 87: Hoare triple {19971#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19971#true} is VALID [2022-02-20 18:01:00,338 INFO L290 TraceCheckUtils]: 88: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:00,338 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {19971#true} {19972#false} #793#return; {19972#false} is VALID [2022-02-20 18:01:00,338 INFO L290 TraceCheckUtils]: 90: Hoare triple {19972#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret64#1, mail_#t~ret65#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~11#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~11#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 := puts(33, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1; {19972#false} is VALID [2022-02-20 18:01:00,338 INFO L272 TraceCheckUtils]: 91: Hoare triple {19972#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {19971#true} is VALID [2022-02-20 18:01:00,338 INFO L290 TraceCheckUtils]: 92: Hoare triple {19971#true} ~handle := #in~handle;havoc ~retValue_acc~33; {19971#true} is VALID [2022-02-20 18:01:00,339 INFO L290 TraceCheckUtils]: 93: Hoare triple {19971#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~33; {19971#true} is VALID [2022-02-20 18:01:00,339 INFO L290 TraceCheckUtils]: 94: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:00,339 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {19971#true} {19972#false} #795#return; {19972#false} is VALID [2022-02-20 18:01:00,339 INFO L290 TraceCheckUtils]: 96: Hoare triple {19972#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset := 34, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1; {19972#false} is VALID [2022-02-20 18:01:00,339 INFO L290 TraceCheckUtils]: 97: Hoare triple {19972#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret64#1 := puts(30, 0);assume -2147483648 <= mail_#t~ret64#1 && mail_#t~ret64#1 <= 2147483647;havoc mail_#t~ret64#1; {19972#false} is VALID [2022-02-20 18:01:00,339 INFO L272 TraceCheckUtils]: 98: Hoare triple {19972#false} call mail_#t~ret65#1 := getEmailTo(mail_~msg#1); {19971#true} is VALID [2022-02-20 18:01:00,339 INFO L290 TraceCheckUtils]: 99: Hoare triple {19971#true} ~handle := #in~handle;havoc ~retValue_acc~30; {19971#true} is VALID [2022-02-20 18:01:00,339 INFO L290 TraceCheckUtils]: 100: Hoare triple {19971#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {19971#true} is VALID [2022-02-20 18:01:00,339 INFO L290 TraceCheckUtils]: 101: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:00,339 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {19971#true} {19972#false} #797#return; {19972#false} is VALID [2022-02-20 18:01:00,340 INFO L290 TraceCheckUtils]: 103: Hoare triple {19972#false} assume -2147483648 <= mail_#t~ret65#1 && mail_#t~ret65#1 <= 2147483647;mail_~tmp~11#1 := mail_#t~ret65#1;havoc mail_#t~ret65#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~11#1, mail_~msg#1;havoc incoming_#t~ret70#1, incoming_#t~ret71#1, incoming_#t~ret72#1, incoming_#t~ret73#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~14#1, incoming_~tmp___0~5#1, incoming_~tmp___1~2#1, incoming_~tmp___2~1#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~14#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~2#1;havoc incoming_~tmp___2~1#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 := puts(35, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset := 36, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1; {19972#false} is VALID [2022-02-20 18:01:00,340 INFO L290 TraceCheckUtils]: 104: Hoare triple {19972#false} assume 1 == ~sent_encrypted~0; {19972#false} is VALID [2022-02-20 18:01:00,340 INFO L272 TraceCheckUtils]: 105: Hoare triple {19972#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {19971#true} is VALID [2022-02-20 18:01:00,340 INFO L290 TraceCheckUtils]: 106: Hoare triple {19971#true} ~handle := #in~handle;havoc ~retValue_acc~19; {19971#true} is VALID [2022-02-20 18:01:00,340 INFO L290 TraceCheckUtils]: 107: Hoare triple {19971#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {19971#true} is VALID [2022-02-20 18:01:00,340 INFO L290 TraceCheckUtils]: 108: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:00,340 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {19971#true} {19972#false} #799#return; {19972#false} is VALID [2022-02-20 18:01:00,340 INFO L290 TraceCheckUtils]: 110: Hoare triple {19972#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~17#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1; {19972#false} is VALID [2022-02-20 18:01:00,340 INFO L272 TraceCheckUtils]: 111: Hoare triple {19972#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {19971#true} is VALID [2022-02-20 18:01:00,341 INFO L290 TraceCheckUtils]: 112: Hoare triple {19971#true} ~handle := #in~handle;havoc ~retValue_acc~34; {19971#true} is VALID [2022-02-20 18:01:00,341 INFO L290 TraceCheckUtils]: 113: Hoare triple {19971#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~34; {19971#true} is VALID [2022-02-20 18:01:00,341 INFO L290 TraceCheckUtils]: 114: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:00,341 INFO L284 TraceCheckUtils]: 115: Hoare quadruple {19971#true} {19972#false} #801#return; {19972#false} is VALID [2022-02-20 18:01:00,341 INFO L290 TraceCheckUtils]: 116: Hoare triple {19972#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1; {19972#false} is VALID [2022-02-20 18:01:00,341 INFO L272 TraceCheckUtils]: 117: Hoare triple {19972#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1); {19971#true} is VALID [2022-02-20 18:01:00,341 INFO L290 TraceCheckUtils]: 118: Hoare triple {19971#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~42;havoc ~__cil_tmp4~4.base, ~__cil_tmp4~4.offset;~__cil_tmp4~4.base, ~__cil_tmp4~4.offset := 32, 0;havoc #t~nondet76; {19971#true} is VALID [2022-02-20 18:01:00,341 INFO L290 TraceCheckUtils]: 119: Hoare triple {19971#true} assume 0 == ~publicKey;~retValue_acc~42 := 0;#res := ~retValue_acc~42; {19971#true} is VALID [2022-02-20 18:01:00,341 INFO L290 TraceCheckUtils]: 120: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:00,341 INFO L284 TraceCheckUtils]: 121: Hoare quadruple {19971#true} {19972#false} #803#return; {19972#false} is VALID [2022-02-20 18:01:00,342 INFO L290 TraceCheckUtils]: 122: Hoare triple {19972#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1; {19972#false} is VALID [2022-02-20 18:01:00,342 INFO L290 TraceCheckUtils]: 123: Hoare triple {19972#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1);assume { :begin_inline___automaton_fail } true; {19972#false} is VALID [2022-02-20 18:01:00,342 INFO L290 TraceCheckUtils]: 124: Hoare triple {19972#false} assume !false; {19972#false} is VALID [2022-02-20 18:01:00,342 INFO L134 CoverageAnalysis]: Checked inductivity of 36 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 34 trivial. 0 not checked. [2022-02-20 18:01:00,342 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:01:00,342 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1282767001] [2022-02-20 18:01:00,342 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1282767001] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:01:00,342 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [120275520] [2022-02-20 18:01:00,343 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:00,343 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:01:00,343 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:01:00,381 INFO L229 MonitoredProcess]: Starting monitored process 7 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:01:00,382 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (7)] Waiting until timeout for monitored process [2022-02-20 18:01:00,579 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:00,582 INFO L263 TraceCheckSpWp]: Trace formula consists of 1053 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 18:01:00,606 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:00,609 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:01:00,841 INFO L290 TraceCheckUtils]: 0: Hoare triple {19971#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(21, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(44, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(11, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(100, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(20, 32);call #Ultimate.allocInit(13, 33);call #Ultimate.allocInit(19, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(19, 36);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(115, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_encrypted~0 := -1; {19971#true} is VALID [2022-02-20 18:01:00,842 INFO L290 TraceCheckUtils]: 1: Hoare triple {19971#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~9#1, main_~tmp~7#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {19971#true} is VALID [2022-02-20 18:01:00,842 INFO L290 TraceCheckUtils]: 2: Hoare triple {19971#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {19971#true} is VALID [2022-02-20 18:01:00,842 INFO L290 TraceCheckUtils]: 3: Hoare triple {19971#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {19971#true} is VALID [2022-02-20 18:01:00,842 INFO L290 TraceCheckUtils]: 4: Hoare triple {19971#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {19971#true} is VALID [2022-02-20 18:01:00,842 INFO L290 TraceCheckUtils]: 5: Hoare triple {19971#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {19971#true} is VALID [2022-02-20 18:01:00,842 INFO L272 TraceCheckUtils]: 6: Hoare triple {19971#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {19971#true} is VALID [2022-02-20 18:01:00,842 INFO L290 TraceCheckUtils]: 7: Hoare triple {19971#true} ~handle := #in~handle;~value := #in~value; {19971#true} is VALID [2022-02-20 18:01:00,842 INFO L290 TraceCheckUtils]: 8: Hoare triple {19971#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19971#true} is VALID [2022-02-20 18:01:00,842 INFO L290 TraceCheckUtils]: 9: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:00,843 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {19971#true} {19971#true} #829#return; {19971#true} is VALID [2022-02-20 18:01:00,843 INFO L290 TraceCheckUtils]: 11: Hoare triple {19971#true} assume { :end_inline_setup_bob__wrappee__Base } true; {19971#true} is VALID [2022-02-20 18:01:00,843 INFO L272 TraceCheckUtils]: 12: Hoare triple {19971#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {19971#true} is VALID [2022-02-20 18:01:00,843 INFO L290 TraceCheckUtils]: 13: Hoare triple {19971#true} ~handle := #in~handle;~value := #in~value; {19971#true} is VALID [2022-02-20 18:01:00,843 INFO L290 TraceCheckUtils]: 14: Hoare triple {19971#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {19971#true} is VALID [2022-02-20 18:01:00,843 INFO L290 TraceCheckUtils]: 15: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:00,843 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {19971#true} {19971#true} #831#return; {19971#true} is VALID [2022-02-20 18:01:00,843 INFO L290 TraceCheckUtils]: 17: Hoare triple {19971#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 24, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {19971#true} is VALID [2022-02-20 18:01:00,843 INFO L272 TraceCheckUtils]: 18: Hoare triple {19971#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {19971#true} is VALID [2022-02-20 18:01:00,844 INFO L290 TraceCheckUtils]: 19: Hoare triple {19971#true} ~handle := #in~handle;~value := #in~value; {19971#true} is VALID [2022-02-20 18:01:00,844 INFO L290 TraceCheckUtils]: 20: Hoare triple {19971#true} assume !(1 == ~handle); {19971#true} is VALID [2022-02-20 18:01:00,844 INFO L290 TraceCheckUtils]: 21: Hoare triple {19971#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {19971#true} is VALID [2022-02-20 18:01:00,844 INFO L290 TraceCheckUtils]: 22: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:00,844 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {19971#true} {19971#true} #833#return; {19971#true} is VALID [2022-02-20 18:01:00,844 INFO L290 TraceCheckUtils]: 24: Hoare triple {19971#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {19971#true} is VALID [2022-02-20 18:01:00,844 INFO L272 TraceCheckUtils]: 25: Hoare triple {19971#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {19971#true} is VALID [2022-02-20 18:01:00,844 INFO L290 TraceCheckUtils]: 26: Hoare triple {19971#true} ~handle := #in~handle;~value := #in~value; {19971#true} is VALID [2022-02-20 18:01:00,845 INFO L290 TraceCheckUtils]: 27: Hoare triple {19971#true} assume !(1 == ~handle); {19971#true} is VALID [2022-02-20 18:01:00,845 INFO L290 TraceCheckUtils]: 28: Hoare triple {19971#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {19971#true} is VALID [2022-02-20 18:01:00,845 INFO L290 TraceCheckUtils]: 29: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:00,845 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {19971#true} {19971#true} #835#return; {19971#true} is VALID [2022-02-20 18:01:00,845 INFO L290 TraceCheckUtils]: 31: Hoare triple {19971#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 25, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {19971#true} is VALID [2022-02-20 18:01:00,845 INFO L272 TraceCheckUtils]: 32: Hoare triple {19971#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {19971#true} is VALID [2022-02-20 18:01:00,845 INFO L290 TraceCheckUtils]: 33: Hoare triple {19971#true} ~handle := #in~handle;~value := #in~value; {19971#true} is VALID [2022-02-20 18:01:00,845 INFO L290 TraceCheckUtils]: 34: Hoare triple {19971#true} assume !(1 == ~handle); {19971#true} is VALID [2022-02-20 18:01:00,845 INFO L290 TraceCheckUtils]: 35: Hoare triple {19971#true} assume !(2 == ~handle); {19971#true} is VALID [2022-02-20 18:01:00,846 INFO L290 TraceCheckUtils]: 36: Hoare triple {19971#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {19971#true} is VALID [2022-02-20 18:01:00,846 INFO L290 TraceCheckUtils]: 37: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:00,846 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {19971#true} {19971#true} #837#return; {19971#true} is VALID [2022-02-20 18:01:00,846 INFO L290 TraceCheckUtils]: 39: Hoare triple {19971#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {19971#true} is VALID [2022-02-20 18:01:00,846 INFO L272 TraceCheckUtils]: 40: Hoare triple {19971#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {19971#true} is VALID [2022-02-20 18:01:00,846 INFO L290 TraceCheckUtils]: 41: Hoare triple {19971#true} ~handle := #in~handle;~value := #in~value; {19971#true} is VALID [2022-02-20 18:01:00,846 INFO L290 TraceCheckUtils]: 42: Hoare triple {19971#true} assume !(1 == ~handle); {19971#true} is VALID [2022-02-20 18:01:00,846 INFO L290 TraceCheckUtils]: 43: Hoare triple {19971#true} assume !(2 == ~handle); {19971#true} is VALID [2022-02-20 18:01:00,846 INFO L290 TraceCheckUtils]: 44: Hoare triple {19971#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {19971#true} is VALID [2022-02-20 18:01:00,846 INFO L290 TraceCheckUtils]: 45: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:00,847 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {19971#true} {19971#true} #839#return; {19971#true} is VALID [2022-02-20 18:01:00,847 INFO L290 TraceCheckUtils]: 47: Hoare triple {19971#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 26, 0;havoc setup_#t~nondet49#1; {19971#true} is VALID [2022-02-20 18:01:00,847 INFO L290 TraceCheckUtils]: 48: Hoare triple {19971#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {20187#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:01:00,848 INFO L290 TraceCheckUtils]: 49: Hoare triple {20187#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {20187#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:01:00,848 INFO L290 TraceCheckUtils]: 50: Hoare triple {20187#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {20187#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:01:00,848 INFO L290 TraceCheckUtils]: 51: Hoare triple {20187#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {20004#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:01:00,849 INFO L290 TraceCheckUtils]: 52: Hoare triple {20004#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet86#1 && test_#t~nondet86#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet86#1;havoc test_#t~nondet86#1; {20004#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:01:00,849 INFO L290 TraceCheckUtils]: 53: Hoare triple {20004#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(0 != test_~tmp___9~0#1); {20004#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:01:00,849 INFO L290 TraceCheckUtils]: 54: Hoare triple {20004#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet87#1 && test_#t~nondet87#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet87#1;havoc test_#t~nondet87#1; {20004#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:01:00,850 INFO L290 TraceCheckUtils]: 55: Hoare triple {20004#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {20004#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:01:00,850 INFO L290 TraceCheckUtils]: 56: Hoare triple {20004#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !false; {20004#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:01:00,850 INFO L290 TraceCheckUtils]: 57: Hoare triple {20004#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(test_~splverifierCounter~0#1 < 4); {19972#false} is VALID [2022-02-20 18:01:00,851 INFO L290 TraceCheckUtils]: 58: Hoare triple {19972#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret42#1 := puts(22, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {19972#false} is VALID [2022-02-20 18:01:00,851 INFO L272 TraceCheckUtils]: 59: Hoare triple {19972#false} call sendEmail(~bob~0, ~rjh~0); {19972#false} is VALID [2022-02-20 18:01:00,851 INFO L290 TraceCheckUtils]: 60: Hoare triple {19972#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~5#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~5#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {19972#false} is VALID [2022-02-20 18:01:00,852 INFO L272 TraceCheckUtils]: 61: Hoare triple {19972#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {19972#false} is VALID [2022-02-20 18:01:00,852 INFO L290 TraceCheckUtils]: 62: Hoare triple {19972#false} ~handle := #in~handle;~value := #in~value; {19972#false} is VALID [2022-02-20 18:01:00,852 INFO L290 TraceCheckUtils]: 63: Hoare triple {19972#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19972#false} is VALID [2022-02-20 18:01:00,852 INFO L290 TraceCheckUtils]: 64: Hoare triple {19972#false} assume true; {19972#false} is VALID [2022-02-20 18:01:00,852 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {19972#false} {19972#false} #825#return; {19972#false} is VALID [2022-02-20 18:01:00,852 INFO L290 TraceCheckUtils]: 66: Hoare triple {19972#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {19972#false} is VALID [2022-02-20 18:01:00,852 INFO L290 TraceCheckUtils]: 67: Hoare triple {19972#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {19972#false} is VALID [2022-02-20 18:01:00,852 INFO L290 TraceCheckUtils]: 68: Hoare triple {19972#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~5#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~5#1; {19972#false} is VALID [2022-02-20 18:01:00,852 INFO L290 TraceCheckUtils]: 69: Hoare triple {19972#false} #t~ret75#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret75#1 && #t~ret75#1 <= 2147483647;~tmp~16#1 := #t~ret75#1;havoc #t~ret75#1;~email~0#1 := ~tmp~16#1; {19972#false} is VALID [2022-02-20 18:01:00,852 INFO L272 TraceCheckUtils]: 70: Hoare triple {19972#false} call outgoing(~sender#1, ~email~0#1); {19972#false} is VALID [2022-02-20 18:01:00,853 INFO L290 TraceCheckUtils]: 71: Hoare triple {19972#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~13#1;havoc ~pubkey~0#1;havoc ~tmp___0~4#1; {19972#false} is VALID [2022-02-20 18:01:00,853 INFO L272 TraceCheckUtils]: 72: Hoare triple {19972#false} call #t~ret67#1 := getEmailTo(~msg#1); {19972#false} is VALID [2022-02-20 18:01:00,853 INFO L290 TraceCheckUtils]: 73: Hoare triple {19972#false} ~handle := #in~handle;havoc ~retValue_acc~30; {19972#false} is VALID [2022-02-20 18:01:00,853 INFO L290 TraceCheckUtils]: 74: Hoare triple {19972#false} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {19972#false} is VALID [2022-02-20 18:01:00,853 INFO L290 TraceCheckUtils]: 75: Hoare triple {19972#false} assume true; {19972#false} is VALID [2022-02-20 18:01:00,853 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {19972#false} {19972#false} #787#return; {19972#false} is VALID [2022-02-20 18:01:00,853 INFO L290 TraceCheckUtils]: 77: Hoare triple {19972#false} assume -2147483648 <= #t~ret67#1 && #t~ret67#1 <= 2147483647;~tmp~13#1 := #t~ret67#1;havoc #t~ret67#1;~receiver~0#1 := ~tmp~13#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~24#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~24#1; {19972#false} is VALID [2022-02-20 18:01:00,853 INFO L290 TraceCheckUtils]: 78: Hoare triple {19972#false} assume 1 == findPublicKey_~handle#1; {19972#false} is VALID [2022-02-20 18:01:00,853 INFO L290 TraceCheckUtils]: 79: Hoare triple {19972#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~24#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~24#1; {19972#false} is VALID [2022-02-20 18:01:00,854 INFO L290 TraceCheckUtils]: 80: Hoare triple {19972#false} #t~ret68#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret68#1 && #t~ret68#1 <= 2147483647;~tmp___0~4#1 := #t~ret68#1;havoc #t~ret68#1;~pubkey~0#1 := ~tmp___0~4#1; {19972#false} is VALID [2022-02-20 18:01:00,854 INFO L290 TraceCheckUtils]: 81: Hoare triple {19972#false} assume !(0 != ~pubkey~0#1); {19972#false} is VALID [2022-02-20 18:01:00,854 INFO L290 TraceCheckUtils]: 82: Hoare triple {19972#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret66#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~12#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {19972#false} is VALID [2022-02-20 18:01:00,854 INFO L290 TraceCheckUtils]: 83: Hoare triple {19972#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {19972#false} is VALID [2022-02-20 18:01:00,854 INFO L290 TraceCheckUtils]: 84: Hoare triple {19972#false} outgoing__wrappee__Keys_#t~ret66#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret66#1 && outgoing__wrappee__Keys_#t~ret66#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~12#1 := outgoing__wrappee__Keys_#t~ret66#1;havoc outgoing__wrappee__Keys_#t~ret66#1; {19972#false} is VALID [2022-02-20 18:01:00,854 INFO L272 TraceCheckUtils]: 85: Hoare triple {19972#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1); {19972#false} is VALID [2022-02-20 18:01:00,854 INFO L290 TraceCheckUtils]: 86: Hoare triple {19972#false} ~handle := #in~handle;~value := #in~value; {19972#false} is VALID [2022-02-20 18:01:00,854 INFO L290 TraceCheckUtils]: 87: Hoare triple {19972#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19972#false} is VALID [2022-02-20 18:01:00,854 INFO L290 TraceCheckUtils]: 88: Hoare triple {19972#false} assume true; {19972#false} is VALID [2022-02-20 18:01:00,855 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {19972#false} {19972#false} #793#return; {19972#false} is VALID [2022-02-20 18:01:00,855 INFO L290 TraceCheckUtils]: 90: Hoare triple {19972#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret64#1, mail_#t~ret65#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~11#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~11#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 := puts(33, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1; {19972#false} is VALID [2022-02-20 18:01:00,855 INFO L272 TraceCheckUtils]: 91: Hoare triple {19972#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {19972#false} is VALID [2022-02-20 18:01:00,855 INFO L290 TraceCheckUtils]: 92: Hoare triple {19972#false} ~handle := #in~handle;havoc ~retValue_acc~33; {19972#false} is VALID [2022-02-20 18:01:00,855 INFO L290 TraceCheckUtils]: 93: Hoare triple {19972#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~33; {19972#false} is VALID [2022-02-20 18:01:00,855 INFO L290 TraceCheckUtils]: 94: Hoare triple {19972#false} assume true; {19972#false} is VALID [2022-02-20 18:01:00,855 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {19972#false} {19972#false} #795#return; {19972#false} is VALID [2022-02-20 18:01:00,855 INFO L290 TraceCheckUtils]: 96: Hoare triple {19972#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset := 34, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1; {19972#false} is VALID [2022-02-20 18:01:00,855 INFO L290 TraceCheckUtils]: 97: Hoare triple {19972#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret64#1 := puts(30, 0);assume -2147483648 <= mail_#t~ret64#1 && mail_#t~ret64#1 <= 2147483647;havoc mail_#t~ret64#1; {19972#false} is VALID [2022-02-20 18:01:00,855 INFO L272 TraceCheckUtils]: 98: Hoare triple {19972#false} call mail_#t~ret65#1 := getEmailTo(mail_~msg#1); {19972#false} is VALID [2022-02-20 18:01:00,856 INFO L290 TraceCheckUtils]: 99: Hoare triple {19972#false} ~handle := #in~handle;havoc ~retValue_acc~30; {19972#false} is VALID [2022-02-20 18:01:00,856 INFO L290 TraceCheckUtils]: 100: Hoare triple {19972#false} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {19972#false} is VALID [2022-02-20 18:01:00,856 INFO L290 TraceCheckUtils]: 101: Hoare triple {19972#false} assume true; {19972#false} is VALID [2022-02-20 18:01:00,856 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {19972#false} {19972#false} #797#return; {19972#false} is VALID [2022-02-20 18:01:00,856 INFO L290 TraceCheckUtils]: 103: Hoare triple {19972#false} assume -2147483648 <= mail_#t~ret65#1 && mail_#t~ret65#1 <= 2147483647;mail_~tmp~11#1 := mail_#t~ret65#1;havoc mail_#t~ret65#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~11#1, mail_~msg#1;havoc incoming_#t~ret70#1, incoming_#t~ret71#1, incoming_#t~ret72#1, incoming_#t~ret73#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~14#1, incoming_~tmp___0~5#1, incoming_~tmp___1~2#1, incoming_~tmp___2~1#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~14#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~2#1;havoc incoming_~tmp___2~1#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 := puts(35, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset := 36, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1; {19972#false} is VALID [2022-02-20 18:01:00,856 INFO L290 TraceCheckUtils]: 104: Hoare triple {19972#false} assume 1 == ~sent_encrypted~0; {19972#false} is VALID [2022-02-20 18:01:00,856 INFO L272 TraceCheckUtils]: 105: Hoare triple {19972#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {19972#false} is VALID [2022-02-20 18:01:00,856 INFO L290 TraceCheckUtils]: 106: Hoare triple {19972#false} ~handle := #in~handle;havoc ~retValue_acc~19; {19972#false} is VALID [2022-02-20 18:01:00,856 INFO L290 TraceCheckUtils]: 107: Hoare triple {19972#false} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {19972#false} is VALID [2022-02-20 18:01:00,857 INFO L290 TraceCheckUtils]: 108: Hoare triple {19972#false} assume true; {19972#false} is VALID [2022-02-20 18:01:00,857 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {19972#false} {19972#false} #799#return; {19972#false} is VALID [2022-02-20 18:01:00,857 INFO L290 TraceCheckUtils]: 110: Hoare triple {19972#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~17#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1; {19972#false} is VALID [2022-02-20 18:01:00,857 INFO L272 TraceCheckUtils]: 111: Hoare triple {19972#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {19972#false} is VALID [2022-02-20 18:01:00,857 INFO L290 TraceCheckUtils]: 112: Hoare triple {19972#false} ~handle := #in~handle;havoc ~retValue_acc~34; {19972#false} is VALID [2022-02-20 18:01:00,857 INFO L290 TraceCheckUtils]: 113: Hoare triple {19972#false} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~34; {19972#false} is VALID [2022-02-20 18:01:00,857 INFO L290 TraceCheckUtils]: 114: Hoare triple {19972#false} assume true; {19972#false} is VALID [2022-02-20 18:01:00,857 INFO L284 TraceCheckUtils]: 115: Hoare quadruple {19972#false} {19972#false} #801#return; {19972#false} is VALID [2022-02-20 18:01:00,857 INFO L290 TraceCheckUtils]: 116: Hoare triple {19972#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1; {19972#false} is VALID [2022-02-20 18:01:00,858 INFO L272 TraceCheckUtils]: 117: Hoare triple {19972#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1); {19972#false} is VALID [2022-02-20 18:01:00,858 INFO L290 TraceCheckUtils]: 118: Hoare triple {19972#false} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~42;havoc ~__cil_tmp4~4.base, ~__cil_tmp4~4.offset;~__cil_tmp4~4.base, ~__cil_tmp4~4.offset := 32, 0;havoc #t~nondet76; {19972#false} is VALID [2022-02-20 18:01:00,858 INFO L290 TraceCheckUtils]: 119: Hoare triple {19972#false} assume 0 == ~publicKey;~retValue_acc~42 := 0;#res := ~retValue_acc~42; {19972#false} is VALID [2022-02-20 18:01:00,858 INFO L290 TraceCheckUtils]: 120: Hoare triple {19972#false} assume true; {19972#false} is VALID [2022-02-20 18:01:00,858 INFO L284 TraceCheckUtils]: 121: Hoare quadruple {19972#false} {19972#false} #803#return; {19972#false} is VALID [2022-02-20 18:01:00,858 INFO L290 TraceCheckUtils]: 122: Hoare triple {19972#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1; {19972#false} is VALID [2022-02-20 18:01:00,859 INFO L290 TraceCheckUtils]: 123: Hoare triple {19972#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1);assume { :begin_inline___automaton_fail } true; {19972#false} is VALID [2022-02-20 18:01:00,859 INFO L290 TraceCheckUtils]: 124: Hoare triple {19972#false} assume !false; {19972#false} is VALID [2022-02-20 18:01:00,859 INFO L134 CoverageAnalysis]: Checked inductivity of 36 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 34 trivial. 0 not checked. [2022-02-20 18:01:00,859 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 18:01:01,224 INFO L290 TraceCheckUtils]: 124: Hoare triple {19972#false} assume !false; {19972#false} is VALID [2022-02-20 18:01:01,225 INFO L290 TraceCheckUtils]: 123: Hoare triple {19972#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1);assume { :begin_inline___automaton_fail } true; {19972#false} is VALID [2022-02-20 18:01:01,225 INFO L290 TraceCheckUtils]: 122: Hoare triple {19972#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1; {19972#false} is VALID [2022-02-20 18:01:01,225 INFO L284 TraceCheckUtils]: 121: Hoare quadruple {19971#true} {19972#false} #803#return; {19972#false} is VALID [2022-02-20 18:01:01,225 INFO L290 TraceCheckUtils]: 120: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:01,225 INFO L290 TraceCheckUtils]: 119: Hoare triple {19971#true} assume 0 == ~publicKey;~retValue_acc~42 := 0;#res := ~retValue_acc~42; {19971#true} is VALID [2022-02-20 18:01:01,225 INFO L290 TraceCheckUtils]: 118: Hoare triple {19971#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~42;havoc ~__cil_tmp4~4.base, ~__cil_tmp4~4.offset;~__cil_tmp4~4.base, ~__cil_tmp4~4.offset := 32, 0;havoc #t~nondet76; {19971#true} is VALID [2022-02-20 18:01:01,225 INFO L272 TraceCheckUtils]: 117: Hoare triple {19972#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1); {19971#true} is VALID [2022-02-20 18:01:01,226 INFO L290 TraceCheckUtils]: 116: Hoare triple {19972#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1; {19972#false} is VALID [2022-02-20 18:01:01,226 INFO L284 TraceCheckUtils]: 115: Hoare quadruple {19971#true} {19972#false} #801#return; {19972#false} is VALID [2022-02-20 18:01:01,226 INFO L290 TraceCheckUtils]: 114: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:01,226 INFO L290 TraceCheckUtils]: 113: Hoare triple {19971#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~34; {19971#true} is VALID [2022-02-20 18:01:01,226 INFO L290 TraceCheckUtils]: 112: Hoare triple {19971#true} ~handle := #in~handle;havoc ~retValue_acc~34; {19971#true} is VALID [2022-02-20 18:01:01,226 INFO L272 TraceCheckUtils]: 111: Hoare triple {19972#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {19971#true} is VALID [2022-02-20 18:01:01,226 INFO L290 TraceCheckUtils]: 110: Hoare triple {19972#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~17#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1; {19972#false} is VALID [2022-02-20 18:01:01,226 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {19971#true} {19972#false} #799#return; {19972#false} is VALID [2022-02-20 18:01:01,226 INFO L290 TraceCheckUtils]: 108: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:01,227 INFO L290 TraceCheckUtils]: 107: Hoare triple {19971#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {19971#true} is VALID [2022-02-20 18:01:01,227 INFO L290 TraceCheckUtils]: 106: Hoare triple {19971#true} ~handle := #in~handle;havoc ~retValue_acc~19; {19971#true} is VALID [2022-02-20 18:01:01,227 INFO L272 TraceCheckUtils]: 105: Hoare triple {19972#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {19971#true} is VALID [2022-02-20 18:01:01,227 INFO L290 TraceCheckUtils]: 104: Hoare triple {19972#false} assume 1 == ~sent_encrypted~0; {19972#false} is VALID [2022-02-20 18:01:01,227 INFO L290 TraceCheckUtils]: 103: Hoare triple {19972#false} assume -2147483648 <= mail_#t~ret65#1 && mail_#t~ret65#1 <= 2147483647;mail_~tmp~11#1 := mail_#t~ret65#1;havoc mail_#t~ret65#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~11#1, mail_~msg#1;havoc incoming_#t~ret70#1, incoming_#t~ret71#1, incoming_#t~ret72#1, incoming_#t~ret73#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~14#1, incoming_~tmp___0~5#1, incoming_~tmp___1~2#1, incoming_~tmp___2~1#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~14#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~2#1;havoc incoming_~tmp___2~1#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 := puts(35, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset := 36, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1; {19972#false} is VALID [2022-02-20 18:01:01,227 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {19971#true} {19972#false} #797#return; {19972#false} is VALID [2022-02-20 18:01:01,227 INFO L290 TraceCheckUtils]: 101: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:01,227 INFO L290 TraceCheckUtils]: 100: Hoare triple {19971#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {19971#true} is VALID [2022-02-20 18:01:01,227 INFO L290 TraceCheckUtils]: 99: Hoare triple {19971#true} ~handle := #in~handle;havoc ~retValue_acc~30; {19971#true} is VALID [2022-02-20 18:01:01,228 INFO L272 TraceCheckUtils]: 98: Hoare triple {19972#false} call mail_#t~ret65#1 := getEmailTo(mail_~msg#1); {19971#true} is VALID [2022-02-20 18:01:01,228 INFO L290 TraceCheckUtils]: 97: Hoare triple {19972#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret64#1 := puts(30, 0);assume -2147483648 <= mail_#t~ret64#1 && mail_#t~ret64#1 <= 2147483647;havoc mail_#t~ret64#1; {19972#false} is VALID [2022-02-20 18:01:01,228 INFO L290 TraceCheckUtils]: 96: Hoare triple {19972#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset := 34, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1; {19972#false} is VALID [2022-02-20 18:01:01,228 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {19971#true} {19972#false} #795#return; {19972#false} is VALID [2022-02-20 18:01:01,228 INFO L290 TraceCheckUtils]: 94: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:01,228 INFO L290 TraceCheckUtils]: 93: Hoare triple {19971#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~33; {19971#true} is VALID [2022-02-20 18:01:01,228 INFO L290 TraceCheckUtils]: 92: Hoare triple {19971#true} ~handle := #in~handle;havoc ~retValue_acc~33; {19971#true} is VALID [2022-02-20 18:01:01,228 INFO L272 TraceCheckUtils]: 91: Hoare triple {19972#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {19971#true} is VALID [2022-02-20 18:01:01,228 INFO L290 TraceCheckUtils]: 90: Hoare triple {19972#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret64#1, mail_#t~ret65#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~11#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~11#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 := puts(33, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1; {19972#false} is VALID [2022-02-20 18:01:01,229 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {19971#true} {19972#false} #793#return; {19972#false} is VALID [2022-02-20 18:01:01,229 INFO L290 TraceCheckUtils]: 88: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:01,229 INFO L290 TraceCheckUtils]: 87: Hoare triple {19971#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19971#true} is VALID [2022-02-20 18:01:01,229 INFO L290 TraceCheckUtils]: 86: Hoare triple {19971#true} ~handle := #in~handle;~value := #in~value; {19971#true} is VALID [2022-02-20 18:01:01,229 INFO L272 TraceCheckUtils]: 85: Hoare triple {19972#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1); {19971#true} is VALID [2022-02-20 18:01:01,229 INFO L290 TraceCheckUtils]: 84: Hoare triple {19972#false} outgoing__wrappee__Keys_#t~ret66#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret66#1 && outgoing__wrappee__Keys_#t~ret66#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~12#1 := outgoing__wrappee__Keys_#t~ret66#1;havoc outgoing__wrappee__Keys_#t~ret66#1; {19972#false} is VALID [2022-02-20 18:01:01,229 INFO L290 TraceCheckUtils]: 83: Hoare triple {19972#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {19972#false} is VALID [2022-02-20 18:01:01,229 INFO L290 TraceCheckUtils]: 82: Hoare triple {19972#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret66#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~12#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {19972#false} is VALID [2022-02-20 18:01:01,230 INFO L290 TraceCheckUtils]: 81: Hoare triple {19972#false} assume !(0 != ~pubkey~0#1); {19972#false} is VALID [2022-02-20 18:01:01,230 INFO L290 TraceCheckUtils]: 80: Hoare triple {19972#false} #t~ret68#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret68#1 && #t~ret68#1 <= 2147483647;~tmp___0~4#1 := #t~ret68#1;havoc #t~ret68#1;~pubkey~0#1 := ~tmp___0~4#1; {19972#false} is VALID [2022-02-20 18:01:01,230 INFO L290 TraceCheckUtils]: 79: Hoare triple {19972#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~24#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~24#1; {19972#false} is VALID [2022-02-20 18:01:01,230 INFO L290 TraceCheckUtils]: 78: Hoare triple {19972#false} assume 1 == findPublicKey_~handle#1; {19972#false} is VALID [2022-02-20 18:01:01,230 INFO L290 TraceCheckUtils]: 77: Hoare triple {19972#false} assume -2147483648 <= #t~ret67#1 && #t~ret67#1 <= 2147483647;~tmp~13#1 := #t~ret67#1;havoc #t~ret67#1;~receiver~0#1 := ~tmp~13#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~24#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~24#1; {19972#false} is VALID [2022-02-20 18:01:01,230 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {19971#true} {19972#false} #787#return; {19972#false} is VALID [2022-02-20 18:01:01,230 INFO L290 TraceCheckUtils]: 75: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:01,230 INFO L290 TraceCheckUtils]: 74: Hoare triple {19971#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {19971#true} is VALID [2022-02-20 18:01:01,230 INFO L290 TraceCheckUtils]: 73: Hoare triple {19971#true} ~handle := #in~handle;havoc ~retValue_acc~30; {19971#true} is VALID [2022-02-20 18:01:01,230 INFO L272 TraceCheckUtils]: 72: Hoare triple {19972#false} call #t~ret67#1 := getEmailTo(~msg#1); {19971#true} is VALID [2022-02-20 18:01:01,231 INFO L290 TraceCheckUtils]: 71: Hoare triple {19972#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~13#1;havoc ~pubkey~0#1;havoc ~tmp___0~4#1; {19972#false} is VALID [2022-02-20 18:01:01,231 INFO L272 TraceCheckUtils]: 70: Hoare triple {19972#false} call outgoing(~sender#1, ~email~0#1); {19972#false} is VALID [2022-02-20 18:01:01,231 INFO L290 TraceCheckUtils]: 69: Hoare triple {19972#false} #t~ret75#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret75#1 && #t~ret75#1 <= 2147483647;~tmp~16#1 := #t~ret75#1;havoc #t~ret75#1;~email~0#1 := ~tmp~16#1; {19972#false} is VALID [2022-02-20 18:01:01,231 INFO L290 TraceCheckUtils]: 68: Hoare triple {19972#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~5#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~5#1; {19972#false} is VALID [2022-02-20 18:01:01,231 INFO L290 TraceCheckUtils]: 67: Hoare triple {19972#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {19972#false} is VALID [2022-02-20 18:01:01,231 INFO L290 TraceCheckUtils]: 66: Hoare triple {19972#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {19972#false} is VALID [2022-02-20 18:01:01,231 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {19971#true} {19972#false} #825#return; {19972#false} is VALID [2022-02-20 18:01:01,231 INFO L290 TraceCheckUtils]: 64: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:01,231 INFO L290 TraceCheckUtils]: 63: Hoare triple {19971#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19971#true} is VALID [2022-02-20 18:01:01,232 INFO L290 TraceCheckUtils]: 62: Hoare triple {19971#true} ~handle := #in~handle;~value := #in~value; {19971#true} is VALID [2022-02-20 18:01:01,232 INFO L272 TraceCheckUtils]: 61: Hoare triple {19972#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {19971#true} is VALID [2022-02-20 18:01:01,232 INFO L290 TraceCheckUtils]: 60: Hoare triple {19972#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~5#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~5#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {19972#false} is VALID [2022-02-20 18:01:01,232 INFO L272 TraceCheckUtils]: 59: Hoare triple {19972#false} call sendEmail(~bob~0, ~rjh~0); {19972#false} is VALID [2022-02-20 18:01:01,232 INFO L290 TraceCheckUtils]: 58: Hoare triple {19972#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret42#1 := puts(22, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {19972#false} is VALID [2022-02-20 18:01:01,232 INFO L290 TraceCheckUtils]: 57: Hoare triple {20617#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(test_~splverifierCounter~0#1 < 4); {19972#false} is VALID [2022-02-20 18:01:01,233 INFO L290 TraceCheckUtils]: 56: Hoare triple {20617#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !false; {20617#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:01:01,233 INFO L290 TraceCheckUtils]: 55: Hoare triple {20617#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {20617#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:01:01,233 INFO L290 TraceCheckUtils]: 54: Hoare triple {20617#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet87#1 && test_#t~nondet87#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet87#1;havoc test_#t~nondet87#1; {20617#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:01:01,234 INFO L290 TraceCheckUtils]: 53: Hoare triple {20617#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(0 != test_~tmp___9~0#1); {20617#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:01:01,234 INFO L290 TraceCheckUtils]: 52: Hoare triple {20617#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet86#1 && test_#t~nondet86#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet86#1;havoc test_#t~nondet86#1; {20617#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:01:01,234 INFO L290 TraceCheckUtils]: 51: Hoare triple {20636#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {20617#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:01:01,235 INFO L290 TraceCheckUtils]: 50: Hoare triple {20636#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume test_~splverifierCounter~0#1 < 4; {20636#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 18:01:01,235 INFO L290 TraceCheckUtils]: 49: Hoare triple {20636#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume !false; {20636#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 18:01:01,235 INFO L290 TraceCheckUtils]: 48: Hoare triple {19971#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {20636#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 18:01:01,235 INFO L290 TraceCheckUtils]: 47: Hoare triple {19971#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 26, 0;havoc setup_#t~nondet49#1; {19971#true} is VALID [2022-02-20 18:01:01,235 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {19971#true} {19971#true} #839#return; {19971#true} is VALID [2022-02-20 18:01:01,236 INFO L290 TraceCheckUtils]: 45: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:01,236 INFO L290 TraceCheckUtils]: 44: Hoare triple {19971#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {19971#true} is VALID [2022-02-20 18:01:01,236 INFO L290 TraceCheckUtils]: 43: Hoare triple {19971#true} assume !(2 == ~handle); {19971#true} is VALID [2022-02-20 18:01:01,236 INFO L290 TraceCheckUtils]: 42: Hoare triple {19971#true} assume !(1 == ~handle); {19971#true} is VALID [2022-02-20 18:01:01,236 INFO L290 TraceCheckUtils]: 41: Hoare triple {19971#true} ~handle := #in~handle;~value := #in~value; {19971#true} is VALID [2022-02-20 18:01:01,236 INFO L272 TraceCheckUtils]: 40: Hoare triple {19971#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {19971#true} is VALID [2022-02-20 18:01:01,236 INFO L290 TraceCheckUtils]: 39: Hoare triple {19971#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {19971#true} is VALID [2022-02-20 18:01:01,236 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {19971#true} {19971#true} #837#return; {19971#true} is VALID [2022-02-20 18:01:01,236 INFO L290 TraceCheckUtils]: 37: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:01,237 INFO L290 TraceCheckUtils]: 36: Hoare triple {19971#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {19971#true} is VALID [2022-02-20 18:01:01,237 INFO L290 TraceCheckUtils]: 35: Hoare triple {19971#true} assume !(2 == ~handle); {19971#true} is VALID [2022-02-20 18:01:01,237 INFO L290 TraceCheckUtils]: 34: Hoare triple {19971#true} assume !(1 == ~handle); {19971#true} is VALID [2022-02-20 18:01:01,237 INFO L290 TraceCheckUtils]: 33: Hoare triple {19971#true} ~handle := #in~handle;~value := #in~value; {19971#true} is VALID [2022-02-20 18:01:01,237 INFO L272 TraceCheckUtils]: 32: Hoare triple {19971#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {19971#true} is VALID [2022-02-20 18:01:01,237 INFO L290 TraceCheckUtils]: 31: Hoare triple {19971#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 25, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {19971#true} is VALID [2022-02-20 18:01:01,237 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {19971#true} {19971#true} #835#return; {19971#true} is VALID [2022-02-20 18:01:01,237 INFO L290 TraceCheckUtils]: 29: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:01,237 INFO L290 TraceCheckUtils]: 28: Hoare triple {19971#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {19971#true} is VALID [2022-02-20 18:01:01,238 INFO L290 TraceCheckUtils]: 27: Hoare triple {19971#true} assume !(1 == ~handle); {19971#true} is VALID [2022-02-20 18:01:01,238 INFO L290 TraceCheckUtils]: 26: Hoare triple {19971#true} ~handle := #in~handle;~value := #in~value; {19971#true} is VALID [2022-02-20 18:01:01,238 INFO L272 TraceCheckUtils]: 25: Hoare triple {19971#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {19971#true} is VALID [2022-02-20 18:01:01,238 INFO L290 TraceCheckUtils]: 24: Hoare triple {19971#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {19971#true} is VALID [2022-02-20 18:01:01,238 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {19971#true} {19971#true} #833#return; {19971#true} is VALID [2022-02-20 18:01:01,238 INFO L290 TraceCheckUtils]: 22: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:01,238 INFO L290 TraceCheckUtils]: 21: Hoare triple {19971#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {19971#true} is VALID [2022-02-20 18:01:01,238 INFO L290 TraceCheckUtils]: 20: Hoare triple {19971#true} assume !(1 == ~handle); {19971#true} is VALID [2022-02-20 18:01:01,238 INFO L290 TraceCheckUtils]: 19: Hoare triple {19971#true} ~handle := #in~handle;~value := #in~value; {19971#true} is VALID [2022-02-20 18:01:01,238 INFO L272 TraceCheckUtils]: 18: Hoare triple {19971#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {19971#true} is VALID [2022-02-20 18:01:01,239 INFO L290 TraceCheckUtils]: 17: Hoare triple {19971#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 24, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {19971#true} is VALID [2022-02-20 18:01:01,239 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {19971#true} {19971#true} #831#return; {19971#true} is VALID [2022-02-20 18:01:01,239 INFO L290 TraceCheckUtils]: 15: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:01,239 INFO L290 TraceCheckUtils]: 14: Hoare triple {19971#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {19971#true} is VALID [2022-02-20 18:01:01,239 INFO L290 TraceCheckUtils]: 13: Hoare triple {19971#true} ~handle := #in~handle;~value := #in~value; {19971#true} is VALID [2022-02-20 18:01:01,239 INFO L272 TraceCheckUtils]: 12: Hoare triple {19971#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {19971#true} is VALID [2022-02-20 18:01:01,239 INFO L290 TraceCheckUtils]: 11: Hoare triple {19971#true} assume { :end_inline_setup_bob__wrappee__Base } true; {19971#true} is VALID [2022-02-20 18:01:01,239 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {19971#true} {19971#true} #829#return; {19971#true} is VALID [2022-02-20 18:01:01,239 INFO L290 TraceCheckUtils]: 9: Hoare triple {19971#true} assume true; {19971#true} is VALID [2022-02-20 18:01:01,240 INFO L290 TraceCheckUtils]: 8: Hoare triple {19971#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19971#true} is VALID [2022-02-20 18:01:01,240 INFO L290 TraceCheckUtils]: 7: Hoare triple {19971#true} ~handle := #in~handle;~value := #in~value; {19971#true} is VALID [2022-02-20 18:01:01,240 INFO L272 TraceCheckUtils]: 6: Hoare triple {19971#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {19971#true} is VALID [2022-02-20 18:01:01,240 INFO L290 TraceCheckUtils]: 5: Hoare triple {19971#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {19971#true} is VALID [2022-02-20 18:01:01,240 INFO L290 TraceCheckUtils]: 4: Hoare triple {19971#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {19971#true} is VALID [2022-02-20 18:01:01,240 INFO L290 TraceCheckUtils]: 3: Hoare triple {19971#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {19971#true} is VALID [2022-02-20 18:01:01,240 INFO L290 TraceCheckUtils]: 2: Hoare triple {19971#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {19971#true} is VALID [2022-02-20 18:01:01,240 INFO L290 TraceCheckUtils]: 1: Hoare triple {19971#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~9#1, main_~tmp~7#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {19971#true} is VALID [2022-02-20 18:01:01,240 INFO L290 TraceCheckUtils]: 0: Hoare triple {19971#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(21, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(44, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(11, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(100, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(20, 32);call #Ultimate.allocInit(13, 33);call #Ultimate.allocInit(19, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(19, 36);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(115, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_encrypted~0 := -1; {19971#true} is VALID [2022-02-20 18:01:01,241 INFO L134 CoverageAnalysis]: Checked inductivity of 36 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 34 trivial. 0 not checked. [2022-02-20 18:01:01,241 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [120275520] provided 0 perfect and 2 imperfect interpolant sequences [2022-02-20 18:01:01,241 INFO L191 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-02-20 18:01:01,241 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [7, 4, 4] total 10 [2022-02-20 18:01:01,241 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1477186446] [2022-02-20 18:01:01,241 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-02-20 18:01:01,242 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 11.4) internal successors, (114), 7 states have internal predecessors, (114), 2 states have call successors, (32), 5 states have call predecessors, (32), 2 states have return successors, (22), 2 states have call predecessors, (22), 2 states have call successors, (22) Word has length 125 [2022-02-20 18:01:02,391 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:01:02,392 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 10 states, 10 states have (on average 11.4) internal successors, (114), 7 states have internal predecessors, (114), 2 states have call successors, (32), 5 states have call predecessors, (32), 2 states have return successors, (22), 2 states have call predecessors, (22), 2 states have call successors, (22) [2022-02-20 18:01:02,542 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 168 edges. 168 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:02,542 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 10 states [2022-02-20 18:01:02,542 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:01:02,543 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2022-02-20 18:01:02,543 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=27, Invalid=63, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:01:02,543 INFO L87 Difference]: Start difference. First operand 321 states and 494 transitions. Second operand has 10 states, 10 states have (on average 11.4) internal successors, (114), 7 states have internal predecessors, (114), 2 states have call successors, (32), 5 states have call predecessors, (32), 2 states have return successors, (22), 2 states have call predecessors, (22), 2 states have call successors, (22) [2022-02-20 18:01:06,773 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:06,773 INFO L93 Difference]: Finished difference Result 821 states and 1328 transitions. [2022-02-20 18:01:06,774 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 10 states. [2022-02-20 18:01:06,774 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 11.4) internal successors, (114), 7 states have internal predecessors, (114), 2 states have call successors, (32), 5 states have call predecessors, (32), 2 states have return successors, (22), 2 states have call predecessors, (22), 2 states have call successors, (22) Word has length 125 [2022-02-20 18:01:06,774 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:01:06,774 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 10 states, 10 states have (on average 11.4) internal successors, (114), 7 states have internal predecessors, (114), 2 states have call successors, (32), 5 states have call predecessors, (32), 2 states have return successors, (22), 2 states have call predecessors, (22), 2 states have call successors, (22) [2022-02-20 18:01:06,802 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 1062 transitions. [2022-02-20 18:01:06,823 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 10 states, 10 states have (on average 11.4) internal successors, (114), 7 states have internal predecessors, (114), 2 states have call successors, (32), 5 states have call predecessors, (32), 2 states have return successors, (22), 2 states have call predecessors, (22), 2 states have call successors, (22) [2022-02-20 18:01:06,833 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 1062 transitions. [2022-02-20 18:01:06,833 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 10 states and 1062 transitions. [2022-02-20 18:01:07,676 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1062 edges. 1062 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:07,706 INFO L225 Difference]: With dead ends: 821 [2022-02-20 18:01:07,706 INFO L226 Difference]: Without dead ends: 702 [2022-02-20 18:01:07,707 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 287 GetRequests, 275 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 21 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=47, Invalid=135, Unknown=0, NotChecked=0, Total=182 [2022-02-20 18:01:07,708 INFO L933 BasicCegarLoop]: 512 mSDtfsCounter, 973 mSDsluCounter, 936 mSDsCounter, 0 mSdLazyCounter, 1517 mSolverCounterSat, 337 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1018 SdHoareTripleChecker+Valid, 1448 SdHoareTripleChecker+Invalid, 1854 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 337 IncrementalHoareTripleChecker+Valid, 1517 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.6s IncrementalHoareTripleChecker+Time [2022-02-20 18:01:07,709 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1018 Valid, 1448 Invalid, 1854 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [337 Valid, 1517 Invalid, 0 Unknown, 0 Unchecked, 1.6s Time] [2022-02-20 18:01:07,709 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 702 states. [2022-02-20 18:01:07,998 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 702 to 624. [2022-02-20 18:01:07,998 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:01:07,999 INFO L82 GeneralOperation]: Start isEquivalent. First operand 702 states. Second operand has 624 states, 484 states have (on average 1.5971074380165289) internal successors, (773), 491 states have internal predecessors, (773), 118 states have call successors, (118), 17 states have call predecessors, (118), 21 states have return successors, (139), 117 states have call predecessors, (139), 117 states have call successors, (139) [2022-02-20 18:01:08,001 INFO L74 IsIncluded]: Start isIncluded. First operand 702 states. Second operand has 624 states, 484 states have (on average 1.5971074380165289) internal successors, (773), 491 states have internal predecessors, (773), 118 states have call successors, (118), 17 states have call predecessors, (118), 21 states have return successors, (139), 117 states have call predecessors, (139), 117 states have call successors, (139) [2022-02-20 18:01:08,002 INFO L87 Difference]: Start difference. First operand 702 states. Second operand has 624 states, 484 states have (on average 1.5971074380165289) internal successors, (773), 491 states have internal predecessors, (773), 118 states have call successors, (118), 17 states have call predecessors, (118), 21 states have return successors, (139), 117 states have call predecessors, (139), 117 states have call successors, (139) [2022-02-20 18:01:08,024 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:08,024 INFO L93 Difference]: Finished difference Result 702 states and 1159 transitions. [2022-02-20 18:01:08,024 INFO L276 IsEmpty]: Start isEmpty. Operand 702 states and 1159 transitions. [2022-02-20 18:01:08,030 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:08,030 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:08,032 INFO L74 IsIncluded]: Start isIncluded. First operand has 624 states, 484 states have (on average 1.5971074380165289) internal successors, (773), 491 states have internal predecessors, (773), 118 states have call successors, (118), 17 states have call predecessors, (118), 21 states have return successors, (139), 117 states have call predecessors, (139), 117 states have call successors, (139) Second operand 702 states. [2022-02-20 18:01:08,032 INFO L87 Difference]: Start difference. First operand has 624 states, 484 states have (on average 1.5971074380165289) internal successors, (773), 491 states have internal predecessors, (773), 118 states have call successors, (118), 17 states have call predecessors, (118), 21 states have return successors, (139), 117 states have call predecessors, (139), 117 states have call successors, (139) Second operand 702 states. [2022-02-20 18:01:08,055 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:08,056 INFO L93 Difference]: Finished difference Result 702 states and 1159 transitions. [2022-02-20 18:01:08,056 INFO L276 IsEmpty]: Start isEmpty. Operand 702 states and 1159 transitions. [2022-02-20 18:01:08,058 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:08,058 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:08,058 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:01:08,058 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:01:08,059 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 624 states, 484 states have (on average 1.5971074380165289) internal successors, (773), 491 states have internal predecessors, (773), 118 states have call successors, (118), 17 states have call predecessors, (118), 21 states have return successors, (139), 117 states have call predecessors, (139), 117 states have call successors, (139) [2022-02-20 18:01:08,080 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 624 states to 624 states and 1030 transitions. [2022-02-20 18:01:08,081 INFO L78 Accepts]: Start accepts. Automaton has 624 states and 1030 transitions. Word has length 125 [2022-02-20 18:01:08,081 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:01:08,081 INFO L470 AbstractCegarLoop]: Abstraction has 624 states and 1030 transitions. [2022-02-20 18:01:08,081 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 10 states, 10 states have (on average 11.4) internal successors, (114), 7 states have internal predecessors, (114), 2 states have call successors, (32), 5 states have call predecessors, (32), 2 states have return successors, (22), 2 states have call predecessors, (22), 2 states have call successors, (22) [2022-02-20 18:01:08,081 INFO L276 IsEmpty]: Start isEmpty. Operand 624 states and 1030 transitions. [2022-02-20 18:01:08,084 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 132 [2022-02-20 18:01:08,084 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:01:08,084 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:01:08,108 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (7)] Forceful destruction successful, exit code 0 [2022-02-20 18:01:08,301 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable9,7 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:01:08,302 INFO L402 AbstractCegarLoop]: === Iteration 11 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:01:08,302 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:01:08,302 INFO L85 PathProgramCache]: Analyzing trace with hash -1248123790, now seen corresponding path program 1 times [2022-02-20 18:01:08,302 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:01:08,302 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [838328360] [2022-02-20 18:01:08,303 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:08,303 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:01:08,326 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:08,344 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:01:08,345 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:08,346 INFO L290 TraceCheckUtils]: 0: Hoare triple {24371#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24306#true} is VALID [2022-02-20 18:01:08,346 INFO L290 TraceCheckUtils]: 1: Hoare triple {24306#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24306#true} is VALID [2022-02-20 18:01:08,347 INFO L290 TraceCheckUtils]: 2: Hoare triple {24306#true} assume true; {24306#true} is VALID [2022-02-20 18:01:08,347 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24306#true} {24306#true} #829#return; {24306#true} is VALID [2022-02-20 18:01:08,351 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:01:08,352 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:08,354 INFO L290 TraceCheckUtils]: 0: Hoare triple {24372#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24306#true} is VALID [2022-02-20 18:01:08,354 INFO L290 TraceCheckUtils]: 1: Hoare triple {24306#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {24306#true} is VALID [2022-02-20 18:01:08,354 INFO L290 TraceCheckUtils]: 2: Hoare triple {24306#true} assume true; {24306#true} is VALID [2022-02-20 18:01:08,354 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24306#true} {24306#true} #831#return; {24306#true} is VALID [2022-02-20 18:01:08,354 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:01:08,356 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:08,357 INFO L290 TraceCheckUtils]: 0: Hoare triple {24371#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24306#true} is VALID [2022-02-20 18:01:08,357 INFO L290 TraceCheckUtils]: 1: Hoare triple {24306#true} assume !(1 == ~handle); {24306#true} is VALID [2022-02-20 18:01:08,357 INFO L290 TraceCheckUtils]: 2: Hoare triple {24306#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {24306#true} is VALID [2022-02-20 18:01:08,357 INFO L290 TraceCheckUtils]: 3: Hoare triple {24306#true} assume true; {24306#true} is VALID [2022-02-20 18:01:08,358 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {24306#true} {24306#true} #833#return; {24306#true} is VALID [2022-02-20 18:01:08,358 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:01:08,359 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:08,360 INFO L290 TraceCheckUtils]: 0: Hoare triple {24372#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24306#true} is VALID [2022-02-20 18:01:08,360 INFO L290 TraceCheckUtils]: 1: Hoare triple {24306#true} assume !(1 == ~handle); {24306#true} is VALID [2022-02-20 18:01:08,360 INFO L290 TraceCheckUtils]: 2: Hoare triple {24306#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {24306#true} is VALID [2022-02-20 18:01:08,360 INFO L290 TraceCheckUtils]: 3: Hoare triple {24306#true} assume true; {24306#true} is VALID [2022-02-20 18:01:08,360 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {24306#true} {24306#true} #835#return; {24306#true} is VALID [2022-02-20 18:01:08,360 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:01:08,361 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:08,363 INFO L290 TraceCheckUtils]: 0: Hoare triple {24371#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24306#true} is VALID [2022-02-20 18:01:08,363 INFO L290 TraceCheckUtils]: 1: Hoare triple {24306#true} assume !(1 == ~handle); {24306#true} is VALID [2022-02-20 18:01:08,363 INFO L290 TraceCheckUtils]: 2: Hoare triple {24306#true} assume !(2 == ~handle); {24306#true} is VALID [2022-02-20 18:01:08,363 INFO L290 TraceCheckUtils]: 3: Hoare triple {24306#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {24306#true} is VALID [2022-02-20 18:01:08,363 INFO L290 TraceCheckUtils]: 4: Hoare triple {24306#true} assume true; {24306#true} is VALID [2022-02-20 18:01:08,363 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {24306#true} {24306#true} #837#return; {24306#true} is VALID [2022-02-20 18:01:08,363 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:01:08,364 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:08,365 INFO L290 TraceCheckUtils]: 0: Hoare triple {24372#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24306#true} is VALID [2022-02-20 18:01:08,366 INFO L290 TraceCheckUtils]: 1: Hoare triple {24306#true} assume !(1 == ~handle); {24306#true} is VALID [2022-02-20 18:01:08,366 INFO L290 TraceCheckUtils]: 2: Hoare triple {24306#true} assume !(2 == ~handle); {24306#true} is VALID [2022-02-20 18:01:08,366 INFO L290 TraceCheckUtils]: 3: Hoare triple {24306#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {24306#true} is VALID [2022-02-20 18:01:08,366 INFO L290 TraceCheckUtils]: 4: Hoare triple {24306#true} assume true; {24306#true} is VALID [2022-02-20 18:01:08,366 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {24306#true} {24306#true} #839#return; {24306#true} is VALID [2022-02-20 18:01:08,370 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:01:08,371 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:08,373 INFO L290 TraceCheckUtils]: 0: Hoare triple {24373#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24306#true} is VALID [2022-02-20 18:01:08,373 INFO L290 TraceCheckUtils]: 1: Hoare triple {24306#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24306#true} is VALID [2022-02-20 18:01:08,373 INFO L290 TraceCheckUtils]: 2: Hoare triple {24306#true} assume true; {24306#true} is VALID [2022-02-20 18:01:08,373 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24306#true} {24307#false} #825#return; {24307#false} is VALID [2022-02-20 18:01:08,373 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 18:01:08,374 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:08,375 INFO L290 TraceCheckUtils]: 0: Hoare triple {24306#true} ~handle := #in~handle;havoc ~retValue_acc~30; {24306#true} is VALID [2022-02-20 18:01:08,375 INFO L290 TraceCheckUtils]: 1: Hoare triple {24306#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {24306#true} is VALID [2022-02-20 18:01:08,375 INFO L290 TraceCheckUtils]: 2: Hoare triple {24306#true} assume true; {24306#true} is VALID [2022-02-20 18:01:08,375 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24306#true} {24307#false} #787#return; {24307#false} is VALID [2022-02-20 18:01:08,376 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91 [2022-02-20 18:01:08,376 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:08,377 INFO L290 TraceCheckUtils]: 0: Hoare triple {24373#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24306#true} is VALID [2022-02-20 18:01:08,377 INFO L290 TraceCheckUtils]: 1: Hoare triple {24306#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24306#true} is VALID [2022-02-20 18:01:08,378 INFO L290 TraceCheckUtils]: 2: Hoare triple {24306#true} assume true; {24306#true} is VALID [2022-02-20 18:01:08,378 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24306#true} {24307#false} #793#return; {24307#false} is VALID [2022-02-20 18:01:08,378 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 97 [2022-02-20 18:01:08,378 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:08,379 INFO L290 TraceCheckUtils]: 0: Hoare triple {24306#true} ~handle := #in~handle;havoc ~retValue_acc~33; {24306#true} is VALID [2022-02-20 18:01:08,380 INFO L290 TraceCheckUtils]: 1: Hoare triple {24306#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~33; {24306#true} is VALID [2022-02-20 18:01:08,380 INFO L290 TraceCheckUtils]: 2: Hoare triple {24306#true} assume true; {24306#true} is VALID [2022-02-20 18:01:08,380 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24306#true} {24307#false} #795#return; {24307#false} is VALID [2022-02-20 18:01:08,380 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 104 [2022-02-20 18:01:08,380 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:08,382 INFO L290 TraceCheckUtils]: 0: Hoare triple {24306#true} ~handle := #in~handle;havoc ~retValue_acc~30; {24306#true} is VALID [2022-02-20 18:01:08,382 INFO L290 TraceCheckUtils]: 1: Hoare triple {24306#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {24306#true} is VALID [2022-02-20 18:01:08,382 INFO L290 TraceCheckUtils]: 2: Hoare triple {24306#true} assume true; {24306#true} is VALID [2022-02-20 18:01:08,382 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24306#true} {24307#false} #797#return; {24307#false} is VALID [2022-02-20 18:01:08,382 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 111 [2022-02-20 18:01:08,383 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:08,384 INFO L290 TraceCheckUtils]: 0: Hoare triple {24306#true} ~handle := #in~handle;havoc ~retValue_acc~19; {24306#true} is VALID [2022-02-20 18:01:08,384 INFO L290 TraceCheckUtils]: 1: Hoare triple {24306#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {24306#true} is VALID [2022-02-20 18:01:08,384 INFO L290 TraceCheckUtils]: 2: Hoare triple {24306#true} assume true; {24306#true} is VALID [2022-02-20 18:01:08,384 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24306#true} {24307#false} #799#return; {24307#false} is VALID [2022-02-20 18:01:08,384 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 117 [2022-02-20 18:01:08,385 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:08,386 INFO L290 TraceCheckUtils]: 0: Hoare triple {24306#true} ~handle := #in~handle;havoc ~retValue_acc~34; {24306#true} is VALID [2022-02-20 18:01:08,386 INFO L290 TraceCheckUtils]: 1: Hoare triple {24306#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~34; {24306#true} is VALID [2022-02-20 18:01:08,386 INFO L290 TraceCheckUtils]: 2: Hoare triple {24306#true} assume true; {24306#true} is VALID [2022-02-20 18:01:08,386 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24306#true} {24307#false} #801#return; {24307#false} is VALID [2022-02-20 18:01:08,386 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 123 [2022-02-20 18:01:08,387 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:08,388 INFO L290 TraceCheckUtils]: 0: Hoare triple {24306#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~42;havoc ~__cil_tmp4~4.base, ~__cil_tmp4~4.offset;~__cil_tmp4~4.base, ~__cil_tmp4~4.offset := 32, 0;havoc #t~nondet76; {24306#true} is VALID [2022-02-20 18:01:08,388 INFO L290 TraceCheckUtils]: 1: Hoare triple {24306#true} assume 0 == ~publicKey;~retValue_acc~42 := 0;#res := ~retValue_acc~42; {24306#true} is VALID [2022-02-20 18:01:08,388 INFO L290 TraceCheckUtils]: 2: Hoare triple {24306#true} assume true; {24306#true} is VALID [2022-02-20 18:01:08,389 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24306#true} {24307#false} #803#return; {24307#false} is VALID [2022-02-20 18:01:08,389 INFO L290 TraceCheckUtils]: 0: Hoare triple {24306#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(21, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(44, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(11, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(100, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(20, 32);call #Ultimate.allocInit(13, 33);call #Ultimate.allocInit(19, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(19, 36);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(115, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_encrypted~0 := -1; {24306#true} is VALID [2022-02-20 18:01:08,389 INFO L290 TraceCheckUtils]: 1: Hoare triple {24306#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~9#1, main_~tmp~7#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {24306#true} is VALID [2022-02-20 18:01:08,389 INFO L290 TraceCheckUtils]: 2: Hoare triple {24306#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {24306#true} is VALID [2022-02-20 18:01:08,389 INFO L290 TraceCheckUtils]: 3: Hoare triple {24306#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {24306#true} is VALID [2022-02-20 18:01:08,389 INFO L290 TraceCheckUtils]: 4: Hoare triple {24306#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {24306#true} is VALID [2022-02-20 18:01:08,389 INFO L290 TraceCheckUtils]: 5: Hoare triple {24306#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {24306#true} is VALID [2022-02-20 18:01:08,390 INFO L272 TraceCheckUtils]: 6: Hoare triple {24306#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {24371#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:08,390 INFO L290 TraceCheckUtils]: 7: Hoare triple {24371#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24306#true} is VALID [2022-02-20 18:01:08,390 INFO L290 TraceCheckUtils]: 8: Hoare triple {24306#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24306#true} is VALID [2022-02-20 18:01:08,390 INFO L290 TraceCheckUtils]: 9: Hoare triple {24306#true} assume true; {24306#true} is VALID [2022-02-20 18:01:08,390 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {24306#true} {24306#true} #829#return; {24306#true} is VALID [2022-02-20 18:01:08,390 INFO L290 TraceCheckUtils]: 11: Hoare triple {24306#true} assume { :end_inline_setup_bob__wrappee__Base } true; {24306#true} is VALID [2022-02-20 18:01:08,391 INFO L272 TraceCheckUtils]: 12: Hoare triple {24306#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {24372#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:08,391 INFO L290 TraceCheckUtils]: 13: Hoare triple {24372#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24306#true} is VALID [2022-02-20 18:01:08,391 INFO L290 TraceCheckUtils]: 14: Hoare triple {24306#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {24306#true} is VALID [2022-02-20 18:01:08,391 INFO L290 TraceCheckUtils]: 15: Hoare triple {24306#true} assume true; {24306#true} is VALID [2022-02-20 18:01:08,391 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {24306#true} {24306#true} #831#return; {24306#true} is VALID [2022-02-20 18:01:08,391 INFO L290 TraceCheckUtils]: 17: Hoare triple {24306#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 24, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {24306#true} is VALID [2022-02-20 18:01:08,392 INFO L272 TraceCheckUtils]: 18: Hoare triple {24306#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {24371#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:08,392 INFO L290 TraceCheckUtils]: 19: Hoare triple {24371#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24306#true} is VALID [2022-02-20 18:01:08,392 INFO L290 TraceCheckUtils]: 20: Hoare triple {24306#true} assume !(1 == ~handle); {24306#true} is VALID [2022-02-20 18:01:08,392 INFO L290 TraceCheckUtils]: 21: Hoare triple {24306#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {24306#true} is VALID [2022-02-20 18:01:08,392 INFO L290 TraceCheckUtils]: 22: Hoare triple {24306#true} assume true; {24306#true} is VALID [2022-02-20 18:01:08,393 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {24306#true} {24306#true} #833#return; {24306#true} is VALID [2022-02-20 18:01:08,393 INFO L290 TraceCheckUtils]: 24: Hoare triple {24306#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {24306#true} is VALID [2022-02-20 18:01:08,393 INFO L272 TraceCheckUtils]: 25: Hoare triple {24306#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {24372#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:08,393 INFO L290 TraceCheckUtils]: 26: Hoare triple {24372#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24306#true} is VALID [2022-02-20 18:01:08,393 INFO L290 TraceCheckUtils]: 27: Hoare triple {24306#true} assume !(1 == ~handle); {24306#true} is VALID [2022-02-20 18:01:08,394 INFO L290 TraceCheckUtils]: 28: Hoare triple {24306#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {24306#true} is VALID [2022-02-20 18:01:08,394 INFO L290 TraceCheckUtils]: 29: Hoare triple {24306#true} assume true; {24306#true} is VALID [2022-02-20 18:01:08,394 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {24306#true} {24306#true} #835#return; {24306#true} is VALID [2022-02-20 18:01:08,394 INFO L290 TraceCheckUtils]: 31: Hoare triple {24306#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 25, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {24306#true} is VALID [2022-02-20 18:01:08,394 INFO L272 TraceCheckUtils]: 32: Hoare triple {24306#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {24371#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:08,394 INFO L290 TraceCheckUtils]: 33: Hoare triple {24371#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24306#true} is VALID [2022-02-20 18:01:08,395 INFO L290 TraceCheckUtils]: 34: Hoare triple {24306#true} assume !(1 == ~handle); {24306#true} is VALID [2022-02-20 18:01:08,395 INFO L290 TraceCheckUtils]: 35: Hoare triple {24306#true} assume !(2 == ~handle); {24306#true} is VALID [2022-02-20 18:01:08,395 INFO L290 TraceCheckUtils]: 36: Hoare triple {24306#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {24306#true} is VALID [2022-02-20 18:01:08,395 INFO L290 TraceCheckUtils]: 37: Hoare triple {24306#true} assume true; {24306#true} is VALID [2022-02-20 18:01:08,395 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {24306#true} {24306#true} #837#return; {24306#true} is VALID [2022-02-20 18:01:08,395 INFO L290 TraceCheckUtils]: 39: Hoare triple {24306#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {24306#true} is VALID [2022-02-20 18:01:08,396 INFO L272 TraceCheckUtils]: 40: Hoare triple {24306#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {24372#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:08,396 INFO L290 TraceCheckUtils]: 41: Hoare triple {24372#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24306#true} is VALID [2022-02-20 18:01:08,396 INFO L290 TraceCheckUtils]: 42: Hoare triple {24306#true} assume !(1 == ~handle); {24306#true} is VALID [2022-02-20 18:01:08,396 INFO L290 TraceCheckUtils]: 43: Hoare triple {24306#true} assume !(2 == ~handle); {24306#true} is VALID [2022-02-20 18:01:08,396 INFO L290 TraceCheckUtils]: 44: Hoare triple {24306#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {24306#true} is VALID [2022-02-20 18:01:08,396 INFO L290 TraceCheckUtils]: 45: Hoare triple {24306#true} assume true; {24306#true} is VALID [2022-02-20 18:01:08,396 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {24306#true} {24306#true} #839#return; {24306#true} is VALID [2022-02-20 18:01:08,396 INFO L290 TraceCheckUtils]: 47: Hoare triple {24306#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 26, 0;havoc setup_#t~nondet49#1; {24306#true} is VALID [2022-02-20 18:01:08,397 INFO L290 TraceCheckUtils]: 48: Hoare triple {24306#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {24338#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 18:01:08,397 INFO L290 TraceCheckUtils]: 49: Hoare triple {24338#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume !false; {24338#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 18:01:08,397 INFO L290 TraceCheckUtils]: 50: Hoare triple {24338#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {24338#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 18:01:08,398 INFO L290 TraceCheckUtils]: 51: Hoare triple {24338#(= |ULTIMATE.start_test_~op2~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {24338#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 18:01:08,398 INFO L290 TraceCheckUtils]: 52: Hoare triple {24338#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet86#1 && test_#t~nondet86#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet86#1;havoc test_#t~nondet86#1; {24338#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 18:01:08,398 INFO L290 TraceCheckUtils]: 53: Hoare triple {24338#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume !(0 != test_~tmp___9~0#1); {24338#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 18:01:08,398 INFO L290 TraceCheckUtils]: 54: Hoare triple {24338#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume !(0 == test_~op2~0#1); {24307#false} is VALID [2022-02-20 18:01:08,398 INFO L290 TraceCheckUtils]: 55: Hoare triple {24307#false} assume !(0 == test_~op3~0#1); {24307#false} is VALID [2022-02-20 18:01:08,399 INFO L290 TraceCheckUtils]: 56: Hoare triple {24307#false} assume !(0 == test_~op4~0#1); {24307#false} is VALID [2022-02-20 18:01:08,399 INFO L290 TraceCheckUtils]: 57: Hoare triple {24307#false} assume !(0 == test_~op5~0#1); {24307#false} is VALID [2022-02-20 18:01:08,399 INFO L290 TraceCheckUtils]: 58: Hoare triple {24307#false} assume !(0 == test_~op6~0#1); {24307#false} is VALID [2022-02-20 18:01:08,399 INFO L290 TraceCheckUtils]: 59: Hoare triple {24307#false} assume !(0 == test_~op7~0#1); {24307#false} is VALID [2022-02-20 18:01:08,399 INFO L290 TraceCheckUtils]: 60: Hoare triple {24307#false} assume !(0 == test_~op8~0#1); {24307#false} is VALID [2022-02-20 18:01:08,399 INFO L290 TraceCheckUtils]: 61: Hoare triple {24307#false} assume !(0 == test_~op9~0#1); {24307#false} is VALID [2022-02-20 18:01:08,399 INFO L290 TraceCheckUtils]: 62: Hoare triple {24307#false} assume !(0 == test_~op10~0#1); {24307#false} is VALID [2022-02-20 18:01:08,399 INFO L290 TraceCheckUtils]: 63: Hoare triple {24307#false} assume !(0 == test_~op11~0#1); {24307#false} is VALID [2022-02-20 18:01:08,399 INFO L290 TraceCheckUtils]: 64: Hoare triple {24307#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret42#1 := puts(22, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {24307#false} is VALID [2022-02-20 18:01:08,400 INFO L272 TraceCheckUtils]: 65: Hoare triple {24307#false} call sendEmail(~bob~0, ~rjh~0); {24307#false} is VALID [2022-02-20 18:01:08,400 INFO L290 TraceCheckUtils]: 66: Hoare triple {24307#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~5#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~5#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {24307#false} is VALID [2022-02-20 18:01:08,400 INFO L272 TraceCheckUtils]: 67: Hoare triple {24307#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {24373#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:08,400 INFO L290 TraceCheckUtils]: 68: Hoare triple {24373#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24306#true} is VALID [2022-02-20 18:01:08,400 INFO L290 TraceCheckUtils]: 69: Hoare triple {24306#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24306#true} is VALID [2022-02-20 18:01:08,400 INFO L290 TraceCheckUtils]: 70: Hoare triple {24306#true} assume true; {24306#true} is VALID [2022-02-20 18:01:08,400 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {24306#true} {24307#false} #825#return; {24307#false} is VALID [2022-02-20 18:01:08,400 INFO L290 TraceCheckUtils]: 72: Hoare triple {24307#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {24307#false} is VALID [2022-02-20 18:01:08,400 INFO L290 TraceCheckUtils]: 73: Hoare triple {24307#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {24307#false} is VALID [2022-02-20 18:01:08,400 INFO L290 TraceCheckUtils]: 74: Hoare triple {24307#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~5#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~5#1; {24307#false} is VALID [2022-02-20 18:01:08,401 INFO L290 TraceCheckUtils]: 75: Hoare triple {24307#false} #t~ret75#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret75#1 && #t~ret75#1 <= 2147483647;~tmp~16#1 := #t~ret75#1;havoc #t~ret75#1;~email~0#1 := ~tmp~16#1; {24307#false} is VALID [2022-02-20 18:01:08,401 INFO L272 TraceCheckUtils]: 76: Hoare triple {24307#false} call outgoing(~sender#1, ~email~0#1); {24307#false} is VALID [2022-02-20 18:01:08,401 INFO L290 TraceCheckUtils]: 77: Hoare triple {24307#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~13#1;havoc ~pubkey~0#1;havoc ~tmp___0~4#1; {24307#false} is VALID [2022-02-20 18:01:08,401 INFO L272 TraceCheckUtils]: 78: Hoare triple {24307#false} call #t~ret67#1 := getEmailTo(~msg#1); {24306#true} is VALID [2022-02-20 18:01:08,401 INFO L290 TraceCheckUtils]: 79: Hoare triple {24306#true} ~handle := #in~handle;havoc ~retValue_acc~30; {24306#true} is VALID [2022-02-20 18:01:08,401 INFO L290 TraceCheckUtils]: 80: Hoare triple {24306#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {24306#true} is VALID [2022-02-20 18:01:08,401 INFO L290 TraceCheckUtils]: 81: Hoare triple {24306#true} assume true; {24306#true} is VALID [2022-02-20 18:01:08,401 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {24306#true} {24307#false} #787#return; {24307#false} is VALID [2022-02-20 18:01:08,401 INFO L290 TraceCheckUtils]: 83: Hoare triple {24307#false} assume -2147483648 <= #t~ret67#1 && #t~ret67#1 <= 2147483647;~tmp~13#1 := #t~ret67#1;havoc #t~ret67#1;~receiver~0#1 := ~tmp~13#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~24#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~24#1; {24307#false} is VALID [2022-02-20 18:01:08,402 INFO L290 TraceCheckUtils]: 84: Hoare triple {24307#false} assume 1 == findPublicKey_~handle#1; {24307#false} is VALID [2022-02-20 18:01:08,402 INFO L290 TraceCheckUtils]: 85: Hoare triple {24307#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~24#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~24#1; {24307#false} is VALID [2022-02-20 18:01:08,402 INFO L290 TraceCheckUtils]: 86: Hoare triple {24307#false} #t~ret68#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret68#1 && #t~ret68#1 <= 2147483647;~tmp___0~4#1 := #t~ret68#1;havoc #t~ret68#1;~pubkey~0#1 := ~tmp___0~4#1; {24307#false} is VALID [2022-02-20 18:01:08,402 INFO L290 TraceCheckUtils]: 87: Hoare triple {24307#false} assume !(0 != ~pubkey~0#1); {24307#false} is VALID [2022-02-20 18:01:08,402 INFO L290 TraceCheckUtils]: 88: Hoare triple {24307#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret66#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~12#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {24307#false} is VALID [2022-02-20 18:01:08,402 INFO L290 TraceCheckUtils]: 89: Hoare triple {24307#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {24307#false} is VALID [2022-02-20 18:01:08,402 INFO L290 TraceCheckUtils]: 90: Hoare triple {24307#false} outgoing__wrappee__Keys_#t~ret66#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret66#1 && outgoing__wrappee__Keys_#t~ret66#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~12#1 := outgoing__wrappee__Keys_#t~ret66#1;havoc outgoing__wrappee__Keys_#t~ret66#1; {24307#false} is VALID [2022-02-20 18:01:08,402 INFO L272 TraceCheckUtils]: 91: Hoare triple {24307#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1); {24373#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:08,402 INFO L290 TraceCheckUtils]: 92: Hoare triple {24373#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24306#true} is VALID [2022-02-20 18:01:08,402 INFO L290 TraceCheckUtils]: 93: Hoare triple {24306#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24306#true} is VALID [2022-02-20 18:01:08,403 INFO L290 TraceCheckUtils]: 94: Hoare triple {24306#true} assume true; {24306#true} is VALID [2022-02-20 18:01:08,403 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {24306#true} {24307#false} #793#return; {24307#false} is VALID [2022-02-20 18:01:08,403 INFO L290 TraceCheckUtils]: 96: Hoare triple {24307#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret64#1, mail_#t~ret65#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~11#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~11#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 := puts(33, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1; {24307#false} is VALID [2022-02-20 18:01:08,403 INFO L272 TraceCheckUtils]: 97: Hoare triple {24307#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {24306#true} is VALID [2022-02-20 18:01:08,403 INFO L290 TraceCheckUtils]: 98: Hoare triple {24306#true} ~handle := #in~handle;havoc ~retValue_acc~33; {24306#true} is VALID [2022-02-20 18:01:08,403 INFO L290 TraceCheckUtils]: 99: Hoare triple {24306#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~33; {24306#true} is VALID [2022-02-20 18:01:08,403 INFO L290 TraceCheckUtils]: 100: Hoare triple {24306#true} assume true; {24306#true} is VALID [2022-02-20 18:01:08,403 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {24306#true} {24307#false} #795#return; {24307#false} is VALID [2022-02-20 18:01:08,403 INFO L290 TraceCheckUtils]: 102: Hoare triple {24307#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset := 34, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1; {24307#false} is VALID [2022-02-20 18:01:08,404 INFO L290 TraceCheckUtils]: 103: Hoare triple {24307#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret64#1 := puts(30, 0);assume -2147483648 <= mail_#t~ret64#1 && mail_#t~ret64#1 <= 2147483647;havoc mail_#t~ret64#1; {24307#false} is VALID [2022-02-20 18:01:08,404 INFO L272 TraceCheckUtils]: 104: Hoare triple {24307#false} call mail_#t~ret65#1 := getEmailTo(mail_~msg#1); {24306#true} is VALID [2022-02-20 18:01:08,404 INFO L290 TraceCheckUtils]: 105: Hoare triple {24306#true} ~handle := #in~handle;havoc ~retValue_acc~30; {24306#true} is VALID [2022-02-20 18:01:08,404 INFO L290 TraceCheckUtils]: 106: Hoare triple {24306#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {24306#true} is VALID [2022-02-20 18:01:08,404 INFO L290 TraceCheckUtils]: 107: Hoare triple {24306#true} assume true; {24306#true} is VALID [2022-02-20 18:01:08,404 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {24306#true} {24307#false} #797#return; {24307#false} is VALID [2022-02-20 18:01:08,404 INFO L290 TraceCheckUtils]: 109: Hoare triple {24307#false} assume -2147483648 <= mail_#t~ret65#1 && mail_#t~ret65#1 <= 2147483647;mail_~tmp~11#1 := mail_#t~ret65#1;havoc mail_#t~ret65#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~11#1, mail_~msg#1;havoc incoming_#t~ret70#1, incoming_#t~ret71#1, incoming_#t~ret72#1, incoming_#t~ret73#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~14#1, incoming_~tmp___0~5#1, incoming_~tmp___1~2#1, incoming_~tmp___2~1#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~14#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~2#1;havoc incoming_~tmp___2~1#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 := puts(35, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset := 36, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1; {24307#false} is VALID [2022-02-20 18:01:08,404 INFO L290 TraceCheckUtils]: 110: Hoare triple {24307#false} assume 1 == ~sent_encrypted~0; {24307#false} is VALID [2022-02-20 18:01:08,404 INFO L272 TraceCheckUtils]: 111: Hoare triple {24307#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {24306#true} is VALID [2022-02-20 18:01:08,404 INFO L290 TraceCheckUtils]: 112: Hoare triple {24306#true} ~handle := #in~handle;havoc ~retValue_acc~19; {24306#true} is VALID [2022-02-20 18:01:08,405 INFO L290 TraceCheckUtils]: 113: Hoare triple {24306#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {24306#true} is VALID [2022-02-20 18:01:08,405 INFO L290 TraceCheckUtils]: 114: Hoare triple {24306#true} assume true; {24306#true} is VALID [2022-02-20 18:01:08,405 INFO L284 TraceCheckUtils]: 115: Hoare quadruple {24306#true} {24307#false} #799#return; {24307#false} is VALID [2022-02-20 18:01:08,405 INFO L290 TraceCheckUtils]: 116: Hoare triple {24307#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~17#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1; {24307#false} is VALID [2022-02-20 18:01:08,405 INFO L272 TraceCheckUtils]: 117: Hoare triple {24307#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {24306#true} is VALID [2022-02-20 18:01:08,405 INFO L290 TraceCheckUtils]: 118: Hoare triple {24306#true} ~handle := #in~handle;havoc ~retValue_acc~34; {24306#true} is VALID [2022-02-20 18:01:08,405 INFO L290 TraceCheckUtils]: 119: Hoare triple {24306#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~34; {24306#true} is VALID [2022-02-20 18:01:08,405 INFO L290 TraceCheckUtils]: 120: Hoare triple {24306#true} assume true; {24306#true} is VALID [2022-02-20 18:01:08,405 INFO L284 TraceCheckUtils]: 121: Hoare quadruple {24306#true} {24307#false} #801#return; {24307#false} is VALID [2022-02-20 18:01:08,406 INFO L290 TraceCheckUtils]: 122: Hoare triple {24307#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1; {24307#false} is VALID [2022-02-20 18:01:08,406 INFO L272 TraceCheckUtils]: 123: Hoare triple {24307#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1); {24306#true} is VALID [2022-02-20 18:01:08,406 INFO L290 TraceCheckUtils]: 124: Hoare triple {24306#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~42;havoc ~__cil_tmp4~4.base, ~__cil_tmp4~4.offset;~__cil_tmp4~4.base, ~__cil_tmp4~4.offset := 32, 0;havoc #t~nondet76; {24306#true} is VALID [2022-02-20 18:01:08,406 INFO L290 TraceCheckUtils]: 125: Hoare triple {24306#true} assume 0 == ~publicKey;~retValue_acc~42 := 0;#res := ~retValue_acc~42; {24306#true} is VALID [2022-02-20 18:01:08,406 INFO L290 TraceCheckUtils]: 126: Hoare triple {24306#true} assume true; {24306#true} is VALID [2022-02-20 18:01:08,406 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {24306#true} {24307#false} #803#return; {24307#false} is VALID [2022-02-20 18:01:08,406 INFO L290 TraceCheckUtils]: 128: Hoare triple {24307#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1; {24307#false} is VALID [2022-02-20 18:01:08,406 INFO L290 TraceCheckUtils]: 129: Hoare triple {24307#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1);assume { :begin_inline___automaton_fail } true; {24307#false} is VALID [2022-02-20 18:01:08,406 INFO L290 TraceCheckUtils]: 130: Hoare triple {24307#false} assume !false; {24307#false} is VALID [2022-02-20 18:01:08,407 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 34 trivial. 0 not checked. [2022-02-20 18:01:08,407 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:01:08,407 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [838328360] [2022-02-20 18:01:08,407 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [838328360] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:01:08,407 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:01:08,407 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:01:08,407 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1403617858] [2022-02-20 18:01:08,408 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:01:08,408 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 14.166666666666666) internal successors, (85), 3 states have internal predecessors, (85), 2 states have call successors, (16), 5 states have call predecessors, (16), 1 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) Word has length 131 [2022-02-20 18:01:08,408 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:01:08,408 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 14.166666666666666) internal successors, (85), 3 states have internal predecessors, (85), 2 states have call successors, (16), 5 states have call predecessors, (16), 1 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:01:08,486 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 115 edges. 115 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:08,487 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:01:08,487 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:01:08,487 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:01:08,487 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:01:08,488 INFO L87 Difference]: Start difference. First operand 624 states and 1030 transitions. Second operand has 6 states, 6 states have (on average 14.166666666666666) internal successors, (85), 3 states have internal predecessors, (85), 2 states have call successors, (16), 5 states have call predecessors, (16), 1 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:01:11,382 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:11,383 INFO L93 Difference]: Finished difference Result 1542 states and 2607 transitions. [2022-02-20 18:01:11,383 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 18:01:11,383 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 14.166666666666666) internal successors, (85), 3 states have internal predecessors, (85), 2 states have call successors, (16), 5 states have call predecessors, (16), 1 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) Word has length 131 [2022-02-20 18:01:11,383 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:01:11,383 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 14.166666666666666) internal successors, (85), 3 states have internal predecessors, (85), 2 states have call successors, (16), 5 states have call predecessors, (16), 1 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:01:11,390 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 985 transitions. [2022-02-20 18:01:11,390 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 14.166666666666666) internal successors, (85), 3 states have internal predecessors, (85), 2 states have call successors, (16), 5 states have call predecessors, (16), 1 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:01:11,396 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 985 transitions. [2022-02-20 18:01:11,397 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 985 transitions. [2022-02-20 18:01:12,120 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 985 edges. 985 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:12,170 INFO L225 Difference]: With dead ends: 1542 [2022-02-20 18:01:12,170 INFO L226 Difference]: Without dead ends: 986 [2022-02-20 18:01:12,190 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 38 GetRequests, 30 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 6 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=29, Invalid=61, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:01:12,191 INFO L933 BasicCegarLoop]: 461 mSDtfsCounter, 683 mSDsluCounter, 495 mSDsCounter, 0 mSdLazyCounter, 612 mSolverCounterSat, 256 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 698 SdHoareTripleChecker+Valid, 956 SdHoareTripleChecker+Invalid, 868 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 256 IncrementalHoareTripleChecker+Valid, 612 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.9s IncrementalHoareTripleChecker+Time [2022-02-20 18:01:12,191 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [698 Valid, 956 Invalid, 868 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [256 Valid, 612 Invalid, 0 Unknown, 0 Unchecked, 0.9s Time] [2022-02-20 18:01:12,193 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 986 states. [2022-02-20 18:01:12,835 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 986 to 924. [2022-02-20 18:01:12,835 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:01:12,837 INFO L82 GeneralOperation]: Start isEquivalent. First operand 986 states. Second operand has 924 states, 720 states have (on average 1.6083333333333334) internal successors, (1158), 727 states have internal predecessors, (1158), 182 states have call successors, (182), 17 states have call predecessors, (182), 21 states have return successors, (213), 181 states have call predecessors, (213), 181 states have call successors, (213) [2022-02-20 18:01:12,838 INFO L74 IsIncluded]: Start isIncluded. First operand 986 states. Second operand has 924 states, 720 states have (on average 1.6083333333333334) internal successors, (1158), 727 states have internal predecessors, (1158), 182 states have call successors, (182), 17 states have call predecessors, (182), 21 states have return successors, (213), 181 states have call predecessors, (213), 181 states have call successors, (213) [2022-02-20 18:01:12,839 INFO L87 Difference]: Start difference. First operand 986 states. Second operand has 924 states, 720 states have (on average 1.6083333333333334) internal successors, (1158), 727 states have internal predecessors, (1158), 182 states have call successors, (182), 17 states have call predecessors, (182), 21 states have return successors, (213), 181 states have call predecessors, (213), 181 states have call successors, (213) [2022-02-20 18:01:12,936 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:12,947 INFO L93 Difference]: Finished difference Result 986 states and 1677 transitions. [2022-02-20 18:01:12,947 INFO L276 IsEmpty]: Start isEmpty. Operand 986 states and 1677 transitions. [2022-02-20 18:01:12,951 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:12,951 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:12,954 INFO L74 IsIncluded]: Start isIncluded. First operand has 924 states, 720 states have (on average 1.6083333333333334) internal successors, (1158), 727 states have internal predecessors, (1158), 182 states have call successors, (182), 17 states have call predecessors, (182), 21 states have return successors, (213), 181 states have call predecessors, (213), 181 states have call successors, (213) Second operand 986 states. [2022-02-20 18:01:12,956 INFO L87 Difference]: Start difference. First operand has 924 states, 720 states have (on average 1.6083333333333334) internal successors, (1158), 727 states have internal predecessors, (1158), 182 states have call successors, (182), 17 states have call predecessors, (182), 21 states have return successors, (213), 181 states have call predecessors, (213), 181 states have call successors, (213) Second operand 986 states. [2022-02-20 18:01:13,034 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:13,047 INFO L93 Difference]: Finished difference Result 986 states and 1677 transitions. [2022-02-20 18:01:13,047 INFO L276 IsEmpty]: Start isEmpty. Operand 986 states and 1677 transitions. [2022-02-20 18:01:13,051 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:13,051 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:13,051 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:01:13,051 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:01:13,052 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 924 states, 720 states have (on average 1.6083333333333334) internal successors, (1158), 727 states have internal predecessors, (1158), 182 states have call successors, (182), 17 states have call predecessors, (182), 21 states have return successors, (213), 181 states have call predecessors, (213), 181 states have call successors, (213) [2022-02-20 18:01:13,154 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 924 states to 924 states and 1553 transitions. [2022-02-20 18:01:13,167 INFO L78 Accepts]: Start accepts. Automaton has 924 states and 1553 transitions. Word has length 131 [2022-02-20 18:01:13,167 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:01:13,167 INFO L470 AbstractCegarLoop]: Abstraction has 924 states and 1553 transitions. [2022-02-20 18:01:13,170 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 14.166666666666666) internal successors, (85), 3 states have internal predecessors, (85), 2 states have call successors, (16), 5 states have call predecessors, (16), 1 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:01:13,171 INFO L276 IsEmpty]: Start isEmpty. Operand 924 states and 1553 transitions. [2022-02-20 18:01:13,174 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 133 [2022-02-20 18:01:13,174 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:01:13,175 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:01:13,175 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable10 [2022-02-20 18:01:13,175 INFO L402 AbstractCegarLoop]: === Iteration 12 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:01:13,175 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:01:13,175 INFO L85 PathProgramCache]: Analyzing trace with hash -591151818, now seen corresponding path program 1 times [2022-02-20 18:01:13,176 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:01:13,176 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1470392085] [2022-02-20 18:01:13,176 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:13,176 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:01:13,215 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:13,259 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:01:13,260 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:13,262 INFO L290 TraceCheckUtils]: 0: Hoare triple {30061#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29996#true} is VALID [2022-02-20 18:01:13,262 INFO L290 TraceCheckUtils]: 1: Hoare triple {29996#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29996#true} is VALID [2022-02-20 18:01:13,262 INFO L290 TraceCheckUtils]: 2: Hoare triple {29996#true} assume true; {29996#true} is VALID [2022-02-20 18:01:13,262 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29996#true} {29996#true} #829#return; {29996#true} is VALID [2022-02-20 18:01:13,272 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:01:13,273 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:13,278 INFO L290 TraceCheckUtils]: 0: Hoare triple {30062#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29996#true} is VALID [2022-02-20 18:01:13,278 INFO L290 TraceCheckUtils]: 1: Hoare triple {29996#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29996#true} is VALID [2022-02-20 18:01:13,278 INFO L290 TraceCheckUtils]: 2: Hoare triple {29996#true} assume true; {29996#true} is VALID [2022-02-20 18:01:13,278 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29996#true} {29996#true} #831#return; {29996#true} is VALID [2022-02-20 18:01:13,278 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:01:13,280 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:13,297 INFO L290 TraceCheckUtils]: 0: Hoare triple {30061#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29996#true} is VALID [2022-02-20 18:01:13,297 INFO L290 TraceCheckUtils]: 1: Hoare triple {29996#true} assume !(1 == ~handle); {29996#true} is VALID [2022-02-20 18:01:13,297 INFO L290 TraceCheckUtils]: 2: Hoare triple {29996#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {29996#true} is VALID [2022-02-20 18:01:13,297 INFO L290 TraceCheckUtils]: 3: Hoare triple {29996#true} assume true; {29996#true} is VALID [2022-02-20 18:01:13,297 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {29996#true} {29996#true} #833#return; {29996#true} is VALID [2022-02-20 18:01:13,298 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:01:13,299 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:13,300 INFO L290 TraceCheckUtils]: 0: Hoare triple {30062#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29996#true} is VALID [2022-02-20 18:01:13,300 INFO L290 TraceCheckUtils]: 1: Hoare triple {29996#true} assume !(1 == ~handle); {29996#true} is VALID [2022-02-20 18:01:13,300 INFO L290 TraceCheckUtils]: 2: Hoare triple {29996#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {29996#true} is VALID [2022-02-20 18:01:13,300 INFO L290 TraceCheckUtils]: 3: Hoare triple {29996#true} assume true; {29996#true} is VALID [2022-02-20 18:01:13,301 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {29996#true} {29996#true} #835#return; {29996#true} is VALID [2022-02-20 18:01:13,301 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:01:13,301 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:13,303 INFO L290 TraceCheckUtils]: 0: Hoare triple {30061#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29996#true} is VALID [2022-02-20 18:01:13,303 INFO L290 TraceCheckUtils]: 1: Hoare triple {29996#true} assume !(1 == ~handle); {29996#true} is VALID [2022-02-20 18:01:13,303 INFO L290 TraceCheckUtils]: 2: Hoare triple {29996#true} assume !(2 == ~handle); {29996#true} is VALID [2022-02-20 18:01:13,303 INFO L290 TraceCheckUtils]: 3: Hoare triple {29996#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {29996#true} is VALID [2022-02-20 18:01:13,303 INFO L290 TraceCheckUtils]: 4: Hoare triple {29996#true} assume true; {29996#true} is VALID [2022-02-20 18:01:13,303 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {29996#true} {29996#true} #837#return; {29996#true} is VALID [2022-02-20 18:01:13,304 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:01:13,304 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:13,306 INFO L290 TraceCheckUtils]: 0: Hoare triple {30062#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29996#true} is VALID [2022-02-20 18:01:13,306 INFO L290 TraceCheckUtils]: 1: Hoare triple {29996#true} assume !(1 == ~handle); {29996#true} is VALID [2022-02-20 18:01:13,306 INFO L290 TraceCheckUtils]: 2: Hoare triple {29996#true} assume !(2 == ~handle); {29996#true} is VALID [2022-02-20 18:01:13,306 INFO L290 TraceCheckUtils]: 3: Hoare triple {29996#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {29996#true} is VALID [2022-02-20 18:01:13,306 INFO L290 TraceCheckUtils]: 4: Hoare triple {29996#true} assume true; {29996#true} is VALID [2022-02-20 18:01:13,306 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {29996#true} {29996#true} #839#return; {29996#true} is VALID [2022-02-20 18:01:13,311 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 18:01:13,311 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:13,312 INFO L290 TraceCheckUtils]: 0: Hoare triple {30063#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {29996#true} is VALID [2022-02-20 18:01:13,313 INFO L290 TraceCheckUtils]: 1: Hoare triple {29996#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {29996#true} is VALID [2022-02-20 18:01:13,313 INFO L290 TraceCheckUtils]: 2: Hoare triple {29996#true} assume true; {29996#true} is VALID [2022-02-20 18:01:13,313 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29996#true} {29997#false} #825#return; {29997#false} is VALID [2022-02-20 18:01:13,313 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 18:01:13,313 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:13,314 INFO L290 TraceCheckUtils]: 0: Hoare triple {29996#true} ~handle := #in~handle;havoc ~retValue_acc~30; {29996#true} is VALID [2022-02-20 18:01:13,315 INFO L290 TraceCheckUtils]: 1: Hoare triple {29996#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {29996#true} is VALID [2022-02-20 18:01:13,315 INFO L290 TraceCheckUtils]: 2: Hoare triple {29996#true} assume true; {29996#true} is VALID [2022-02-20 18:01:13,315 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29996#true} {29997#false} #787#return; {29997#false} is VALID [2022-02-20 18:01:13,315 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:01:13,315 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:13,317 INFO L290 TraceCheckUtils]: 0: Hoare triple {30063#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {29996#true} is VALID [2022-02-20 18:01:13,317 INFO L290 TraceCheckUtils]: 1: Hoare triple {29996#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {29996#true} is VALID [2022-02-20 18:01:13,317 INFO L290 TraceCheckUtils]: 2: Hoare triple {29996#true} assume true; {29996#true} is VALID [2022-02-20 18:01:13,317 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29996#true} {29997#false} #793#return; {29997#false} is VALID [2022-02-20 18:01:13,317 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 18:01:13,317 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:13,329 INFO L290 TraceCheckUtils]: 0: Hoare triple {29996#true} ~handle := #in~handle;havoc ~retValue_acc~33; {29996#true} is VALID [2022-02-20 18:01:13,329 INFO L290 TraceCheckUtils]: 1: Hoare triple {29996#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~33; {29996#true} is VALID [2022-02-20 18:01:13,329 INFO L290 TraceCheckUtils]: 2: Hoare triple {29996#true} assume true; {29996#true} is VALID [2022-02-20 18:01:13,329 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29996#true} {29997#false} #795#return; {29997#false} is VALID [2022-02-20 18:01:13,329 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 105 [2022-02-20 18:01:13,330 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:13,331 INFO L290 TraceCheckUtils]: 0: Hoare triple {29996#true} ~handle := #in~handle;havoc ~retValue_acc~30; {29996#true} is VALID [2022-02-20 18:01:13,331 INFO L290 TraceCheckUtils]: 1: Hoare triple {29996#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {29996#true} is VALID [2022-02-20 18:01:13,331 INFO L290 TraceCheckUtils]: 2: Hoare triple {29996#true} assume true; {29996#true} is VALID [2022-02-20 18:01:13,331 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29996#true} {29997#false} #797#return; {29997#false} is VALID [2022-02-20 18:01:13,332 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 112 [2022-02-20 18:01:13,332 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:13,333 INFO L290 TraceCheckUtils]: 0: Hoare triple {29996#true} ~handle := #in~handle;havoc ~retValue_acc~19; {29996#true} is VALID [2022-02-20 18:01:13,333 INFO L290 TraceCheckUtils]: 1: Hoare triple {29996#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {29996#true} is VALID [2022-02-20 18:01:13,333 INFO L290 TraceCheckUtils]: 2: Hoare triple {29996#true} assume true; {29996#true} is VALID [2022-02-20 18:01:13,333 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29996#true} {29997#false} #799#return; {29997#false} is VALID [2022-02-20 18:01:13,334 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 118 [2022-02-20 18:01:13,334 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:13,335 INFO L290 TraceCheckUtils]: 0: Hoare triple {29996#true} ~handle := #in~handle;havoc ~retValue_acc~34; {29996#true} is VALID [2022-02-20 18:01:13,335 INFO L290 TraceCheckUtils]: 1: Hoare triple {29996#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~34; {29996#true} is VALID [2022-02-20 18:01:13,335 INFO L290 TraceCheckUtils]: 2: Hoare triple {29996#true} assume true; {29996#true} is VALID [2022-02-20 18:01:13,335 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29996#true} {29997#false} #801#return; {29997#false} is VALID [2022-02-20 18:01:13,336 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 124 [2022-02-20 18:01:13,336 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:13,337 INFO L290 TraceCheckUtils]: 0: Hoare triple {29996#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~42;havoc ~__cil_tmp4~4.base, ~__cil_tmp4~4.offset;~__cil_tmp4~4.base, ~__cil_tmp4~4.offset := 32, 0;havoc #t~nondet76; {29996#true} is VALID [2022-02-20 18:01:13,337 INFO L290 TraceCheckUtils]: 1: Hoare triple {29996#true} assume 0 == ~publicKey;~retValue_acc~42 := 0;#res := ~retValue_acc~42; {29996#true} is VALID [2022-02-20 18:01:13,338 INFO L290 TraceCheckUtils]: 2: Hoare triple {29996#true} assume true; {29996#true} is VALID [2022-02-20 18:01:13,338 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29996#true} {29997#false} #803#return; {29997#false} is VALID [2022-02-20 18:01:13,338 INFO L290 TraceCheckUtils]: 0: Hoare triple {29996#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(21, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(44, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(11, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(100, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(20, 32);call #Ultimate.allocInit(13, 33);call #Ultimate.allocInit(19, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(19, 36);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(115, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_encrypted~0 := -1; {29996#true} is VALID [2022-02-20 18:01:13,338 INFO L290 TraceCheckUtils]: 1: Hoare triple {29996#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~9#1, main_~tmp~7#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {29996#true} is VALID [2022-02-20 18:01:13,338 INFO L290 TraceCheckUtils]: 2: Hoare triple {29996#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {29996#true} is VALID [2022-02-20 18:01:13,338 INFO L290 TraceCheckUtils]: 3: Hoare triple {29996#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {29996#true} is VALID [2022-02-20 18:01:13,338 INFO L290 TraceCheckUtils]: 4: Hoare triple {29996#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {29996#true} is VALID [2022-02-20 18:01:13,338 INFO L290 TraceCheckUtils]: 5: Hoare triple {29996#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {29996#true} is VALID [2022-02-20 18:01:13,339 INFO L272 TraceCheckUtils]: 6: Hoare triple {29996#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {30061#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:13,339 INFO L290 TraceCheckUtils]: 7: Hoare triple {30061#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29996#true} is VALID [2022-02-20 18:01:13,339 INFO L290 TraceCheckUtils]: 8: Hoare triple {29996#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29996#true} is VALID [2022-02-20 18:01:13,339 INFO L290 TraceCheckUtils]: 9: Hoare triple {29996#true} assume true; {29996#true} is VALID [2022-02-20 18:01:13,339 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {29996#true} {29996#true} #829#return; {29996#true} is VALID [2022-02-20 18:01:13,340 INFO L290 TraceCheckUtils]: 11: Hoare triple {29996#true} assume { :end_inline_setup_bob__wrappee__Base } true; {29996#true} is VALID [2022-02-20 18:01:13,352 INFO L272 TraceCheckUtils]: 12: Hoare triple {29996#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {30062#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:13,352 INFO L290 TraceCheckUtils]: 13: Hoare triple {30062#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29996#true} is VALID [2022-02-20 18:01:13,352 INFO L290 TraceCheckUtils]: 14: Hoare triple {29996#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29996#true} is VALID [2022-02-20 18:01:13,352 INFO L290 TraceCheckUtils]: 15: Hoare triple {29996#true} assume true; {29996#true} is VALID [2022-02-20 18:01:13,352 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {29996#true} {29996#true} #831#return; {29996#true} is VALID [2022-02-20 18:01:13,353 INFO L290 TraceCheckUtils]: 17: Hoare triple {29996#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 24, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {29996#true} is VALID [2022-02-20 18:01:13,353 INFO L272 TraceCheckUtils]: 18: Hoare triple {29996#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {30061#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:13,353 INFO L290 TraceCheckUtils]: 19: Hoare triple {30061#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29996#true} is VALID [2022-02-20 18:01:13,354 INFO L290 TraceCheckUtils]: 20: Hoare triple {29996#true} assume !(1 == ~handle); {29996#true} is VALID [2022-02-20 18:01:13,354 INFO L290 TraceCheckUtils]: 21: Hoare triple {29996#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {29996#true} is VALID [2022-02-20 18:01:13,354 INFO L290 TraceCheckUtils]: 22: Hoare triple {29996#true} assume true; {29996#true} is VALID [2022-02-20 18:01:13,354 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {29996#true} {29996#true} #833#return; {29996#true} is VALID [2022-02-20 18:01:13,354 INFO L290 TraceCheckUtils]: 24: Hoare triple {29996#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {29996#true} is VALID [2022-02-20 18:01:13,354 INFO L272 TraceCheckUtils]: 25: Hoare triple {29996#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {30062#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:13,355 INFO L290 TraceCheckUtils]: 26: Hoare triple {30062#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29996#true} is VALID [2022-02-20 18:01:13,355 INFO L290 TraceCheckUtils]: 27: Hoare triple {29996#true} assume !(1 == ~handle); {29996#true} is VALID [2022-02-20 18:01:13,355 INFO L290 TraceCheckUtils]: 28: Hoare triple {29996#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {29996#true} is VALID [2022-02-20 18:01:13,355 INFO L290 TraceCheckUtils]: 29: Hoare triple {29996#true} assume true; {29996#true} is VALID [2022-02-20 18:01:13,355 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {29996#true} {29996#true} #835#return; {29996#true} is VALID [2022-02-20 18:01:13,355 INFO L290 TraceCheckUtils]: 31: Hoare triple {29996#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 25, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {29996#true} is VALID [2022-02-20 18:01:13,356 INFO L272 TraceCheckUtils]: 32: Hoare triple {29996#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {30061#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:13,356 INFO L290 TraceCheckUtils]: 33: Hoare triple {30061#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29996#true} is VALID [2022-02-20 18:01:13,356 INFO L290 TraceCheckUtils]: 34: Hoare triple {29996#true} assume !(1 == ~handle); {29996#true} is VALID [2022-02-20 18:01:13,356 INFO L290 TraceCheckUtils]: 35: Hoare triple {29996#true} assume !(2 == ~handle); {29996#true} is VALID [2022-02-20 18:01:13,356 INFO L290 TraceCheckUtils]: 36: Hoare triple {29996#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {29996#true} is VALID [2022-02-20 18:01:13,356 INFO L290 TraceCheckUtils]: 37: Hoare triple {29996#true} assume true; {29996#true} is VALID [2022-02-20 18:01:13,356 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {29996#true} {29996#true} #837#return; {29996#true} is VALID [2022-02-20 18:01:13,356 INFO L290 TraceCheckUtils]: 39: Hoare triple {29996#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {29996#true} is VALID [2022-02-20 18:01:13,357 INFO L272 TraceCheckUtils]: 40: Hoare triple {29996#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {30062#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:13,357 INFO L290 TraceCheckUtils]: 41: Hoare triple {30062#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29996#true} is VALID [2022-02-20 18:01:13,357 INFO L290 TraceCheckUtils]: 42: Hoare triple {29996#true} assume !(1 == ~handle); {29996#true} is VALID [2022-02-20 18:01:13,357 INFO L290 TraceCheckUtils]: 43: Hoare triple {29996#true} assume !(2 == ~handle); {29996#true} is VALID [2022-02-20 18:01:13,357 INFO L290 TraceCheckUtils]: 44: Hoare triple {29996#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {29996#true} is VALID [2022-02-20 18:01:13,357 INFO L290 TraceCheckUtils]: 45: Hoare triple {29996#true} assume true; {29996#true} is VALID [2022-02-20 18:01:13,358 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {29996#true} {29996#true} #839#return; {29996#true} is VALID [2022-02-20 18:01:13,358 INFO L290 TraceCheckUtils]: 47: Hoare triple {29996#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 26, 0;havoc setup_#t~nondet49#1; {29996#true} is VALID [2022-02-20 18:01:13,358 INFO L290 TraceCheckUtils]: 48: Hoare triple {29996#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {30028#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 18:01:13,358 INFO L290 TraceCheckUtils]: 49: Hoare triple {30028#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume !false; {30028#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 18:01:13,358 INFO L290 TraceCheckUtils]: 50: Hoare triple {30028#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {30028#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 18:01:13,359 INFO L290 TraceCheckUtils]: 51: Hoare triple {30028#(= |ULTIMATE.start_test_~op3~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {30028#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 18:01:13,359 INFO L290 TraceCheckUtils]: 52: Hoare triple {30028#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet86#1 && test_#t~nondet86#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet86#1;havoc test_#t~nondet86#1; {30028#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 18:01:13,359 INFO L290 TraceCheckUtils]: 53: Hoare triple {30028#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume !(0 != test_~tmp___9~0#1); {30028#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 18:01:13,360 INFO L290 TraceCheckUtils]: 54: Hoare triple {30028#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet87#1 && test_#t~nondet87#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet87#1;havoc test_#t~nondet87#1; {30028#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 18:01:13,360 INFO L290 TraceCheckUtils]: 55: Hoare triple {30028#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume !(0 != test_~tmp___8~0#1); {30028#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 18:01:13,360 INFO L290 TraceCheckUtils]: 56: Hoare triple {30028#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume !(0 == test_~op3~0#1); {29997#false} is VALID [2022-02-20 18:01:13,360 INFO L290 TraceCheckUtils]: 57: Hoare triple {29997#false} assume !(0 == test_~op4~0#1); {29997#false} is VALID [2022-02-20 18:01:13,360 INFO L290 TraceCheckUtils]: 58: Hoare triple {29997#false} assume !(0 == test_~op5~0#1); {29997#false} is VALID [2022-02-20 18:01:13,360 INFO L290 TraceCheckUtils]: 59: Hoare triple {29997#false} assume !(0 == test_~op6~0#1); {29997#false} is VALID [2022-02-20 18:01:13,360 INFO L290 TraceCheckUtils]: 60: Hoare triple {29997#false} assume !(0 == test_~op7~0#1); {29997#false} is VALID [2022-02-20 18:01:13,361 INFO L290 TraceCheckUtils]: 61: Hoare triple {29997#false} assume !(0 == test_~op8~0#1); {29997#false} is VALID [2022-02-20 18:01:13,361 INFO L290 TraceCheckUtils]: 62: Hoare triple {29997#false} assume !(0 == test_~op9~0#1); {29997#false} is VALID [2022-02-20 18:01:13,361 INFO L290 TraceCheckUtils]: 63: Hoare triple {29997#false} assume !(0 == test_~op10~0#1); {29997#false} is VALID [2022-02-20 18:01:13,361 INFO L290 TraceCheckUtils]: 64: Hoare triple {29997#false} assume !(0 == test_~op11~0#1); {29997#false} is VALID [2022-02-20 18:01:13,361 INFO L290 TraceCheckUtils]: 65: Hoare triple {29997#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret42#1 := puts(22, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {29997#false} is VALID [2022-02-20 18:01:13,361 INFO L272 TraceCheckUtils]: 66: Hoare triple {29997#false} call sendEmail(~bob~0, ~rjh~0); {29997#false} is VALID [2022-02-20 18:01:13,361 INFO L290 TraceCheckUtils]: 67: Hoare triple {29997#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~5#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~5#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {29997#false} is VALID [2022-02-20 18:01:13,361 INFO L272 TraceCheckUtils]: 68: Hoare triple {29997#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {30063#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:13,361 INFO L290 TraceCheckUtils]: 69: Hoare triple {30063#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {29996#true} is VALID [2022-02-20 18:01:13,362 INFO L290 TraceCheckUtils]: 70: Hoare triple {29996#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {29996#true} is VALID [2022-02-20 18:01:13,362 INFO L290 TraceCheckUtils]: 71: Hoare triple {29996#true} assume true; {29996#true} is VALID [2022-02-20 18:01:13,362 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {29996#true} {29997#false} #825#return; {29997#false} is VALID [2022-02-20 18:01:13,362 INFO L290 TraceCheckUtils]: 73: Hoare triple {29997#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {29997#false} is VALID [2022-02-20 18:01:13,362 INFO L290 TraceCheckUtils]: 74: Hoare triple {29997#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {29997#false} is VALID [2022-02-20 18:01:13,362 INFO L290 TraceCheckUtils]: 75: Hoare triple {29997#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~5#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~5#1; {29997#false} is VALID [2022-02-20 18:01:13,362 INFO L290 TraceCheckUtils]: 76: Hoare triple {29997#false} #t~ret75#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret75#1 && #t~ret75#1 <= 2147483647;~tmp~16#1 := #t~ret75#1;havoc #t~ret75#1;~email~0#1 := ~tmp~16#1; {29997#false} is VALID [2022-02-20 18:01:13,362 INFO L272 TraceCheckUtils]: 77: Hoare triple {29997#false} call outgoing(~sender#1, ~email~0#1); {29997#false} is VALID [2022-02-20 18:01:13,362 INFO L290 TraceCheckUtils]: 78: Hoare triple {29997#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~13#1;havoc ~pubkey~0#1;havoc ~tmp___0~4#1; {29997#false} is VALID [2022-02-20 18:01:13,362 INFO L272 TraceCheckUtils]: 79: Hoare triple {29997#false} call #t~ret67#1 := getEmailTo(~msg#1); {29996#true} is VALID [2022-02-20 18:01:13,363 INFO L290 TraceCheckUtils]: 80: Hoare triple {29996#true} ~handle := #in~handle;havoc ~retValue_acc~30; {29996#true} is VALID [2022-02-20 18:01:13,363 INFO L290 TraceCheckUtils]: 81: Hoare triple {29996#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {29996#true} is VALID [2022-02-20 18:01:13,363 INFO L290 TraceCheckUtils]: 82: Hoare triple {29996#true} assume true; {29996#true} is VALID [2022-02-20 18:01:13,363 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {29996#true} {29997#false} #787#return; {29997#false} is VALID [2022-02-20 18:01:13,363 INFO L290 TraceCheckUtils]: 84: Hoare triple {29997#false} assume -2147483648 <= #t~ret67#1 && #t~ret67#1 <= 2147483647;~tmp~13#1 := #t~ret67#1;havoc #t~ret67#1;~receiver~0#1 := ~tmp~13#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~24#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~24#1; {29997#false} is VALID [2022-02-20 18:01:13,363 INFO L290 TraceCheckUtils]: 85: Hoare triple {29997#false} assume 1 == findPublicKey_~handle#1; {29997#false} is VALID [2022-02-20 18:01:13,363 INFO L290 TraceCheckUtils]: 86: Hoare triple {29997#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~24#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~24#1; {29997#false} is VALID [2022-02-20 18:01:13,363 INFO L290 TraceCheckUtils]: 87: Hoare triple {29997#false} #t~ret68#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret68#1 && #t~ret68#1 <= 2147483647;~tmp___0~4#1 := #t~ret68#1;havoc #t~ret68#1;~pubkey~0#1 := ~tmp___0~4#1; {29997#false} is VALID [2022-02-20 18:01:13,363 INFO L290 TraceCheckUtils]: 88: Hoare triple {29997#false} assume !(0 != ~pubkey~0#1); {29997#false} is VALID [2022-02-20 18:01:13,363 INFO L290 TraceCheckUtils]: 89: Hoare triple {29997#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret66#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~12#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {29997#false} is VALID [2022-02-20 18:01:13,364 INFO L290 TraceCheckUtils]: 90: Hoare triple {29997#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {29997#false} is VALID [2022-02-20 18:01:13,364 INFO L290 TraceCheckUtils]: 91: Hoare triple {29997#false} outgoing__wrappee__Keys_#t~ret66#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret66#1 && outgoing__wrappee__Keys_#t~ret66#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~12#1 := outgoing__wrappee__Keys_#t~ret66#1;havoc outgoing__wrappee__Keys_#t~ret66#1; {29997#false} is VALID [2022-02-20 18:01:13,364 INFO L272 TraceCheckUtils]: 92: Hoare triple {29997#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1); {30063#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:13,364 INFO L290 TraceCheckUtils]: 93: Hoare triple {30063#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {29996#true} is VALID [2022-02-20 18:01:13,364 INFO L290 TraceCheckUtils]: 94: Hoare triple {29996#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {29996#true} is VALID [2022-02-20 18:01:13,364 INFO L290 TraceCheckUtils]: 95: Hoare triple {29996#true} assume true; {29996#true} is VALID [2022-02-20 18:01:13,364 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {29996#true} {29997#false} #793#return; {29997#false} is VALID [2022-02-20 18:01:13,364 INFO L290 TraceCheckUtils]: 97: Hoare triple {29997#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret64#1, mail_#t~ret65#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~11#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~11#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 := puts(33, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1; {29997#false} is VALID [2022-02-20 18:01:13,364 INFO L272 TraceCheckUtils]: 98: Hoare triple {29997#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {29996#true} is VALID [2022-02-20 18:01:13,365 INFO L290 TraceCheckUtils]: 99: Hoare triple {29996#true} ~handle := #in~handle;havoc ~retValue_acc~33; {29996#true} is VALID [2022-02-20 18:01:13,365 INFO L290 TraceCheckUtils]: 100: Hoare triple {29996#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~33; {29996#true} is VALID [2022-02-20 18:01:13,365 INFO L290 TraceCheckUtils]: 101: Hoare triple {29996#true} assume true; {29996#true} is VALID [2022-02-20 18:01:13,365 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {29996#true} {29997#false} #795#return; {29997#false} is VALID [2022-02-20 18:01:13,365 INFO L290 TraceCheckUtils]: 103: Hoare triple {29997#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset := 34, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1; {29997#false} is VALID [2022-02-20 18:01:13,365 INFO L290 TraceCheckUtils]: 104: Hoare triple {29997#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret64#1 := puts(30, 0);assume -2147483648 <= mail_#t~ret64#1 && mail_#t~ret64#1 <= 2147483647;havoc mail_#t~ret64#1; {29997#false} is VALID [2022-02-20 18:01:13,365 INFO L272 TraceCheckUtils]: 105: Hoare triple {29997#false} call mail_#t~ret65#1 := getEmailTo(mail_~msg#1); {29996#true} is VALID [2022-02-20 18:01:13,365 INFO L290 TraceCheckUtils]: 106: Hoare triple {29996#true} ~handle := #in~handle;havoc ~retValue_acc~30; {29996#true} is VALID [2022-02-20 18:01:13,365 INFO L290 TraceCheckUtils]: 107: Hoare triple {29996#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {29996#true} is VALID [2022-02-20 18:01:13,365 INFO L290 TraceCheckUtils]: 108: Hoare triple {29996#true} assume true; {29996#true} is VALID [2022-02-20 18:01:13,366 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {29996#true} {29997#false} #797#return; {29997#false} is VALID [2022-02-20 18:01:13,366 INFO L290 TraceCheckUtils]: 110: Hoare triple {29997#false} assume -2147483648 <= mail_#t~ret65#1 && mail_#t~ret65#1 <= 2147483647;mail_~tmp~11#1 := mail_#t~ret65#1;havoc mail_#t~ret65#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~11#1, mail_~msg#1;havoc incoming_#t~ret70#1, incoming_#t~ret71#1, incoming_#t~ret72#1, incoming_#t~ret73#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~14#1, incoming_~tmp___0~5#1, incoming_~tmp___1~2#1, incoming_~tmp___2~1#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~14#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~2#1;havoc incoming_~tmp___2~1#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 := puts(35, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset := 36, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1; {29997#false} is VALID [2022-02-20 18:01:13,366 INFO L290 TraceCheckUtils]: 111: Hoare triple {29997#false} assume 1 == ~sent_encrypted~0; {29997#false} is VALID [2022-02-20 18:01:13,366 INFO L272 TraceCheckUtils]: 112: Hoare triple {29997#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {29996#true} is VALID [2022-02-20 18:01:13,366 INFO L290 TraceCheckUtils]: 113: Hoare triple {29996#true} ~handle := #in~handle;havoc ~retValue_acc~19; {29996#true} is VALID [2022-02-20 18:01:13,366 INFO L290 TraceCheckUtils]: 114: Hoare triple {29996#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {29996#true} is VALID [2022-02-20 18:01:13,366 INFO L290 TraceCheckUtils]: 115: Hoare triple {29996#true} assume true; {29996#true} is VALID [2022-02-20 18:01:13,366 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {29996#true} {29997#false} #799#return; {29997#false} is VALID [2022-02-20 18:01:13,366 INFO L290 TraceCheckUtils]: 117: Hoare triple {29997#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~17#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1; {29997#false} is VALID [2022-02-20 18:01:13,366 INFO L272 TraceCheckUtils]: 118: Hoare triple {29997#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {29996#true} is VALID [2022-02-20 18:01:13,367 INFO L290 TraceCheckUtils]: 119: Hoare triple {29996#true} ~handle := #in~handle;havoc ~retValue_acc~34; {29996#true} is VALID [2022-02-20 18:01:13,367 INFO L290 TraceCheckUtils]: 120: Hoare triple {29996#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~34; {29996#true} is VALID [2022-02-20 18:01:13,367 INFO L290 TraceCheckUtils]: 121: Hoare triple {29996#true} assume true; {29996#true} is VALID [2022-02-20 18:01:13,367 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {29996#true} {29997#false} #801#return; {29997#false} is VALID [2022-02-20 18:01:13,367 INFO L290 TraceCheckUtils]: 123: Hoare triple {29997#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1; {29997#false} is VALID [2022-02-20 18:01:13,367 INFO L272 TraceCheckUtils]: 124: Hoare triple {29997#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1); {29996#true} is VALID [2022-02-20 18:01:13,367 INFO L290 TraceCheckUtils]: 125: Hoare triple {29996#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~42;havoc ~__cil_tmp4~4.base, ~__cil_tmp4~4.offset;~__cil_tmp4~4.base, ~__cil_tmp4~4.offset := 32, 0;havoc #t~nondet76; {29996#true} is VALID [2022-02-20 18:01:13,367 INFO L290 TraceCheckUtils]: 126: Hoare triple {29996#true} assume 0 == ~publicKey;~retValue_acc~42 := 0;#res := ~retValue_acc~42; {29996#true} is VALID [2022-02-20 18:01:13,367 INFO L290 TraceCheckUtils]: 127: Hoare triple {29996#true} assume true; {29996#true} is VALID [2022-02-20 18:01:13,368 INFO L284 TraceCheckUtils]: 128: Hoare quadruple {29996#true} {29997#false} #803#return; {29997#false} is VALID [2022-02-20 18:01:13,368 INFO L290 TraceCheckUtils]: 129: Hoare triple {29997#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1; {29997#false} is VALID [2022-02-20 18:01:13,368 INFO L290 TraceCheckUtils]: 130: Hoare triple {29997#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1);assume { :begin_inline___automaton_fail } true; {29997#false} is VALID [2022-02-20 18:01:13,368 INFO L290 TraceCheckUtils]: 131: Hoare triple {29997#false} assume !false; {29997#false} is VALID [2022-02-20 18:01:13,368 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 34 trivial. 0 not checked. [2022-02-20 18:01:13,368 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:01:13,368 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1470392085] [2022-02-20 18:01:13,369 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1470392085] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:01:13,369 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:01:13,369 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:01:13,369 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [210582989] [2022-02-20 18:01:13,369 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:01:13,369 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 14.333333333333334) internal successors, (86), 3 states have internal predecessors, (86), 2 states have call successors, (16), 5 states have call predecessors, (16), 1 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) Word has length 132 [2022-02-20 18:01:13,370 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:01:13,370 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 14.333333333333334) internal successors, (86), 3 states have internal predecessors, (86), 2 states have call successors, (16), 5 states have call predecessors, (16), 1 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:01:13,478 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 116 edges. 116 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:13,478 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:01:13,478 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:01:13,480 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:01:13,480 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:01:13,480 INFO L87 Difference]: Start difference. First operand 924 states and 1553 transitions. Second operand has 6 states, 6 states have (on average 14.333333333333334) internal successors, (86), 3 states have internal predecessors, (86), 2 states have call successors, (16), 5 states have call predecessors, (16), 1 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:01:17,095 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:17,111 INFO L93 Difference]: Finished difference Result 2257 states and 3852 transitions. [2022-02-20 18:01:17,111 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 18:01:17,111 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 14.333333333333334) internal successors, (86), 3 states have internal predecessors, (86), 2 states have call successors, (16), 5 states have call predecessors, (16), 1 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) Word has length 132 [2022-02-20 18:01:17,112 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:01:17,112 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 14.333333333333334) internal successors, (86), 3 states have internal predecessors, (86), 2 states have call successors, (16), 5 states have call predecessors, (16), 1 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:01:17,119 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 981 transitions. [2022-02-20 18:01:17,119 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 14.333333333333334) internal successors, (86), 3 states have internal predecessors, (86), 2 states have call successors, (16), 5 states have call predecessors, (16), 1 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:01:17,140 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 981 transitions. [2022-02-20 18:01:17,140 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 981 transitions. [2022-02-20 18:01:17,887 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 981 edges. 981 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:18,025 INFO L225 Difference]: With dead ends: 2257 [2022-02-20 18:01:18,026 INFO L226 Difference]: Without dead ends: 1454 [2022-02-20 18:01:18,041 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 38 GetRequests, 30 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 6 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=29, Invalid=61, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:01:18,046 INFO L933 BasicCegarLoop]: 451 mSDtfsCounter, 681 mSDsluCounter, 478 mSDsCounter, 0 mSdLazyCounter, 596 mSolverCounterSat, 256 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 696 SdHoareTripleChecker+Valid, 929 SdHoareTripleChecker+Invalid, 852 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 256 IncrementalHoareTripleChecker+Valid, 596 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.9s IncrementalHoareTripleChecker+Time [2022-02-20 18:01:18,046 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [696 Valid, 929 Invalid, 852 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [256 Valid, 596 Invalid, 0 Unknown, 0 Unchecked, 0.9s Time] [2022-02-20 18:01:18,048 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1454 states. [2022-02-20 18:01:19,079 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1454 to 1392. [2022-02-20 18:01:19,079 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:01:19,112 INFO L82 GeneralOperation]: Start isEquivalent. First operand 1454 states. Second operand has 1392 states, 1093 states have (on average 1.614821591948765) internal successors, (1765), 1100 states have internal predecessors, (1765), 277 states have call successors, (277), 17 states have call predecessors, (277), 21 states have return successors, (308), 276 states have call predecessors, (308), 276 states have call successors, (308) [2022-02-20 18:01:19,114 INFO L74 IsIncluded]: Start isIncluded. First operand 1454 states. Second operand has 1392 states, 1093 states have (on average 1.614821591948765) internal successors, (1765), 1100 states have internal predecessors, (1765), 277 states have call successors, (277), 17 states have call predecessors, (277), 21 states have return successors, (308), 276 states have call predecessors, (308), 276 states have call successors, (308) [2022-02-20 18:01:19,115 INFO L87 Difference]: Start difference. First operand 1454 states. Second operand has 1392 states, 1093 states have (on average 1.614821591948765) internal successors, (1765), 1100 states have internal predecessors, (1765), 277 states have call successors, (277), 17 states have call predecessors, (277), 21 states have return successors, (308), 276 states have call predecessors, (308), 276 states have call successors, (308) [2022-02-20 18:01:19,210 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:19,210 INFO L93 Difference]: Finished difference Result 1454 states and 2490 transitions. [2022-02-20 18:01:19,210 INFO L276 IsEmpty]: Start isEmpty. Operand 1454 states and 2490 transitions. [2022-02-20 18:01:19,230 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:19,243 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:19,245 INFO L74 IsIncluded]: Start isIncluded. First operand has 1392 states, 1093 states have (on average 1.614821591948765) internal successors, (1765), 1100 states have internal predecessors, (1765), 277 states have call successors, (277), 17 states have call predecessors, (277), 21 states have return successors, (308), 276 states have call predecessors, (308), 276 states have call successors, (308) Second operand 1454 states. [2022-02-20 18:01:19,247 INFO L87 Difference]: Start difference. First operand has 1392 states, 1093 states have (on average 1.614821591948765) internal successors, (1765), 1100 states have internal predecessors, (1765), 277 states have call successors, (277), 17 states have call predecessors, (277), 21 states have return successors, (308), 276 states have call predecessors, (308), 276 states have call successors, (308) Second operand 1454 states. [2022-02-20 18:01:19,399 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:19,400 INFO L93 Difference]: Finished difference Result 1454 states and 2490 transitions. [2022-02-20 18:01:19,400 INFO L276 IsEmpty]: Start isEmpty. Operand 1454 states and 2490 transitions. [2022-02-20 18:01:19,404 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:19,417 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:19,418 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:01:19,418 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:01:19,420 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1392 states, 1093 states have (on average 1.614821591948765) internal successors, (1765), 1100 states have internal predecessors, (1765), 277 states have call successors, (277), 17 states have call predecessors, (277), 21 states have return successors, (308), 276 states have call predecessors, (308), 276 states have call successors, (308) [2022-02-20 18:01:19,596 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1392 states to 1392 states and 2350 transitions. [2022-02-20 18:01:19,596 INFO L78 Accepts]: Start accepts. Automaton has 1392 states and 2350 transitions. Word has length 132 [2022-02-20 18:01:19,597 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:01:19,597 INFO L470 AbstractCegarLoop]: Abstraction has 1392 states and 2350 transitions. [2022-02-20 18:01:19,597 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 14.333333333333334) internal successors, (86), 3 states have internal predecessors, (86), 2 states have call successors, (16), 5 states have call predecessors, (16), 1 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:01:19,597 INFO L276 IsEmpty]: Start isEmpty. Operand 1392 states and 2350 transitions. [2022-02-20 18:01:19,618 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 134 [2022-02-20 18:01:19,618 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:01:19,619 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:01:19,619 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable11 [2022-02-20 18:01:19,619 INFO L402 AbstractCegarLoop]: === Iteration 13 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:01:19,619 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:01:19,620 INFO L85 PathProgramCache]: Analyzing trace with hash -1575438508, now seen corresponding path program 1 times [2022-02-20 18:01:19,620 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:01:19,620 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [781430254] [2022-02-20 18:01:19,627 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:19,627 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:01:19,666 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:19,703 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:01:19,705 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:19,706 INFO L290 TraceCheckUtils]: 0: Hoare triple {38471#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {38406#true} is VALID [2022-02-20 18:01:19,706 INFO L290 TraceCheckUtils]: 1: Hoare triple {38406#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {38406#true} is VALID [2022-02-20 18:01:19,707 INFO L290 TraceCheckUtils]: 2: Hoare triple {38406#true} assume true; {38406#true} is VALID [2022-02-20 18:01:19,707 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {38406#true} {38406#true} #829#return; {38406#true} is VALID [2022-02-20 18:01:19,711 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:01:19,713 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:19,714 INFO L290 TraceCheckUtils]: 0: Hoare triple {38472#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {38406#true} is VALID [2022-02-20 18:01:19,714 INFO L290 TraceCheckUtils]: 1: Hoare triple {38406#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {38406#true} is VALID [2022-02-20 18:01:19,714 INFO L290 TraceCheckUtils]: 2: Hoare triple {38406#true} assume true; {38406#true} is VALID [2022-02-20 18:01:19,715 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {38406#true} {38406#true} #831#return; {38406#true} is VALID [2022-02-20 18:01:19,715 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:01:19,719 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:19,722 INFO L290 TraceCheckUtils]: 0: Hoare triple {38471#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {38406#true} is VALID [2022-02-20 18:01:19,730 INFO L290 TraceCheckUtils]: 1: Hoare triple {38406#true} assume !(1 == ~handle); {38406#true} is VALID [2022-02-20 18:01:19,730 INFO L290 TraceCheckUtils]: 2: Hoare triple {38406#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {38406#true} is VALID [2022-02-20 18:01:19,730 INFO L290 TraceCheckUtils]: 3: Hoare triple {38406#true} assume true; {38406#true} is VALID [2022-02-20 18:01:19,730 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {38406#true} {38406#true} #833#return; {38406#true} is VALID [2022-02-20 18:01:19,730 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:01:19,732 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:19,735 INFO L290 TraceCheckUtils]: 0: Hoare triple {38472#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {38406#true} is VALID [2022-02-20 18:01:19,735 INFO L290 TraceCheckUtils]: 1: Hoare triple {38406#true} assume !(1 == ~handle); {38406#true} is VALID [2022-02-20 18:01:19,736 INFO L290 TraceCheckUtils]: 2: Hoare triple {38406#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {38406#true} is VALID [2022-02-20 18:01:19,736 INFO L290 TraceCheckUtils]: 3: Hoare triple {38406#true} assume true; {38406#true} is VALID [2022-02-20 18:01:19,736 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {38406#true} {38406#true} #835#return; {38406#true} is VALID [2022-02-20 18:01:19,736 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:01:19,737 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:19,741 INFO L290 TraceCheckUtils]: 0: Hoare triple {38471#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {38406#true} is VALID [2022-02-20 18:01:19,742 INFO L290 TraceCheckUtils]: 1: Hoare triple {38406#true} assume !(1 == ~handle); {38406#true} is VALID [2022-02-20 18:01:19,742 INFO L290 TraceCheckUtils]: 2: Hoare triple {38406#true} assume !(2 == ~handle); {38406#true} is VALID [2022-02-20 18:01:19,742 INFO L290 TraceCheckUtils]: 3: Hoare triple {38406#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {38406#true} is VALID [2022-02-20 18:01:19,742 INFO L290 TraceCheckUtils]: 4: Hoare triple {38406#true} assume true; {38406#true} is VALID [2022-02-20 18:01:19,742 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {38406#true} {38406#true} #837#return; {38406#true} is VALID [2022-02-20 18:01:19,742 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:01:19,743 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:19,761 INFO L290 TraceCheckUtils]: 0: Hoare triple {38472#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {38406#true} is VALID [2022-02-20 18:01:19,761 INFO L290 TraceCheckUtils]: 1: Hoare triple {38406#true} assume !(1 == ~handle); {38406#true} is VALID [2022-02-20 18:01:19,761 INFO L290 TraceCheckUtils]: 2: Hoare triple {38406#true} assume !(2 == ~handle); {38406#true} is VALID [2022-02-20 18:01:19,761 INFO L290 TraceCheckUtils]: 3: Hoare triple {38406#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {38406#true} is VALID [2022-02-20 18:01:19,761 INFO L290 TraceCheckUtils]: 4: Hoare triple {38406#true} assume true; {38406#true} is VALID [2022-02-20 18:01:19,761 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {38406#true} {38406#true} #839#return; {38406#true} is VALID [2022-02-20 18:01:19,766 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 18:01:19,766 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:19,768 INFO L290 TraceCheckUtils]: 0: Hoare triple {38473#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {38406#true} is VALID [2022-02-20 18:01:19,768 INFO L290 TraceCheckUtils]: 1: Hoare triple {38406#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {38406#true} is VALID [2022-02-20 18:01:19,768 INFO L290 TraceCheckUtils]: 2: Hoare triple {38406#true} assume true; {38406#true} is VALID [2022-02-20 18:01:19,768 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {38406#true} {38407#false} #825#return; {38407#false} is VALID [2022-02-20 18:01:19,768 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2022-02-20 18:01:19,769 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:19,771 INFO L290 TraceCheckUtils]: 0: Hoare triple {38406#true} ~handle := #in~handle;havoc ~retValue_acc~30; {38406#true} is VALID [2022-02-20 18:01:19,771 INFO L290 TraceCheckUtils]: 1: Hoare triple {38406#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {38406#true} is VALID [2022-02-20 18:01:19,771 INFO L290 TraceCheckUtils]: 2: Hoare triple {38406#true} assume true; {38406#true} is VALID [2022-02-20 18:01:19,771 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {38406#true} {38407#false} #787#return; {38407#false} is VALID [2022-02-20 18:01:19,771 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 18:01:19,772 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:19,773 INFO L290 TraceCheckUtils]: 0: Hoare triple {38473#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {38406#true} is VALID [2022-02-20 18:01:19,773 INFO L290 TraceCheckUtils]: 1: Hoare triple {38406#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {38406#true} is VALID [2022-02-20 18:01:19,773 INFO L290 TraceCheckUtils]: 2: Hoare triple {38406#true} assume true; {38406#true} is VALID [2022-02-20 18:01:19,774 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {38406#true} {38407#false} #793#return; {38407#false} is VALID [2022-02-20 18:01:19,774 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99 [2022-02-20 18:01:19,774 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:19,776 INFO L290 TraceCheckUtils]: 0: Hoare triple {38406#true} ~handle := #in~handle;havoc ~retValue_acc~33; {38406#true} is VALID [2022-02-20 18:01:19,776 INFO L290 TraceCheckUtils]: 1: Hoare triple {38406#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~33; {38406#true} is VALID [2022-02-20 18:01:19,776 INFO L290 TraceCheckUtils]: 2: Hoare triple {38406#true} assume true; {38406#true} is VALID [2022-02-20 18:01:19,776 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {38406#true} {38407#false} #795#return; {38407#false} is VALID [2022-02-20 18:01:19,776 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 106 [2022-02-20 18:01:19,777 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:19,778 INFO L290 TraceCheckUtils]: 0: Hoare triple {38406#true} ~handle := #in~handle;havoc ~retValue_acc~30; {38406#true} is VALID [2022-02-20 18:01:19,778 INFO L290 TraceCheckUtils]: 1: Hoare triple {38406#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {38406#true} is VALID [2022-02-20 18:01:19,778 INFO L290 TraceCheckUtils]: 2: Hoare triple {38406#true} assume true; {38406#true} is VALID [2022-02-20 18:01:19,778 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {38406#true} {38407#false} #797#return; {38407#false} is VALID [2022-02-20 18:01:19,778 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 113 [2022-02-20 18:01:19,779 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:19,780 INFO L290 TraceCheckUtils]: 0: Hoare triple {38406#true} ~handle := #in~handle;havoc ~retValue_acc~19; {38406#true} is VALID [2022-02-20 18:01:19,780 INFO L290 TraceCheckUtils]: 1: Hoare triple {38406#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {38406#true} is VALID [2022-02-20 18:01:19,780 INFO L290 TraceCheckUtils]: 2: Hoare triple {38406#true} assume true; {38406#true} is VALID [2022-02-20 18:01:19,781 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {38406#true} {38407#false} #799#return; {38407#false} is VALID [2022-02-20 18:01:19,781 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 119 [2022-02-20 18:01:19,781 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:19,782 INFO L290 TraceCheckUtils]: 0: Hoare triple {38406#true} ~handle := #in~handle;havoc ~retValue_acc~34; {38406#true} is VALID [2022-02-20 18:01:19,782 INFO L290 TraceCheckUtils]: 1: Hoare triple {38406#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~34; {38406#true} is VALID [2022-02-20 18:01:19,783 INFO L290 TraceCheckUtils]: 2: Hoare triple {38406#true} assume true; {38406#true} is VALID [2022-02-20 18:01:19,783 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {38406#true} {38407#false} #801#return; {38407#false} is VALID [2022-02-20 18:01:19,783 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 125 [2022-02-20 18:01:19,783 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:19,796 INFO L290 TraceCheckUtils]: 0: Hoare triple {38406#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~42;havoc ~__cil_tmp4~4.base, ~__cil_tmp4~4.offset;~__cil_tmp4~4.base, ~__cil_tmp4~4.offset := 32, 0;havoc #t~nondet76; {38406#true} is VALID [2022-02-20 18:01:19,797 INFO L290 TraceCheckUtils]: 1: Hoare triple {38406#true} assume 0 == ~publicKey;~retValue_acc~42 := 0;#res := ~retValue_acc~42; {38406#true} is VALID [2022-02-20 18:01:19,797 INFO L290 TraceCheckUtils]: 2: Hoare triple {38406#true} assume true; {38406#true} is VALID [2022-02-20 18:01:19,797 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {38406#true} {38407#false} #803#return; {38407#false} is VALID [2022-02-20 18:01:19,797 INFO L290 TraceCheckUtils]: 0: Hoare triple {38406#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(21, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(44, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(11, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(100, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(20, 32);call #Ultimate.allocInit(13, 33);call #Ultimate.allocInit(19, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(19, 36);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(115, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_encrypted~0 := -1; {38406#true} is VALID [2022-02-20 18:01:19,797 INFO L290 TraceCheckUtils]: 1: Hoare triple {38406#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~9#1, main_~tmp~7#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {38406#true} is VALID [2022-02-20 18:01:19,797 INFO L290 TraceCheckUtils]: 2: Hoare triple {38406#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {38406#true} is VALID [2022-02-20 18:01:19,797 INFO L290 TraceCheckUtils]: 3: Hoare triple {38406#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {38406#true} is VALID [2022-02-20 18:01:19,797 INFO L290 TraceCheckUtils]: 4: Hoare triple {38406#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {38406#true} is VALID [2022-02-20 18:01:19,797 INFO L290 TraceCheckUtils]: 5: Hoare triple {38406#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {38406#true} is VALID [2022-02-20 18:01:19,798 INFO L272 TraceCheckUtils]: 6: Hoare triple {38406#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {38471#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:19,798 INFO L290 TraceCheckUtils]: 7: Hoare triple {38471#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {38406#true} is VALID [2022-02-20 18:01:19,798 INFO L290 TraceCheckUtils]: 8: Hoare triple {38406#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {38406#true} is VALID [2022-02-20 18:01:19,798 INFO L290 TraceCheckUtils]: 9: Hoare triple {38406#true} assume true; {38406#true} is VALID [2022-02-20 18:01:19,798 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {38406#true} {38406#true} #829#return; {38406#true} is VALID [2022-02-20 18:01:19,799 INFO L290 TraceCheckUtils]: 11: Hoare triple {38406#true} assume { :end_inline_setup_bob__wrappee__Base } true; {38406#true} is VALID [2022-02-20 18:01:19,799 INFO L272 TraceCheckUtils]: 12: Hoare triple {38406#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {38472#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:19,799 INFO L290 TraceCheckUtils]: 13: Hoare triple {38472#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {38406#true} is VALID [2022-02-20 18:01:19,799 INFO L290 TraceCheckUtils]: 14: Hoare triple {38406#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {38406#true} is VALID [2022-02-20 18:01:19,799 INFO L290 TraceCheckUtils]: 15: Hoare triple {38406#true} assume true; {38406#true} is VALID [2022-02-20 18:01:19,800 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {38406#true} {38406#true} #831#return; {38406#true} is VALID [2022-02-20 18:01:19,800 INFO L290 TraceCheckUtils]: 17: Hoare triple {38406#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 24, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {38406#true} is VALID [2022-02-20 18:01:19,800 INFO L272 TraceCheckUtils]: 18: Hoare triple {38406#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {38471#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:19,800 INFO L290 TraceCheckUtils]: 19: Hoare triple {38471#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {38406#true} is VALID [2022-02-20 18:01:19,800 INFO L290 TraceCheckUtils]: 20: Hoare triple {38406#true} assume !(1 == ~handle); {38406#true} is VALID [2022-02-20 18:01:19,801 INFO L290 TraceCheckUtils]: 21: Hoare triple {38406#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {38406#true} is VALID [2022-02-20 18:01:19,801 INFO L290 TraceCheckUtils]: 22: Hoare triple {38406#true} assume true; {38406#true} is VALID [2022-02-20 18:01:19,801 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {38406#true} {38406#true} #833#return; {38406#true} is VALID [2022-02-20 18:01:19,801 INFO L290 TraceCheckUtils]: 24: Hoare triple {38406#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {38406#true} is VALID [2022-02-20 18:01:19,801 INFO L272 TraceCheckUtils]: 25: Hoare triple {38406#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {38472#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:19,801 INFO L290 TraceCheckUtils]: 26: Hoare triple {38472#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {38406#true} is VALID [2022-02-20 18:01:19,802 INFO L290 TraceCheckUtils]: 27: Hoare triple {38406#true} assume !(1 == ~handle); {38406#true} is VALID [2022-02-20 18:01:19,802 INFO L290 TraceCheckUtils]: 28: Hoare triple {38406#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {38406#true} is VALID [2022-02-20 18:01:19,802 INFO L290 TraceCheckUtils]: 29: Hoare triple {38406#true} assume true; {38406#true} is VALID [2022-02-20 18:01:19,802 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {38406#true} {38406#true} #835#return; {38406#true} is VALID [2022-02-20 18:01:19,802 INFO L290 TraceCheckUtils]: 31: Hoare triple {38406#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 25, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {38406#true} is VALID [2022-02-20 18:01:19,802 INFO L272 TraceCheckUtils]: 32: Hoare triple {38406#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {38471#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:19,803 INFO L290 TraceCheckUtils]: 33: Hoare triple {38471#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {38406#true} is VALID [2022-02-20 18:01:19,803 INFO L290 TraceCheckUtils]: 34: Hoare triple {38406#true} assume !(1 == ~handle); {38406#true} is VALID [2022-02-20 18:01:19,803 INFO L290 TraceCheckUtils]: 35: Hoare triple {38406#true} assume !(2 == ~handle); {38406#true} is VALID [2022-02-20 18:01:19,803 INFO L290 TraceCheckUtils]: 36: Hoare triple {38406#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {38406#true} is VALID [2022-02-20 18:01:19,803 INFO L290 TraceCheckUtils]: 37: Hoare triple {38406#true} assume true; {38406#true} is VALID [2022-02-20 18:01:19,803 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {38406#true} {38406#true} #837#return; {38406#true} is VALID [2022-02-20 18:01:19,803 INFO L290 TraceCheckUtils]: 39: Hoare triple {38406#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {38406#true} is VALID [2022-02-20 18:01:19,804 INFO L272 TraceCheckUtils]: 40: Hoare triple {38406#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {38472#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:19,804 INFO L290 TraceCheckUtils]: 41: Hoare triple {38472#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {38406#true} is VALID [2022-02-20 18:01:19,804 INFO L290 TraceCheckUtils]: 42: Hoare triple {38406#true} assume !(1 == ~handle); {38406#true} is VALID [2022-02-20 18:01:19,804 INFO L290 TraceCheckUtils]: 43: Hoare triple {38406#true} assume !(2 == ~handle); {38406#true} is VALID [2022-02-20 18:01:19,804 INFO L290 TraceCheckUtils]: 44: Hoare triple {38406#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {38406#true} is VALID [2022-02-20 18:01:19,804 INFO L290 TraceCheckUtils]: 45: Hoare triple {38406#true} assume true; {38406#true} is VALID [2022-02-20 18:01:19,804 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {38406#true} {38406#true} #839#return; {38406#true} is VALID [2022-02-20 18:01:19,804 INFO L290 TraceCheckUtils]: 47: Hoare triple {38406#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 26, 0;havoc setup_#t~nondet49#1; {38406#true} is VALID [2022-02-20 18:01:19,805 INFO L290 TraceCheckUtils]: 48: Hoare triple {38406#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {38438#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 18:01:19,805 INFO L290 TraceCheckUtils]: 49: Hoare triple {38438#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume !false; {38438#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 18:01:19,805 INFO L290 TraceCheckUtils]: 50: Hoare triple {38438#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {38438#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 18:01:19,806 INFO L290 TraceCheckUtils]: 51: Hoare triple {38438#(= |ULTIMATE.start_test_~op4~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {38438#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 18:01:19,806 INFO L290 TraceCheckUtils]: 52: Hoare triple {38438#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet86#1 && test_#t~nondet86#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet86#1;havoc test_#t~nondet86#1; {38438#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 18:01:19,806 INFO L290 TraceCheckUtils]: 53: Hoare triple {38438#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume !(0 != test_~tmp___9~0#1); {38438#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 18:01:19,806 INFO L290 TraceCheckUtils]: 54: Hoare triple {38438#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet87#1 && test_#t~nondet87#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet87#1;havoc test_#t~nondet87#1; {38438#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 18:01:19,807 INFO L290 TraceCheckUtils]: 55: Hoare triple {38438#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume !(0 != test_~tmp___8~0#1); {38438#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 18:01:19,807 INFO L290 TraceCheckUtils]: 56: Hoare triple {38438#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume 0 == test_~op3~0#1;assume -2147483648 <= test_#t~nondet88#1 && test_#t~nondet88#1 <= 2147483647;test_~tmp___7~0#1 := test_#t~nondet88#1;havoc test_#t~nondet88#1; {38438#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 18:01:19,807 INFO L290 TraceCheckUtils]: 57: Hoare triple {38438#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume !(0 != test_~tmp___7~0#1); {38438#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 18:01:19,807 INFO L290 TraceCheckUtils]: 58: Hoare triple {38438#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume !(0 == test_~op4~0#1); {38407#false} is VALID [2022-02-20 18:01:19,807 INFO L290 TraceCheckUtils]: 59: Hoare triple {38407#false} assume !(0 == test_~op5~0#1); {38407#false} is VALID [2022-02-20 18:01:19,808 INFO L290 TraceCheckUtils]: 60: Hoare triple {38407#false} assume !(0 == test_~op6~0#1); {38407#false} is VALID [2022-02-20 18:01:19,808 INFO L290 TraceCheckUtils]: 61: Hoare triple {38407#false} assume !(0 == test_~op7~0#1); {38407#false} is VALID [2022-02-20 18:01:19,808 INFO L290 TraceCheckUtils]: 62: Hoare triple {38407#false} assume !(0 == test_~op8~0#1); {38407#false} is VALID [2022-02-20 18:01:19,808 INFO L290 TraceCheckUtils]: 63: Hoare triple {38407#false} assume !(0 == test_~op9~0#1); {38407#false} is VALID [2022-02-20 18:01:19,808 INFO L290 TraceCheckUtils]: 64: Hoare triple {38407#false} assume !(0 == test_~op10~0#1); {38407#false} is VALID [2022-02-20 18:01:19,808 INFO L290 TraceCheckUtils]: 65: Hoare triple {38407#false} assume !(0 == test_~op11~0#1); {38407#false} is VALID [2022-02-20 18:01:19,808 INFO L290 TraceCheckUtils]: 66: Hoare triple {38407#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret42#1 := puts(22, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {38407#false} is VALID [2022-02-20 18:01:19,808 INFO L272 TraceCheckUtils]: 67: Hoare triple {38407#false} call sendEmail(~bob~0, ~rjh~0); {38407#false} is VALID [2022-02-20 18:01:19,808 INFO L290 TraceCheckUtils]: 68: Hoare triple {38407#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~5#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~5#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {38407#false} is VALID [2022-02-20 18:01:19,808 INFO L272 TraceCheckUtils]: 69: Hoare triple {38407#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {38473#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:19,809 INFO L290 TraceCheckUtils]: 70: Hoare triple {38473#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {38406#true} is VALID [2022-02-20 18:01:19,809 INFO L290 TraceCheckUtils]: 71: Hoare triple {38406#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {38406#true} is VALID [2022-02-20 18:01:19,809 INFO L290 TraceCheckUtils]: 72: Hoare triple {38406#true} assume true; {38406#true} is VALID [2022-02-20 18:01:19,809 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {38406#true} {38407#false} #825#return; {38407#false} is VALID [2022-02-20 18:01:19,809 INFO L290 TraceCheckUtils]: 74: Hoare triple {38407#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {38407#false} is VALID [2022-02-20 18:01:19,809 INFO L290 TraceCheckUtils]: 75: Hoare triple {38407#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {38407#false} is VALID [2022-02-20 18:01:19,809 INFO L290 TraceCheckUtils]: 76: Hoare triple {38407#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~5#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~5#1; {38407#false} is VALID [2022-02-20 18:01:19,809 INFO L290 TraceCheckUtils]: 77: Hoare triple {38407#false} #t~ret75#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret75#1 && #t~ret75#1 <= 2147483647;~tmp~16#1 := #t~ret75#1;havoc #t~ret75#1;~email~0#1 := ~tmp~16#1; {38407#false} is VALID [2022-02-20 18:01:19,809 INFO L272 TraceCheckUtils]: 78: Hoare triple {38407#false} call outgoing(~sender#1, ~email~0#1); {38407#false} is VALID [2022-02-20 18:01:19,809 INFO L290 TraceCheckUtils]: 79: Hoare triple {38407#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~13#1;havoc ~pubkey~0#1;havoc ~tmp___0~4#1; {38407#false} is VALID [2022-02-20 18:01:19,810 INFO L272 TraceCheckUtils]: 80: Hoare triple {38407#false} call #t~ret67#1 := getEmailTo(~msg#1); {38406#true} is VALID [2022-02-20 18:01:19,810 INFO L290 TraceCheckUtils]: 81: Hoare triple {38406#true} ~handle := #in~handle;havoc ~retValue_acc~30; {38406#true} is VALID [2022-02-20 18:01:19,810 INFO L290 TraceCheckUtils]: 82: Hoare triple {38406#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {38406#true} is VALID [2022-02-20 18:01:19,810 INFO L290 TraceCheckUtils]: 83: Hoare triple {38406#true} assume true; {38406#true} is VALID [2022-02-20 18:01:19,810 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {38406#true} {38407#false} #787#return; {38407#false} is VALID [2022-02-20 18:01:19,810 INFO L290 TraceCheckUtils]: 85: Hoare triple {38407#false} assume -2147483648 <= #t~ret67#1 && #t~ret67#1 <= 2147483647;~tmp~13#1 := #t~ret67#1;havoc #t~ret67#1;~receiver~0#1 := ~tmp~13#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~24#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~24#1; {38407#false} is VALID [2022-02-20 18:01:19,810 INFO L290 TraceCheckUtils]: 86: Hoare triple {38407#false} assume 1 == findPublicKey_~handle#1; {38407#false} is VALID [2022-02-20 18:01:19,810 INFO L290 TraceCheckUtils]: 87: Hoare triple {38407#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~24#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~24#1; {38407#false} is VALID [2022-02-20 18:01:19,810 INFO L290 TraceCheckUtils]: 88: Hoare triple {38407#false} #t~ret68#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret68#1 && #t~ret68#1 <= 2147483647;~tmp___0~4#1 := #t~ret68#1;havoc #t~ret68#1;~pubkey~0#1 := ~tmp___0~4#1; {38407#false} is VALID [2022-02-20 18:01:19,810 INFO L290 TraceCheckUtils]: 89: Hoare triple {38407#false} assume !(0 != ~pubkey~0#1); {38407#false} is VALID [2022-02-20 18:01:19,811 INFO L290 TraceCheckUtils]: 90: Hoare triple {38407#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret66#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~12#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {38407#false} is VALID [2022-02-20 18:01:19,811 INFO L290 TraceCheckUtils]: 91: Hoare triple {38407#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {38407#false} is VALID [2022-02-20 18:01:19,811 INFO L290 TraceCheckUtils]: 92: Hoare triple {38407#false} outgoing__wrappee__Keys_#t~ret66#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret66#1 && outgoing__wrappee__Keys_#t~ret66#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~12#1 := outgoing__wrappee__Keys_#t~ret66#1;havoc outgoing__wrappee__Keys_#t~ret66#1; {38407#false} is VALID [2022-02-20 18:01:19,811 INFO L272 TraceCheckUtils]: 93: Hoare triple {38407#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1); {38473#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:19,811 INFO L290 TraceCheckUtils]: 94: Hoare triple {38473#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {38406#true} is VALID [2022-02-20 18:01:19,811 INFO L290 TraceCheckUtils]: 95: Hoare triple {38406#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {38406#true} is VALID [2022-02-20 18:01:19,811 INFO L290 TraceCheckUtils]: 96: Hoare triple {38406#true} assume true; {38406#true} is VALID [2022-02-20 18:01:19,811 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {38406#true} {38407#false} #793#return; {38407#false} is VALID [2022-02-20 18:01:19,811 INFO L290 TraceCheckUtils]: 98: Hoare triple {38407#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret64#1, mail_#t~ret65#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~11#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~11#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 := puts(33, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1; {38407#false} is VALID [2022-02-20 18:01:19,812 INFO L272 TraceCheckUtils]: 99: Hoare triple {38407#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {38406#true} is VALID [2022-02-20 18:01:19,812 INFO L290 TraceCheckUtils]: 100: Hoare triple {38406#true} ~handle := #in~handle;havoc ~retValue_acc~33; {38406#true} is VALID [2022-02-20 18:01:19,812 INFO L290 TraceCheckUtils]: 101: Hoare triple {38406#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~33; {38406#true} is VALID [2022-02-20 18:01:19,812 INFO L290 TraceCheckUtils]: 102: Hoare triple {38406#true} assume true; {38406#true} is VALID [2022-02-20 18:01:19,812 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {38406#true} {38407#false} #795#return; {38407#false} is VALID [2022-02-20 18:01:19,812 INFO L290 TraceCheckUtils]: 104: Hoare triple {38407#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset := 34, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1; {38407#false} is VALID [2022-02-20 18:01:19,812 INFO L290 TraceCheckUtils]: 105: Hoare triple {38407#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret64#1 := puts(30, 0);assume -2147483648 <= mail_#t~ret64#1 && mail_#t~ret64#1 <= 2147483647;havoc mail_#t~ret64#1; {38407#false} is VALID [2022-02-20 18:01:19,818 INFO L272 TraceCheckUtils]: 106: Hoare triple {38407#false} call mail_#t~ret65#1 := getEmailTo(mail_~msg#1); {38406#true} is VALID [2022-02-20 18:01:19,818 INFO L290 TraceCheckUtils]: 107: Hoare triple {38406#true} ~handle := #in~handle;havoc ~retValue_acc~30; {38406#true} is VALID [2022-02-20 18:01:19,818 INFO L290 TraceCheckUtils]: 108: Hoare triple {38406#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {38406#true} is VALID [2022-02-20 18:01:19,818 INFO L290 TraceCheckUtils]: 109: Hoare triple {38406#true} assume true; {38406#true} is VALID [2022-02-20 18:01:19,819 INFO L284 TraceCheckUtils]: 110: Hoare quadruple {38406#true} {38407#false} #797#return; {38407#false} is VALID [2022-02-20 18:01:19,819 INFO L290 TraceCheckUtils]: 111: Hoare triple {38407#false} assume -2147483648 <= mail_#t~ret65#1 && mail_#t~ret65#1 <= 2147483647;mail_~tmp~11#1 := mail_#t~ret65#1;havoc mail_#t~ret65#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~11#1, mail_~msg#1;havoc incoming_#t~ret70#1, incoming_#t~ret71#1, incoming_#t~ret72#1, incoming_#t~ret73#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~14#1, incoming_~tmp___0~5#1, incoming_~tmp___1~2#1, incoming_~tmp___2~1#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~14#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~2#1;havoc incoming_~tmp___2~1#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 := puts(35, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset := 36, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1; {38407#false} is VALID [2022-02-20 18:01:19,819 INFO L290 TraceCheckUtils]: 112: Hoare triple {38407#false} assume 1 == ~sent_encrypted~0; {38407#false} is VALID [2022-02-20 18:01:19,830 INFO L272 TraceCheckUtils]: 113: Hoare triple {38407#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {38406#true} is VALID [2022-02-20 18:01:19,830 INFO L290 TraceCheckUtils]: 114: Hoare triple {38406#true} ~handle := #in~handle;havoc ~retValue_acc~19; {38406#true} is VALID [2022-02-20 18:01:19,830 INFO L290 TraceCheckUtils]: 115: Hoare triple {38406#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {38406#true} is VALID [2022-02-20 18:01:19,830 INFO L290 TraceCheckUtils]: 116: Hoare triple {38406#true} assume true; {38406#true} is VALID [2022-02-20 18:01:19,830 INFO L284 TraceCheckUtils]: 117: Hoare quadruple {38406#true} {38407#false} #799#return; {38407#false} is VALID [2022-02-20 18:01:19,831 INFO L290 TraceCheckUtils]: 118: Hoare triple {38407#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~17#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1; {38407#false} is VALID [2022-02-20 18:01:19,831 INFO L272 TraceCheckUtils]: 119: Hoare triple {38407#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {38406#true} is VALID [2022-02-20 18:01:19,831 INFO L290 TraceCheckUtils]: 120: Hoare triple {38406#true} ~handle := #in~handle;havoc ~retValue_acc~34; {38406#true} is VALID [2022-02-20 18:01:19,831 INFO L290 TraceCheckUtils]: 121: Hoare triple {38406#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~34; {38406#true} is VALID [2022-02-20 18:01:19,831 INFO L290 TraceCheckUtils]: 122: Hoare triple {38406#true} assume true; {38406#true} is VALID [2022-02-20 18:01:19,831 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {38406#true} {38407#false} #801#return; {38407#false} is VALID [2022-02-20 18:01:19,831 INFO L290 TraceCheckUtils]: 124: Hoare triple {38407#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1; {38407#false} is VALID [2022-02-20 18:01:19,831 INFO L272 TraceCheckUtils]: 125: Hoare triple {38407#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1); {38406#true} is VALID [2022-02-20 18:01:19,831 INFO L290 TraceCheckUtils]: 126: Hoare triple {38406#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~42;havoc ~__cil_tmp4~4.base, ~__cil_tmp4~4.offset;~__cil_tmp4~4.base, ~__cil_tmp4~4.offset := 32, 0;havoc #t~nondet76; {38406#true} is VALID [2022-02-20 18:01:19,832 INFO L290 TraceCheckUtils]: 127: Hoare triple {38406#true} assume 0 == ~publicKey;~retValue_acc~42 := 0;#res := ~retValue_acc~42; {38406#true} is VALID [2022-02-20 18:01:19,832 INFO L290 TraceCheckUtils]: 128: Hoare triple {38406#true} assume true; {38406#true} is VALID [2022-02-20 18:01:19,832 INFO L284 TraceCheckUtils]: 129: Hoare quadruple {38406#true} {38407#false} #803#return; {38407#false} is VALID [2022-02-20 18:01:19,832 INFO L290 TraceCheckUtils]: 130: Hoare triple {38407#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1; {38407#false} is VALID [2022-02-20 18:01:19,832 INFO L290 TraceCheckUtils]: 131: Hoare triple {38407#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1);assume { :begin_inline___automaton_fail } true; {38407#false} is VALID [2022-02-20 18:01:19,832 INFO L290 TraceCheckUtils]: 132: Hoare triple {38407#false} assume !false; {38407#false} is VALID [2022-02-20 18:01:19,832 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 34 trivial. 0 not checked. [2022-02-20 18:01:19,833 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:01:19,833 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [781430254] [2022-02-20 18:01:19,833 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [781430254] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:01:19,833 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:01:19,833 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:01:19,833 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1598446953] [2022-02-20 18:01:19,833 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:01:19,834 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 14.5) internal successors, (87), 3 states have internal predecessors, (87), 2 states have call successors, (16), 5 states have call predecessors, (16), 1 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) Word has length 133 [2022-02-20 18:01:19,834 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:01:19,834 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 14.5) internal successors, (87), 3 states have internal predecessors, (87), 2 states have call successors, (16), 5 states have call predecessors, (16), 1 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:01:19,934 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 117 edges. 117 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:19,934 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:01:19,934 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:01:19,935 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:01:19,935 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:01:19,935 INFO L87 Difference]: Start difference. First operand 1392 states and 2350 transitions. Second operand has 6 states, 6 states have (on average 14.5) internal successors, (87), 3 states have internal predecessors, (87), 2 states have call successors, (16), 5 states have call predecessors, (16), 1 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:01:24,158 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:24,159 INFO L93 Difference]: Finished difference Result 3304 states and 5693 transitions. [2022-02-20 18:01:24,159 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 18:01:24,159 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 14.5) internal successors, (87), 3 states have internal predecessors, (87), 2 states have call successors, (16), 5 states have call predecessors, (16), 1 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) Word has length 133 [2022-02-20 18:01:24,159 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:01:24,159 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 14.5) internal successors, (87), 3 states have internal predecessors, (87), 2 states have call successors, (16), 5 states have call predecessors, (16), 1 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:01:24,178 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 977 transitions. [2022-02-20 18:01:24,179 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 14.5) internal successors, (87), 3 states have internal predecessors, (87), 2 states have call successors, (16), 5 states have call predecessors, (16), 1 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:01:24,186 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 977 transitions. [2022-02-20 18:01:24,186 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 977 transitions. [2022-02-20 18:01:24,907 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 977 edges. 977 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:25,184 INFO L225 Difference]: With dead ends: 3304 [2022-02-20 18:01:25,184 INFO L226 Difference]: Without dead ends: 2158 [2022-02-20 18:01:25,206 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 38 GetRequests, 30 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 6 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=29, Invalid=61, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:01:25,207 INFO L933 BasicCegarLoop]: 452 mSDtfsCounter, 679 mSDsluCounter, 477 mSDsCounter, 0 mSdLazyCounter, 600 mSolverCounterSat, 250 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 694 SdHoareTripleChecker+Valid, 929 SdHoareTripleChecker+Invalid, 850 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 250 IncrementalHoareTripleChecker+Valid, 600 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:01:25,207 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [694 Valid, 929 Invalid, 850 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [250 Valid, 600 Invalid, 0 Unknown, 0 Unchecked, 1.0s Time] [2022-02-20 18:01:25,209 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 2158 states. [2022-02-20 18:01:26,608 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 2158 to 2096. [2022-02-20 18:01:26,608 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:01:26,612 INFO L82 GeneralOperation]: Start isEquivalent. First operand 2158 states. Second operand has 2096 states, 1674 states have (on average 1.6200716845878136) internal successors, (2712), 1681 states have internal predecessors, (2712), 400 states have call successors, (400), 17 states have call predecessors, (400), 21 states have return successors, (447), 399 states have call predecessors, (447), 399 states have call successors, (447) [2022-02-20 18:01:26,614 INFO L74 IsIncluded]: Start isIncluded. First operand 2158 states. Second operand has 2096 states, 1674 states have (on average 1.6200716845878136) internal successors, (2712), 1681 states have internal predecessors, (2712), 400 states have call successors, (400), 17 states have call predecessors, (400), 21 states have return successors, (447), 399 states have call predecessors, (447), 399 states have call successors, (447) [2022-02-20 18:01:26,616 INFO L87 Difference]: Start difference. First operand 2158 states. Second operand has 2096 states, 1674 states have (on average 1.6200716845878136) internal successors, (2712), 1681 states have internal predecessors, (2712), 400 states have call successors, (400), 17 states have call predecessors, (400), 21 states have return successors, (447), 399 states have call predecessors, (447), 399 states have call successors, (447) [2022-02-20 18:01:26,775 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:26,775 INFO L93 Difference]: Finished difference Result 2158 states and 3733 transitions. [2022-02-20 18:01:26,775 INFO L276 IsEmpty]: Start isEmpty. Operand 2158 states and 3733 transitions. [2022-02-20 18:01:26,781 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:26,781 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:26,784 INFO L74 IsIncluded]: Start isIncluded. First operand has 2096 states, 1674 states have (on average 1.6200716845878136) internal successors, (2712), 1681 states have internal predecessors, (2712), 400 states have call successors, (400), 17 states have call predecessors, (400), 21 states have return successors, (447), 399 states have call predecessors, (447), 399 states have call successors, (447) Second operand 2158 states. [2022-02-20 18:01:26,786 INFO L87 Difference]: Start difference. First operand has 2096 states, 1674 states have (on average 1.6200716845878136) internal successors, (2712), 1681 states have internal predecessors, (2712), 400 states have call successors, (400), 17 states have call predecessors, (400), 21 states have return successors, (447), 399 states have call predecessors, (447), 399 states have call successors, (447) Second operand 2158 states. [2022-02-20 18:01:26,954 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:26,954 INFO L93 Difference]: Finished difference Result 2158 states and 3733 transitions. [2022-02-20 18:01:26,954 INFO L276 IsEmpty]: Start isEmpty. Operand 2158 states and 3733 transitions. [2022-02-20 18:01:26,960 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:26,960 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:26,961 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:01:26,961 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:01:26,964 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2096 states, 1674 states have (on average 1.6200716845878136) internal successors, (2712), 1681 states have internal predecessors, (2712), 400 states have call successors, (400), 17 states have call predecessors, (400), 21 states have return successors, (447), 399 states have call predecessors, (447), 399 states have call successors, (447) [2022-02-20 18:01:27,217 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2096 states to 2096 states and 3559 transitions. [2022-02-20 18:01:27,218 INFO L78 Accepts]: Start accepts. Automaton has 2096 states and 3559 transitions. Word has length 133 [2022-02-20 18:01:27,218 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:01:27,218 INFO L470 AbstractCegarLoop]: Abstraction has 2096 states and 3559 transitions. [2022-02-20 18:01:27,218 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 14.5) internal successors, (87), 3 states have internal predecessors, (87), 2 states have call successors, (16), 5 states have call predecessors, (16), 1 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:01:27,218 INFO L276 IsEmpty]: Start isEmpty. Operand 2096 states and 3559 transitions. [2022-02-20 18:01:27,227 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 135 [2022-02-20 18:01:27,227 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:01:27,227 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:01:27,227 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable12 [2022-02-20 18:01:27,227 INFO L402 AbstractCegarLoop]: === Iteration 14 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:01:27,228 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:01:27,228 INFO L85 PathProgramCache]: Analyzing trace with hash -1009111593, now seen corresponding path program 1 times [2022-02-20 18:01:27,228 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:01:27,228 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1675776282] [2022-02-20 18:01:27,228 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:27,228 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:01:27,253 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:27,280 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:01:27,282 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:27,284 INFO L290 TraceCheckUtils]: 0: Hoare triple {50905#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {50840#true} is VALID [2022-02-20 18:01:27,284 INFO L290 TraceCheckUtils]: 1: Hoare triple {50840#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {50840#true} is VALID [2022-02-20 18:01:27,284 INFO L290 TraceCheckUtils]: 2: Hoare triple {50840#true} assume true; {50840#true} is VALID [2022-02-20 18:01:27,284 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {50840#true} {50840#true} #829#return; {50840#true} is VALID [2022-02-20 18:01:27,290 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:01:27,291 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:27,293 INFO L290 TraceCheckUtils]: 0: Hoare triple {50906#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {50840#true} is VALID [2022-02-20 18:01:27,294 INFO L290 TraceCheckUtils]: 1: Hoare triple {50840#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {50840#true} is VALID [2022-02-20 18:01:27,294 INFO L290 TraceCheckUtils]: 2: Hoare triple {50840#true} assume true; {50840#true} is VALID [2022-02-20 18:01:27,302 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {50840#true} {50840#true} #831#return; {50840#true} is VALID [2022-02-20 18:01:27,302 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:01:27,304 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:27,307 INFO L290 TraceCheckUtils]: 0: Hoare triple {50905#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {50840#true} is VALID [2022-02-20 18:01:27,307 INFO L290 TraceCheckUtils]: 1: Hoare triple {50840#true} assume !(1 == ~handle); {50840#true} is VALID [2022-02-20 18:01:27,307 INFO L290 TraceCheckUtils]: 2: Hoare triple {50840#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {50840#true} is VALID [2022-02-20 18:01:27,307 INFO L290 TraceCheckUtils]: 3: Hoare triple {50840#true} assume true; {50840#true} is VALID [2022-02-20 18:01:27,307 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {50840#true} {50840#true} #833#return; {50840#true} is VALID [2022-02-20 18:01:27,307 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:01:27,309 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:27,315 INFO L290 TraceCheckUtils]: 0: Hoare triple {50906#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {50840#true} is VALID [2022-02-20 18:01:27,315 INFO L290 TraceCheckUtils]: 1: Hoare triple {50840#true} assume !(1 == ~handle); {50840#true} is VALID [2022-02-20 18:01:27,315 INFO L290 TraceCheckUtils]: 2: Hoare triple {50840#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {50840#true} is VALID [2022-02-20 18:01:27,315 INFO L290 TraceCheckUtils]: 3: Hoare triple {50840#true} assume true; {50840#true} is VALID [2022-02-20 18:01:27,315 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {50840#true} {50840#true} #835#return; {50840#true} is VALID [2022-02-20 18:01:27,316 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:01:27,317 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:27,320 INFO L290 TraceCheckUtils]: 0: Hoare triple {50905#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {50840#true} is VALID [2022-02-20 18:01:27,320 INFO L290 TraceCheckUtils]: 1: Hoare triple {50840#true} assume !(1 == ~handle); {50840#true} is VALID [2022-02-20 18:01:27,320 INFO L290 TraceCheckUtils]: 2: Hoare triple {50840#true} assume !(2 == ~handle); {50840#true} is VALID [2022-02-20 18:01:27,320 INFO L290 TraceCheckUtils]: 3: Hoare triple {50840#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {50840#true} is VALID [2022-02-20 18:01:27,321 INFO L290 TraceCheckUtils]: 4: Hoare triple {50840#true} assume true; {50840#true} is VALID [2022-02-20 18:01:27,321 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {50840#true} {50840#true} #837#return; {50840#true} is VALID [2022-02-20 18:01:27,321 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:01:27,322 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:27,324 INFO L290 TraceCheckUtils]: 0: Hoare triple {50906#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {50840#true} is VALID [2022-02-20 18:01:27,325 INFO L290 TraceCheckUtils]: 1: Hoare triple {50840#true} assume !(1 == ~handle); {50840#true} is VALID [2022-02-20 18:01:27,325 INFO L290 TraceCheckUtils]: 2: Hoare triple {50840#true} assume !(2 == ~handle); {50840#true} is VALID [2022-02-20 18:01:27,325 INFO L290 TraceCheckUtils]: 3: Hoare triple {50840#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {50840#true} is VALID [2022-02-20 18:01:27,325 INFO L290 TraceCheckUtils]: 4: Hoare triple {50840#true} assume true; {50840#true} is VALID [2022-02-20 18:01:27,325 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {50840#true} {50840#true} #839#return; {50840#true} is VALID [2022-02-20 18:01:27,330 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-02-20 18:01:27,331 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:27,332 INFO L290 TraceCheckUtils]: 0: Hoare triple {50907#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {50840#true} is VALID [2022-02-20 18:01:27,332 INFO L290 TraceCheckUtils]: 1: Hoare triple {50840#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {50840#true} is VALID [2022-02-20 18:01:27,332 INFO L290 TraceCheckUtils]: 2: Hoare triple {50840#true} assume true; {50840#true} is VALID [2022-02-20 18:01:27,333 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {50840#true} {50841#false} #825#return; {50841#false} is VALID [2022-02-20 18:01:27,333 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81 [2022-02-20 18:01:27,334 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:27,336 INFO L290 TraceCheckUtils]: 0: Hoare triple {50840#true} ~handle := #in~handle;havoc ~retValue_acc~30; {50840#true} is VALID [2022-02-20 18:01:27,336 INFO L290 TraceCheckUtils]: 1: Hoare triple {50840#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {50840#true} is VALID [2022-02-20 18:01:27,337 INFO L290 TraceCheckUtils]: 2: Hoare triple {50840#true} assume true; {50840#true} is VALID [2022-02-20 18:01:27,337 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {50840#true} {50841#false} #787#return; {50841#false} is VALID [2022-02-20 18:01:27,337 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 18:01:27,338 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:27,339 INFO L290 TraceCheckUtils]: 0: Hoare triple {50907#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {50840#true} is VALID [2022-02-20 18:01:27,339 INFO L290 TraceCheckUtils]: 1: Hoare triple {50840#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {50840#true} is VALID [2022-02-20 18:01:27,339 INFO L290 TraceCheckUtils]: 2: Hoare triple {50840#true} assume true; {50840#true} is VALID [2022-02-20 18:01:27,339 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {50840#true} {50841#false} #793#return; {50841#false} is VALID [2022-02-20 18:01:27,340 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2022-02-20 18:01:27,340 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:27,342 INFO L290 TraceCheckUtils]: 0: Hoare triple {50840#true} ~handle := #in~handle;havoc ~retValue_acc~33; {50840#true} is VALID [2022-02-20 18:01:27,342 INFO L290 TraceCheckUtils]: 1: Hoare triple {50840#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~33; {50840#true} is VALID [2022-02-20 18:01:27,342 INFO L290 TraceCheckUtils]: 2: Hoare triple {50840#true} assume true; {50840#true} is VALID [2022-02-20 18:01:27,342 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {50840#true} {50841#false} #795#return; {50841#false} is VALID [2022-02-20 18:01:27,342 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 107 [2022-02-20 18:01:27,343 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:27,344 INFO L290 TraceCheckUtils]: 0: Hoare triple {50840#true} ~handle := #in~handle;havoc ~retValue_acc~30; {50840#true} is VALID [2022-02-20 18:01:27,344 INFO L290 TraceCheckUtils]: 1: Hoare triple {50840#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {50840#true} is VALID [2022-02-20 18:01:27,344 INFO L290 TraceCheckUtils]: 2: Hoare triple {50840#true} assume true; {50840#true} is VALID [2022-02-20 18:01:27,345 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {50840#true} {50841#false} #797#return; {50841#false} is VALID [2022-02-20 18:01:27,345 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 114 [2022-02-20 18:01:27,345 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:27,347 INFO L290 TraceCheckUtils]: 0: Hoare triple {50840#true} ~handle := #in~handle;havoc ~retValue_acc~19; {50840#true} is VALID [2022-02-20 18:01:27,347 INFO L290 TraceCheckUtils]: 1: Hoare triple {50840#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {50840#true} is VALID [2022-02-20 18:01:27,347 INFO L290 TraceCheckUtils]: 2: Hoare triple {50840#true} assume true; {50840#true} is VALID [2022-02-20 18:01:27,348 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {50840#true} {50841#false} #799#return; {50841#false} is VALID [2022-02-20 18:01:27,348 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 120 [2022-02-20 18:01:27,348 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:27,350 INFO L290 TraceCheckUtils]: 0: Hoare triple {50840#true} ~handle := #in~handle;havoc ~retValue_acc~34; {50840#true} is VALID [2022-02-20 18:01:27,350 INFO L290 TraceCheckUtils]: 1: Hoare triple {50840#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~34; {50840#true} is VALID [2022-02-20 18:01:27,350 INFO L290 TraceCheckUtils]: 2: Hoare triple {50840#true} assume true; {50840#true} is VALID [2022-02-20 18:01:27,350 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {50840#true} {50841#false} #801#return; {50841#false} is VALID [2022-02-20 18:01:27,350 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 126 [2022-02-20 18:01:27,351 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:27,356 INFO L290 TraceCheckUtils]: 0: Hoare triple {50840#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~42;havoc ~__cil_tmp4~4.base, ~__cil_tmp4~4.offset;~__cil_tmp4~4.base, ~__cil_tmp4~4.offset := 32, 0;havoc #t~nondet76; {50840#true} is VALID [2022-02-20 18:01:27,356 INFO L290 TraceCheckUtils]: 1: Hoare triple {50840#true} assume 0 == ~publicKey;~retValue_acc~42 := 0;#res := ~retValue_acc~42; {50840#true} is VALID [2022-02-20 18:01:27,356 INFO L290 TraceCheckUtils]: 2: Hoare triple {50840#true} assume true; {50840#true} is VALID [2022-02-20 18:01:27,356 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {50840#true} {50841#false} #803#return; {50841#false} is VALID [2022-02-20 18:01:27,356 INFO L290 TraceCheckUtils]: 0: Hoare triple {50840#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(21, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(44, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(11, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(100, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(20, 32);call #Ultimate.allocInit(13, 33);call #Ultimate.allocInit(19, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(19, 36);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(115, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_encrypted~0 := -1; {50840#true} is VALID [2022-02-20 18:01:27,356 INFO L290 TraceCheckUtils]: 1: Hoare triple {50840#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~9#1, main_~tmp~7#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {50840#true} is VALID [2022-02-20 18:01:27,357 INFO L290 TraceCheckUtils]: 2: Hoare triple {50840#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {50840#true} is VALID [2022-02-20 18:01:27,357 INFO L290 TraceCheckUtils]: 3: Hoare triple {50840#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {50840#true} is VALID [2022-02-20 18:01:27,357 INFO L290 TraceCheckUtils]: 4: Hoare triple {50840#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {50840#true} is VALID [2022-02-20 18:01:27,357 INFO L290 TraceCheckUtils]: 5: Hoare triple {50840#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {50840#true} is VALID [2022-02-20 18:01:27,357 INFO L272 TraceCheckUtils]: 6: Hoare triple {50840#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {50905#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:27,358 INFO L290 TraceCheckUtils]: 7: Hoare triple {50905#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {50840#true} is VALID [2022-02-20 18:01:27,358 INFO L290 TraceCheckUtils]: 8: Hoare triple {50840#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {50840#true} is VALID [2022-02-20 18:01:27,358 INFO L290 TraceCheckUtils]: 9: Hoare triple {50840#true} assume true; {50840#true} is VALID [2022-02-20 18:01:27,358 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {50840#true} {50840#true} #829#return; {50840#true} is VALID [2022-02-20 18:01:27,358 INFO L290 TraceCheckUtils]: 11: Hoare triple {50840#true} assume { :end_inline_setup_bob__wrappee__Base } true; {50840#true} is VALID [2022-02-20 18:01:27,359 INFO L272 TraceCheckUtils]: 12: Hoare triple {50840#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {50906#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:27,359 INFO L290 TraceCheckUtils]: 13: Hoare triple {50906#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {50840#true} is VALID [2022-02-20 18:01:27,359 INFO L290 TraceCheckUtils]: 14: Hoare triple {50840#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {50840#true} is VALID [2022-02-20 18:01:27,359 INFO L290 TraceCheckUtils]: 15: Hoare triple {50840#true} assume true; {50840#true} is VALID [2022-02-20 18:01:27,359 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {50840#true} {50840#true} #831#return; {50840#true} is VALID [2022-02-20 18:01:27,359 INFO L290 TraceCheckUtils]: 17: Hoare triple {50840#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 24, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {50840#true} is VALID [2022-02-20 18:01:27,360 INFO L272 TraceCheckUtils]: 18: Hoare triple {50840#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {50905#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:27,360 INFO L290 TraceCheckUtils]: 19: Hoare triple {50905#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {50840#true} is VALID [2022-02-20 18:01:27,360 INFO L290 TraceCheckUtils]: 20: Hoare triple {50840#true} assume !(1 == ~handle); {50840#true} is VALID [2022-02-20 18:01:27,360 INFO L290 TraceCheckUtils]: 21: Hoare triple {50840#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {50840#true} is VALID [2022-02-20 18:01:27,360 INFO L290 TraceCheckUtils]: 22: Hoare triple {50840#true} assume true; {50840#true} is VALID [2022-02-20 18:01:27,360 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {50840#true} {50840#true} #833#return; {50840#true} is VALID [2022-02-20 18:01:27,360 INFO L290 TraceCheckUtils]: 24: Hoare triple {50840#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {50840#true} is VALID [2022-02-20 18:01:27,361 INFO L272 TraceCheckUtils]: 25: Hoare triple {50840#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {50906#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:27,361 INFO L290 TraceCheckUtils]: 26: Hoare triple {50906#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {50840#true} is VALID [2022-02-20 18:01:27,361 INFO L290 TraceCheckUtils]: 27: Hoare triple {50840#true} assume !(1 == ~handle); {50840#true} is VALID [2022-02-20 18:01:27,361 INFO L290 TraceCheckUtils]: 28: Hoare triple {50840#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {50840#true} is VALID [2022-02-20 18:01:27,361 INFO L290 TraceCheckUtils]: 29: Hoare triple {50840#true} assume true; {50840#true} is VALID [2022-02-20 18:01:27,361 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {50840#true} {50840#true} #835#return; {50840#true} is VALID [2022-02-20 18:01:27,361 INFO L290 TraceCheckUtils]: 31: Hoare triple {50840#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 25, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {50840#true} is VALID [2022-02-20 18:01:27,362 INFO L272 TraceCheckUtils]: 32: Hoare triple {50840#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {50905#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:27,362 INFO L290 TraceCheckUtils]: 33: Hoare triple {50905#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {50840#true} is VALID [2022-02-20 18:01:27,362 INFO L290 TraceCheckUtils]: 34: Hoare triple {50840#true} assume !(1 == ~handle); {50840#true} is VALID [2022-02-20 18:01:27,362 INFO L290 TraceCheckUtils]: 35: Hoare triple {50840#true} assume !(2 == ~handle); {50840#true} is VALID [2022-02-20 18:01:27,362 INFO L290 TraceCheckUtils]: 36: Hoare triple {50840#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {50840#true} is VALID [2022-02-20 18:01:27,362 INFO L290 TraceCheckUtils]: 37: Hoare triple {50840#true} assume true; {50840#true} is VALID [2022-02-20 18:01:27,363 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {50840#true} {50840#true} #837#return; {50840#true} is VALID [2022-02-20 18:01:27,363 INFO L290 TraceCheckUtils]: 39: Hoare triple {50840#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {50840#true} is VALID [2022-02-20 18:01:27,363 INFO L272 TraceCheckUtils]: 40: Hoare triple {50840#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {50906#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:27,363 INFO L290 TraceCheckUtils]: 41: Hoare triple {50906#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {50840#true} is VALID [2022-02-20 18:01:27,363 INFO L290 TraceCheckUtils]: 42: Hoare triple {50840#true} assume !(1 == ~handle); {50840#true} is VALID [2022-02-20 18:01:27,364 INFO L290 TraceCheckUtils]: 43: Hoare triple {50840#true} assume !(2 == ~handle); {50840#true} is VALID [2022-02-20 18:01:27,364 INFO L290 TraceCheckUtils]: 44: Hoare triple {50840#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {50840#true} is VALID [2022-02-20 18:01:27,364 INFO L290 TraceCheckUtils]: 45: Hoare triple {50840#true} assume true; {50840#true} is VALID [2022-02-20 18:01:27,364 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {50840#true} {50840#true} #839#return; {50840#true} is VALID [2022-02-20 18:01:27,364 INFO L290 TraceCheckUtils]: 47: Hoare triple {50840#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 26, 0;havoc setup_#t~nondet49#1; {50840#true} is VALID [2022-02-20 18:01:27,364 INFO L290 TraceCheckUtils]: 48: Hoare triple {50840#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {50872#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 18:01:27,365 INFO L290 TraceCheckUtils]: 49: Hoare triple {50872#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume !false; {50872#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 18:01:27,365 INFO L290 TraceCheckUtils]: 50: Hoare triple {50872#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {50872#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 18:01:27,365 INFO L290 TraceCheckUtils]: 51: Hoare triple {50872#(= |ULTIMATE.start_test_~op5~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {50872#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 18:01:27,365 INFO L290 TraceCheckUtils]: 52: Hoare triple {50872#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet86#1 && test_#t~nondet86#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet86#1;havoc test_#t~nondet86#1; {50872#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 18:01:27,366 INFO L290 TraceCheckUtils]: 53: Hoare triple {50872#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume !(0 != test_~tmp___9~0#1); {50872#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 18:01:27,366 INFO L290 TraceCheckUtils]: 54: Hoare triple {50872#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet87#1 && test_#t~nondet87#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet87#1;havoc test_#t~nondet87#1; {50872#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 18:01:27,366 INFO L290 TraceCheckUtils]: 55: Hoare triple {50872#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume !(0 != test_~tmp___8~0#1); {50872#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 18:01:27,366 INFO L290 TraceCheckUtils]: 56: Hoare triple {50872#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume 0 == test_~op3~0#1;assume -2147483648 <= test_#t~nondet88#1 && test_#t~nondet88#1 <= 2147483647;test_~tmp___7~0#1 := test_#t~nondet88#1;havoc test_#t~nondet88#1; {50872#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 18:01:27,367 INFO L290 TraceCheckUtils]: 57: Hoare triple {50872#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume !(0 != test_~tmp___7~0#1); {50872#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 18:01:27,367 INFO L290 TraceCheckUtils]: 58: Hoare triple {50872#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume 0 == test_~op4~0#1;assume -2147483648 <= test_#t~nondet89#1 && test_#t~nondet89#1 <= 2147483647;test_~tmp___6~0#1 := test_#t~nondet89#1;havoc test_#t~nondet89#1; {50872#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 18:01:27,367 INFO L290 TraceCheckUtils]: 59: Hoare triple {50872#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume !(0 != test_~tmp___6~0#1); {50872#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 18:01:27,368 INFO L290 TraceCheckUtils]: 60: Hoare triple {50872#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume !(0 == test_~op5~0#1); {50841#false} is VALID [2022-02-20 18:01:27,368 INFO L290 TraceCheckUtils]: 61: Hoare triple {50841#false} assume !(0 == test_~op6~0#1); {50841#false} is VALID [2022-02-20 18:01:27,368 INFO L290 TraceCheckUtils]: 62: Hoare triple {50841#false} assume !(0 == test_~op7~0#1); {50841#false} is VALID [2022-02-20 18:01:27,368 INFO L290 TraceCheckUtils]: 63: Hoare triple {50841#false} assume !(0 == test_~op8~0#1); {50841#false} is VALID [2022-02-20 18:01:27,368 INFO L290 TraceCheckUtils]: 64: Hoare triple {50841#false} assume !(0 == test_~op9~0#1); {50841#false} is VALID [2022-02-20 18:01:27,368 INFO L290 TraceCheckUtils]: 65: Hoare triple {50841#false} assume !(0 == test_~op10~0#1); {50841#false} is VALID [2022-02-20 18:01:27,368 INFO L290 TraceCheckUtils]: 66: Hoare triple {50841#false} assume !(0 == test_~op11~0#1); {50841#false} is VALID [2022-02-20 18:01:27,368 INFO L290 TraceCheckUtils]: 67: Hoare triple {50841#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret42#1 := puts(22, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {50841#false} is VALID [2022-02-20 18:01:27,368 INFO L272 TraceCheckUtils]: 68: Hoare triple {50841#false} call sendEmail(~bob~0, ~rjh~0); {50841#false} is VALID [2022-02-20 18:01:27,368 INFO L290 TraceCheckUtils]: 69: Hoare triple {50841#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~5#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~5#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {50841#false} is VALID [2022-02-20 18:01:27,369 INFO L272 TraceCheckUtils]: 70: Hoare triple {50841#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {50907#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:27,369 INFO L290 TraceCheckUtils]: 71: Hoare triple {50907#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {50840#true} is VALID [2022-02-20 18:01:27,369 INFO L290 TraceCheckUtils]: 72: Hoare triple {50840#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {50840#true} is VALID [2022-02-20 18:01:27,369 INFO L290 TraceCheckUtils]: 73: Hoare triple {50840#true} assume true; {50840#true} is VALID [2022-02-20 18:01:27,369 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {50840#true} {50841#false} #825#return; {50841#false} is VALID [2022-02-20 18:01:27,369 INFO L290 TraceCheckUtils]: 75: Hoare triple {50841#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {50841#false} is VALID [2022-02-20 18:01:27,369 INFO L290 TraceCheckUtils]: 76: Hoare triple {50841#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {50841#false} is VALID [2022-02-20 18:01:27,369 INFO L290 TraceCheckUtils]: 77: Hoare triple {50841#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~5#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~5#1; {50841#false} is VALID [2022-02-20 18:01:27,369 INFO L290 TraceCheckUtils]: 78: Hoare triple {50841#false} #t~ret75#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret75#1 && #t~ret75#1 <= 2147483647;~tmp~16#1 := #t~ret75#1;havoc #t~ret75#1;~email~0#1 := ~tmp~16#1; {50841#false} is VALID [2022-02-20 18:01:27,370 INFO L272 TraceCheckUtils]: 79: Hoare triple {50841#false} call outgoing(~sender#1, ~email~0#1); {50841#false} is VALID [2022-02-20 18:01:27,370 INFO L290 TraceCheckUtils]: 80: Hoare triple {50841#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~13#1;havoc ~pubkey~0#1;havoc ~tmp___0~4#1; {50841#false} is VALID [2022-02-20 18:01:27,370 INFO L272 TraceCheckUtils]: 81: Hoare triple {50841#false} call #t~ret67#1 := getEmailTo(~msg#1); {50840#true} is VALID [2022-02-20 18:01:27,370 INFO L290 TraceCheckUtils]: 82: Hoare triple {50840#true} ~handle := #in~handle;havoc ~retValue_acc~30; {50840#true} is VALID [2022-02-20 18:01:27,370 INFO L290 TraceCheckUtils]: 83: Hoare triple {50840#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {50840#true} is VALID [2022-02-20 18:01:27,370 INFO L290 TraceCheckUtils]: 84: Hoare triple {50840#true} assume true; {50840#true} is VALID [2022-02-20 18:01:27,370 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {50840#true} {50841#false} #787#return; {50841#false} is VALID [2022-02-20 18:01:27,370 INFO L290 TraceCheckUtils]: 86: Hoare triple {50841#false} assume -2147483648 <= #t~ret67#1 && #t~ret67#1 <= 2147483647;~tmp~13#1 := #t~ret67#1;havoc #t~ret67#1;~receiver~0#1 := ~tmp~13#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~24#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~24#1; {50841#false} is VALID [2022-02-20 18:01:27,370 INFO L290 TraceCheckUtils]: 87: Hoare triple {50841#false} assume 1 == findPublicKey_~handle#1; {50841#false} is VALID [2022-02-20 18:01:27,370 INFO L290 TraceCheckUtils]: 88: Hoare triple {50841#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~24#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~24#1; {50841#false} is VALID [2022-02-20 18:01:27,371 INFO L290 TraceCheckUtils]: 89: Hoare triple {50841#false} #t~ret68#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret68#1 && #t~ret68#1 <= 2147483647;~tmp___0~4#1 := #t~ret68#1;havoc #t~ret68#1;~pubkey~0#1 := ~tmp___0~4#1; {50841#false} is VALID [2022-02-20 18:01:27,371 INFO L290 TraceCheckUtils]: 90: Hoare triple {50841#false} assume !(0 != ~pubkey~0#1); {50841#false} is VALID [2022-02-20 18:01:27,371 INFO L290 TraceCheckUtils]: 91: Hoare triple {50841#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret66#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~12#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {50841#false} is VALID [2022-02-20 18:01:27,371 INFO L290 TraceCheckUtils]: 92: Hoare triple {50841#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {50841#false} is VALID [2022-02-20 18:01:27,371 INFO L290 TraceCheckUtils]: 93: Hoare triple {50841#false} outgoing__wrappee__Keys_#t~ret66#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret66#1 && outgoing__wrappee__Keys_#t~ret66#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~12#1 := outgoing__wrappee__Keys_#t~ret66#1;havoc outgoing__wrappee__Keys_#t~ret66#1; {50841#false} is VALID [2022-02-20 18:01:27,371 INFO L272 TraceCheckUtils]: 94: Hoare triple {50841#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~12#1); {50907#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:27,371 INFO L290 TraceCheckUtils]: 95: Hoare triple {50907#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {50840#true} is VALID [2022-02-20 18:01:27,371 INFO L290 TraceCheckUtils]: 96: Hoare triple {50840#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {50840#true} is VALID [2022-02-20 18:01:27,371 INFO L290 TraceCheckUtils]: 97: Hoare triple {50840#true} assume true; {50840#true} is VALID [2022-02-20 18:01:27,371 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {50840#true} {50841#false} #793#return; {50841#false} is VALID [2022-02-20 18:01:27,372 INFO L290 TraceCheckUtils]: 99: Hoare triple {50841#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret64#1, mail_#t~ret65#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~11#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~11#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 := puts(33, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret77#1; {50841#false} is VALID [2022-02-20 18:01:27,372 INFO L272 TraceCheckUtils]: 100: Hoare triple {50841#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {50840#true} is VALID [2022-02-20 18:01:27,372 INFO L290 TraceCheckUtils]: 101: Hoare triple {50840#true} ~handle := #in~handle;havoc ~retValue_acc~33; {50840#true} is VALID [2022-02-20 18:01:27,372 INFO L290 TraceCheckUtils]: 102: Hoare triple {50840#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~33; {50840#true} is VALID [2022-02-20 18:01:27,372 INFO L290 TraceCheckUtils]: 103: Hoare triple {50840#true} assume true; {50840#true} is VALID [2022-02-20 18:01:27,372 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {50840#true} {50841#false} #795#return; {50841#false} is VALID [2022-02-20 18:01:27,372 INFO L290 TraceCheckUtils]: 105: Hoare triple {50841#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret78#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset := 34, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet79#1; {50841#false} is VALID [2022-02-20 18:01:27,372 INFO L290 TraceCheckUtils]: 106: Hoare triple {50841#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret64#1 := puts(30, 0);assume -2147483648 <= mail_#t~ret64#1 && mail_#t~ret64#1 <= 2147483647;havoc mail_#t~ret64#1; {50841#false} is VALID [2022-02-20 18:01:27,372 INFO L272 TraceCheckUtils]: 107: Hoare triple {50841#false} call mail_#t~ret65#1 := getEmailTo(mail_~msg#1); {50840#true} is VALID [2022-02-20 18:01:27,373 INFO L290 TraceCheckUtils]: 108: Hoare triple {50840#true} ~handle := #in~handle;havoc ~retValue_acc~30; {50840#true} is VALID [2022-02-20 18:01:27,373 INFO L290 TraceCheckUtils]: 109: Hoare triple {50840#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_to0~0;#res := ~retValue_acc~30; {50840#true} is VALID [2022-02-20 18:01:27,373 INFO L290 TraceCheckUtils]: 110: Hoare triple {50840#true} assume true; {50840#true} is VALID [2022-02-20 18:01:27,373 INFO L284 TraceCheckUtils]: 111: Hoare quadruple {50840#true} {50841#false} #797#return; {50841#false} is VALID [2022-02-20 18:01:27,373 INFO L290 TraceCheckUtils]: 112: Hoare triple {50841#false} assume -2147483648 <= mail_#t~ret65#1 && mail_#t~ret65#1 <= 2147483647;mail_~tmp~11#1 := mail_#t~ret65#1;havoc mail_#t~ret65#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~11#1, mail_~msg#1;havoc incoming_#t~ret70#1, incoming_#t~ret71#1, incoming_#t~ret72#1, incoming_#t~ret73#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~14#1, incoming_~tmp___0~5#1, incoming_~tmp___1~2#1, incoming_~tmp___2~1#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~14#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~2#1;havoc incoming_~tmp___2~1#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 := puts(35, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret80#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~5#1.offset := 36, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet81#1; {50841#false} is VALID [2022-02-20 18:01:27,373 INFO L290 TraceCheckUtils]: 113: Hoare triple {50841#false} assume 1 == ~sent_encrypted~0; {50841#false} is VALID [2022-02-20 18:01:27,373 INFO L272 TraceCheckUtils]: 114: Hoare triple {50841#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {50840#true} is VALID [2022-02-20 18:01:27,373 INFO L290 TraceCheckUtils]: 115: Hoare triple {50840#true} ~handle := #in~handle;havoc ~retValue_acc~19; {50840#true} is VALID [2022-02-20 18:01:27,373 INFO L290 TraceCheckUtils]: 116: Hoare triple {50840#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {50840#true} is VALID [2022-02-20 18:01:27,373 INFO L290 TraceCheckUtils]: 117: Hoare triple {50840#true} assume true; {50840#true} is VALID [2022-02-20 18:01:27,374 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {50840#true} {50841#false} #799#return; {50841#false} is VALID [2022-02-20 18:01:27,374 INFO L290 TraceCheckUtils]: 119: Hoare triple {50841#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~17#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret82#1; {50841#false} is VALID [2022-02-20 18:01:27,374 INFO L272 TraceCheckUtils]: 120: Hoare triple {50841#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {50840#true} is VALID [2022-02-20 18:01:27,374 INFO L290 TraceCheckUtils]: 121: Hoare triple {50840#true} ~handle := #in~handle;havoc ~retValue_acc~34; {50840#true} is VALID [2022-02-20 18:01:27,374 INFO L290 TraceCheckUtils]: 122: Hoare triple {50840#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~34; {50840#true} is VALID [2022-02-20 18:01:27,374 INFO L290 TraceCheckUtils]: 123: Hoare triple {50840#true} assume true; {50840#true} is VALID [2022-02-20 18:01:27,374 INFO L284 TraceCheckUtils]: 124: Hoare quadruple {50840#true} {50841#false} #801#return; {50841#false} is VALID [2022-02-20 18:01:27,374 INFO L290 TraceCheckUtils]: 125: Hoare triple {50841#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret83#1; {50841#false} is VALID [2022-02-20 18:01:27,374 INFO L272 TraceCheckUtils]: 126: Hoare triple {50841#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~6#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~17#1); {50840#true} is VALID [2022-02-20 18:01:27,374 INFO L290 TraceCheckUtils]: 127: Hoare triple {50840#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~42;havoc ~__cil_tmp4~4.base, ~__cil_tmp4~4.offset;~__cil_tmp4~4.base, ~__cil_tmp4~4.offset := 32, 0;havoc #t~nondet76; {50840#true} is VALID [2022-02-20 18:01:27,375 INFO L290 TraceCheckUtils]: 128: Hoare triple {50840#true} assume 0 == ~publicKey;~retValue_acc~42 := 0;#res := ~retValue_acc~42; {50840#true} is VALID [2022-02-20 18:01:27,375 INFO L290 TraceCheckUtils]: 129: Hoare triple {50840#true} assume true; {50840#true} is VALID [2022-02-20 18:01:27,375 INFO L284 TraceCheckUtils]: 130: Hoare quadruple {50840#true} {50841#false} #803#return; {50841#false} is VALID [2022-02-20 18:01:27,375 INFO L290 TraceCheckUtils]: 131: Hoare triple {50841#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret84#1; {50841#false} is VALID [2022-02-20 18:01:27,375 INFO L290 TraceCheckUtils]: 132: Hoare triple {50841#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~3#1);assume { :begin_inline___automaton_fail } true; {50841#false} is VALID [2022-02-20 18:01:27,375 INFO L290 TraceCheckUtils]: 133: Hoare triple {50841#false} assume !false; {50841#false} is VALID [2022-02-20 18:01:27,376 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 34 trivial. 0 not checked. [2022-02-20 18:01:27,376 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:01:27,376 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1675776282] [2022-02-20 18:01:27,376 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1675776282] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:01:27,376 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:01:27,376 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:01:27,376 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1197223977] [2022-02-20 18:01:27,377 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:01:27,377 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 14.666666666666666) internal successors, (88), 3 states have internal predecessors, (88), 2 states have call successors, (16), 5 states have call predecessors, (16), 1 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) Word has length 134 [2022-02-20 18:01:27,377 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:01:27,377 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 14.666666666666666) internal successors, (88), 3 states have internal predecessors, (88), 2 states have call successors, (16), 5 states have call predecessors, (16), 1 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:01:27,455 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 118 edges. 118 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:27,456 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:01:27,456 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:01:27,456 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:01:27,456 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:01:27,457 INFO L87 Difference]: Start difference. First operand 2096 states and 3559 transitions. Second operand has 6 states, 6 states have (on average 14.666666666666666) internal successors, (88), 3 states have internal predecessors, (88), 2 states have call successors, (16), 5 states have call predecessors, (16), 1 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14)